Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Analysis ID:1615427
MD5:eecacebd341b235004ba873b857286c6
SHA1:788fd4b0367590185afc8713173aa5a29bb8d2fb
SHA256:ee67aeaa3db0c1f912336fb34da9b7253bb4533568c2c3915ab8149aea256d19
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

PureLog Stealer, zgRAT
Score:42
Range:0 - 100
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected PureLog Stealer
Yara detected zgRAT
Queries Google from non browser process on port 80
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe (PID: 5956 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe" MD5: EECACEBD341B235004BA873B857286C6)
    • SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp (PID: 4040 cmdline: "C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp" /SL5="$20464,13921249,1003008,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe" MD5: D53C5E2C4C2BFBFF94E45CC949138DEF)
      • taskkill.exe (PID: 1396 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5304 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 352 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1732 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 1740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1516 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1196 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 1852 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 3264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4336 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 2412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6072 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 4956 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 5088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 2504 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 2664 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "dpf_ro" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3400 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1784 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 1988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1464 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 3168 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 4996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • DuplicatePhotosFixerPro.exe (PID: 4192 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
        • DPFHelper.exe (PID: 5284 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)
          • conhost.exe (PID: 3332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 3520 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 1820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • schtasks.exe (PID: 1464 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • DuplicatePhotosFixerPro.exe (PID: 732 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstall MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
      • DPFNotifier.exe (PID: 5548 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createschedule MD5: B7D39E8D4904059FC534C356FF7B52B4)
        • DuplicatePhotosFixerPro.exe (PID: 2412 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
          • DPFHelper.exe (PID: 5688 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)
            • conhost.exe (PID: 3176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 5552 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 4340 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • DuplicatePhotosFixerPro.exe (PID: 3616 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" updatecheck MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
  • DPFNotifier.exe (PID: 3744 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" neweventtrigger MD5: B7D39E8D4904059FC534C356FF7B52B4)
  • DPFNotifier.exe (PID: 5956 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup MD5: B7D39E8D4904059FC534C356FF7B52B4)
  • DPFNotifier.exe (PID: 340 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup neweventtrigger MD5: B7D39E8D4904059FC534C356FF7B52B4)
    • DuplicatePhotosFixerPro.exe (PID: 1276 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
      • DPFHelper.exe (PID: 2144 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)
        • conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 6484 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 1216 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • DuplicatePhotosFixerPro.exe (PID: 2916 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)
      • DPFHelper.exe (PID: 2896 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)
        • conhost.exe (PID: 5580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 6396 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 6540 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UERP.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-D7O44.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-M85J7.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
          C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 1 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000002F.00000000.2212411871.0000000000142000.00000002.00000001.01000000.00000014.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000027.00000000.2174022753.0000024ECCC62000.00000002.00000001.01000000.0000000E.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    39.0.DPFHelper.exe.24eccc60000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      47.2.DPFNotifier.exe.4a90000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        47.0.DPFNotifier.exe.140000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              Click to see the 1 entries

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", CommandLine: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3520, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", ProcessId: 1464, ProcessName: schtasks.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2025-02-14T20:45:08.439862+010028033053Unknown Traffic192.168.2.449752142.250.185.13280TCP
                              2025-02-14T20:45:08.748243+010028033053Unknown Traffic192.168.2.449752142.250.185.13280TCP
                              2025-02-14T20:45:14.204134+010028033053Unknown Traffic192.168.2.44978352.222.214.4380TCP
                              2025-02-14T20:45:15.898101+010028033053Unknown Traffic192.168.2.44979552.222.214.4380TCP
                              2025-02-14T20:45:16.305751+010028033053Unknown Traffic192.168.2.44979552.222.214.4380TCP
                              2025-02-14T20:45:16.599850+010028033053Unknown Traffic192.168.2.44979552.222.214.4380TCP
                              2025-02-14T20:45:16.929479+010028033053Unknown Traffic192.168.2.44979552.222.214.4380TCP
                              2025-02-14T20:45:17.216659+010028033053Unknown Traffic192.168.2.44979552.222.214.4380TCP
                              2025-02-14T20:45:18.032690+010028033053Unknown Traffic192.168.2.44981152.222.214.4380TCP
                              2025-02-14T20:45:19.440839+010028033053Unknown Traffic192.168.2.44981752.222.214.4380TCP
                              2025-02-14T20:45:20.394580+010028033053Unknown Traffic192.168.2.449823142.250.185.13280TCP
                              2025-02-14T20:45:21.696297+010028033053Unknown Traffic192.168.2.44984152.222.214.4380TCP
                              2025-02-14T20:45:23.285578+010028033053Unknown Traffic192.168.2.44985552.222.214.4380TCP
                              2025-02-14T20:45:24.433040+010028033053Unknown Traffic192.168.2.44986152.222.214.4380TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for submitted file
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeVirustotal: Detection: 6%Perma Link

                              Compliance

                              barindex
                              Uses 32bit PE files
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              PE / OLE file has a valid certificate
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: certificate valid
                              Uses secure TLS version for HTTPS connections
                              Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.4:49734 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 134.122.121.231:443 -> 192.168.2.4:49736 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.4:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 143.204.98.41:443 -> 192.168.2.4:49879 version: TLS 1.2
                              Contains modern PE file flags such as dynamic base (ASLR) or NX
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Binary contains paths to debug symbols
                              Source: Binary string: /_/MetadataExtractor/obj/Release/net35/MetadataExtractor.pdb source: is-GBGGV.tmp.1.dr
                              Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2008\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: DPFNotifier.exe, DPFNotifier.exe, 0000002F.00000002.2317621317.0000000007B72000.00000002.00000001.01000000.00000017.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750065772.00000212E2A02000.00000002.00000001.01000000.0000001C.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256/ source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.dr
                              Source: Binary string: System.pdb+ source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdbxerPro.pdbpdbPro.pdbuplicatePhotosFixerPro.pdb0 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdb-7F9C-4437-8B11-F424491E3931}\InprocServer32"T source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: PC:\Windows\DuplicatePhotosFixerPro.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: pC:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: .pdb2t source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2755300889.00000212E49B3000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750065772.00000212E2A02000.00000002.00000001.01000000.0000001C.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbl_9 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2742306845.00000212E25F1000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: indows\dll\System.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: E:\MyProject\Products\DuplicatePhotosFixer\MultiFrameworks\trunk\core\ImageListView\ImageListView_v11.0_Source\ImageListView\ImageListView\obj\Release\ImageListView.pdb source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2189329428.000002157CD42000.00000002.00000001.01000000.0000000F.sdmp, is-31QGN.tmp.1.dr
                              Source: Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750450742.00000212E2D62000.00000002.00000001.01000000.0000001D.sdmp
                              Source: Binary string: &C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.pdb@8 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: notifierlib.pdb source: DPFNotifier.exe, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2512179690.000000000641E000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: is-AIKIJ.tmp.1.dr
                              Source: Binary string: C:\Progr.pdb* source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: is-AIKIJ.tmp.1.dr
                              Source: Binary string: DPFNotifier.pdb source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002628000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000000.2212411871.0000000000142000.00000002.00000001.01000000.00000014.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.00000000030F9000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002A29000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.dr
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmp
                              Source: Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdbX source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750450742.00000212E2D62000.00000002.00000001.01000000.0000001D.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdb source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2679732032.00000212DF670000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B547000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA37000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31337000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: /_/MetadataExtractor/obj/Release/net35/MetadataExtractor.pdbSHA256 source: is-GBGGV.tmp.1.dr
                              Source: Binary string: d:\Regclean Pro\rcp\src\UpdateDownload\src\Release\update.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\DuplicatePhotosFixerPro.pdbpdbPro.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2680646296.00000212DF6B1000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749154416.00000212E29B2000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: DPFHelper.pdb source: DPFHelper.exe, 00000027.00000002.2183193390.0000024ECEB26000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 00000027.00000000.2174022753.0000024ECCC62000.00000002.00000001.01000000.0000000E.sdmp, DPFHelper.exe, 00000031.00000002.2261992478.000002AD06B87000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 0000003A.00000002.2348363495.0000021BBDD17000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 00000040.00000002.2431466121.000002B95E927000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: ro.pdbLNP source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmp
                              Source: Binary string: symbols\exe\DuplicatePhotosFixerPro.pdb` source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749154416.00000212E29B2000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: notifierlib.pdbX! source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2512179690.000000000641E000.00000004.00000020.00020000.00000000.sdmp
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 4x nop then jmp 00007FFD9BD7A96Fh44_2_00007FFD9BD7A868

                              Networking

                              barindex
                              Queries Google from non browser process on port 80
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeHTTP traffic: GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET /win/dpf/offerhtm/notifier_view.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/dff.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_dff.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/adu_icon.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_adu.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/tsr_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_tsr-2.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/sav_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_sav.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/vpn_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_vpn.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/rightbackup_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_rb.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/softwareupdater_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_ssu.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /win/dpf/offerhtm/Notifier_dpf1.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/tp_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_tp.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/ts_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_ts.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliate=&isreg=0&isexpired=0&utm_content=none&utm_days=0&hid=-7513362569889602847&langcode=en&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hid=-7513362569889602847&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: Joe Sandbox ViewIP Address: 5.79.122.22 5.79.122.22
                              Source: Joe Sandbox ViewIP Address: 5.79.122.22 5.79.122.22
                              Source: Joe Sandbox ViewIP Address: 165.227.176.158 165.227.176.158
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49811 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49795 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 142.250.185.132:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49841 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49783 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49855 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49817 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49861 -> 52.222.214.43:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49823 -> 142.250.185.132:80
                              Source: global trafficHTTP traffic detected: GET /gethash/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.duplicatephotosfixer.com
                              Source: global trafficHTTP traffic detected: GET /gethash/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.duplicatephotosfixer.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /tempfile/3777781877 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.duplicatephotosfixer.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_campaign=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_medium=newbuild&utm_days=0&appversion=1.3.1086.1004&hid=-7513362569889602847&utm_cid=&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: activate123.comConnection: Keep-Alive
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /gethash/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.duplicatephotosfixer.com
                              Source: global trafficHTTP traffic detected: GET /dpfw/helper/Magick.NET-Q8-AnyCPU.dll HTTP/1.1Accept: */*User-Agent: InnoDownloadPlugin/1.5Host: activate123.comConnection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /gethash/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.duplicatephotosfixer.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /tempfile/3777781877 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.duplicatephotosfixer.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_campaign=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_medium=newbuild&utm_days=0&appversion=1.3.1086.1004&hid=-7513362569889602847&utm_cid=&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: activate123.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET /win/dpf/offerhtm/notifier_view.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/dff.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_dff.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/adu_icon.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_adu.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/tsr_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_tsr-2.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/sav_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_sav.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/vpn_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_vpn.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/rightbackup_logo.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_rb.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/softwareupdater_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_ssu.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /win/dpf/offerhtm/Notifier_dpf1.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/tp_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_tp.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET /setups/dff/utilitykit/images/ts_logo.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /setups/actioncenter/Images/banner_ts.png HTTP/1.1Host: cdn.systweak.com
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliate=&isreg=0&isexpired=0&utm_content=none&utm_days=0&hid=-7513362569889602847&langcode=en&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.baidu.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hid=-7513362569889602847&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-7513362569889602847&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2209472809.000000000A690000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2227835414.000000000A625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ycu=http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp equals www.youtube.com (Youtube)
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2209472809.000000000A690000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2227835414.000000000A625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ytu=http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp& equals www.youtube.com (Youtube)
                              Source: global trafficDNS traffic detected: DNS query: activate123.com
                              Source: global trafficDNS traffic detected: DNS query: www.duplicatephotosfixer.com
                              Source: global trafficDNS traffic detected: DNS query: track.duplicatephotosfixer.com
                              Source: global trafficDNS traffic detected: DNS query: www.google.com
                              Source: global trafficDNS traffic detected: DNS query: offers.systweak.com
                              Source: global trafficDNS traffic detected: DNS query: cdn.systweak.com
                              Source: global trafficDNS traffic detected: DNS query: s1kegmsmob.execute-api.us-east-1.amazonaws.com
                              Source: global trafficDNS traffic detected: DNS query: www.baidu.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 14 Feb 2025 19:44:21 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://127.0.0.1:
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://169.254.169.254
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://169.254.169.254#GCE_METADATA_HOST
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/tokenHhttps://oauth2.goo
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.168.0.61/dpftutorial.com/index.aspx
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7747000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7598000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002882000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.000000000288D000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F95000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/LR
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dll
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B549000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA39000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/lb/update.asp
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B549000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA39000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/misc/update_of.asp
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/notifier/update.asp
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002882000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002860000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F95000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?utm_source=ecuriteInfo.com.Program.Unwanted.5412.327
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.327
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002882000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002860000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F95000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/notifier/update.aspd
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7747000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7595000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7598000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7744000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75C7000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75CB000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B549000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA39000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/update.asp
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteInfo.com.Program.Unwanted.5
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7598000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7528000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/update.asp?p
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000782A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://activate123.com/dpfw/update.asp?utm_term=Setup&utm_source=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000DAC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.54
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7759000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B549000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA39000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7747000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?&utm_days=0&langcode=en&isreg=0&isexpired=0&h
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7747000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?p
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hi
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activate123.comd
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075E6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=7
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075E6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=8
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075E6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=9
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://alternate.downloads.s3.amazonaws.com/testupdatefolder/dpf/rb_advt_en.jpg
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://alternate.downloads.s3.amazonaws.com/testupdatefolder/dpf/usa-offer1.png
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org/mitrich_k/inno-download-plugin
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/downloads/dffw/dffsetupadg_dpfw-adg1.exe?of=dffsetupadg_.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2209472809.000000000A690000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2227835414.000000000A625000.00000004.00000020.00020000.00000000.sdmp, update.ini.1.drString found in binary or memory: http://cdn.systweak.com/downloads/setups/dpfw/dpfsetup_afterupdate_1004.exe
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/runcamps/adusetup_dpf_adu_try.exe
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://cdn.systweak.com/runcamps/adusetupg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://cdn.systweak.com/runcamps/aspsetup_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/runcamps/tp/tpsetup_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/runcamps/tp/tpsetupipg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/runcamps/tp/tpsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecu
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/runcamps/tweakshotsetupg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/runcamps/tweakshotsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-e
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_adu.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7330000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_dff.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_rb.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_sav.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_spe.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_ssu.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_tp.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_ts.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_tsr-2.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_vpn.png
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/baps/adug_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/baps/adug_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecuriteIn
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/baps/dffsetupg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/baps/dffsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecur
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/baps/rbsetup_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/baps/rbsetup_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecurit
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/baps/savsetupg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/baps/savsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecur
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/baps/svpnsetupipg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/baps/svpnsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-e
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007881000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://cdn.systweak.com/setups/df/NDP452.exe
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/adu_icon.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/dff.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/rightbackup_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/sav_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/softwareupdater_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/spe_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/tp_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/ts_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/ts_logo.pngq
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/tsr_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/vpn_logo.png
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://cdn.systweak.com/setups/rcp/rcpg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/rp/ransomwareprotector_dpf_rp_try.exe
                              Source: is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/setups/tsr/tsrsetupipg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/setups/tsr/tsrsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecu
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://cdn.systweak.com/softwareupdater/files/ssusetupg_
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.systweak.com/softwareupdater/files/ssusetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2189734391.000002157CE7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ceak.com/s/dffw/ddg_dpfw-?of=dffs.exe
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cfn.duplicatephotofixer.com
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2247442468.0000000006655000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.000000000768C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cyworld.nate.com/nuclear_mine
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://d1.duplicatephotosfixer.com/paraminfo/?param=
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d1bbcssojg6a2i.cloudfront.net/utilitykit/rbsetup_dpf_try.exe
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/$DownloadWebPage()
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7017000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/jsonBFrmwebBrowsing::getLocationInfo()
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7032000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://keys.systweak.com/freekey/?action=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mitrichsoftware.wordpress.comB
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mtrack.systweak.com/ProductScanTracker/ScanCleanParser.svc/firstbindingaddress
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0A
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/ChristmasOfferhtm/notifier_curent
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/ChristmasOfferhtm/notifier_curent.json
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://offers.systweak.com/win/dpf/PricePage/Price.html
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.0000014710057000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B547000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/notifier1.json
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/notifier1.json6
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/Notifier_dpf
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D44000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003055000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/Notifier_dpf1.json
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/adu_win.html
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/asp_win.html
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/rcp_win.html
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweak.comd
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://offers.systweakD
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://rightbackup.com/eula
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://rightbackup.com/privacypolicy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C762D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1kegmsmob.execute-api.us-east-1.amazonaws.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schema.org/WebPage
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotificationsClasses
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003059000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotificationsClassesd
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotifier
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker;
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerb
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerc
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerd
                              Source: DPFHelper.exe, 00000040.00000002.2431466121.000002B95E92D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.m
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/MS_UploadFeedbackT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/STCheckGenuineness
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/STGetSoftwareCheckUpdateURL
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/STIsCurKeyNeedToExpire
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/STIsKeyGenuine
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/STIsSoftwareGenuine
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/T
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/TU
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/UploadFeedbackT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://systweak.com/UploadFileT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataResponse
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataUsingDataContractResponse
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataUsingDataContractT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/clean_operationResponse
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/clean_operationT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/reportSummaryResponseA
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/reportSummaryT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/scan_operationResponse
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/scan_operationT
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/sendFeedbackResponse
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://tempuri.org/IScanCleanParser/sendFeedbackT
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackApplicationLaunch/?params=
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackApplicationLaunch/?params=l
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackSetupLaunch/?params=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238980597.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B550000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA40000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmx
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmxN
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.0000014710057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmxRSTCheckProd
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://updateservice1.systweak.com/miscservice/miscservice.asmx
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C76D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C76D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750450742.00000212E2D62000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://www.codeproject.com/Articles/16009/A-Much-Easier-to-Use-ListView
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2247442468.0000000006655000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.0000000002172000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.000000000768C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.duplicatefilesfixer.com/PrivacyPolicy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.duplicatefilesfixer.com/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatefilesfixer.com/eula?showlic=1&lang=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatefilesfixer.com/privacypolicyjfrmTrayOfferFixFiles::
                              Source: DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotofixer.com/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471006B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B55B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotofixer.com/eula?showlic=1&lang=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotofixer.com/fhttp://www.duplicatephotosfixer.com/privacy-policy/Rhttp://www.d
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotofixer.com/firstscanned.asp
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=12m
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=3m
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=6m
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.000000000227D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000DE8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000782A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/?
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=A
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&amp&
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D9D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075E6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D93000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000782A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075B2000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&utm_term=Setup&utm_sourc
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007814000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/after-uninstall/?lifeboat=1&utm_term=Setup&marked=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007814000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/after-uninstall/?utm_term=Setup&marked=
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/after-update/?
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000782A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/after-update?utm_content=AfterUpdate&utm_term=Setup&utm_source=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/eula/?showlic=1&lang=
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471006B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B55B000.00000004.00000800.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/gethash/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/gethash/$
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.000000000766F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/?&appversion=1.3.1086.1004&utm_cid=&hid=q
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/?O
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471006B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B55B000.00000004.00000800.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/privacy-policy/?lang=
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.000000000767E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/?
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/?G
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/?P
                              Source: DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/support/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/support/bhttps://www.duplicatephotosfixer.com/contact-us/?
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075E6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.duplicatephotosfixer.com/terms-of-use/?showlic=1&lang=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/user-guide/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.duplicatephotosfixer.com/user-guide/Vhttp://www.lifeboat.jp/support/faq/dph.htmlXhttp://w
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2737341124.00000212E1572000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2737341124.00000212E1572000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2737341124.00000212E1572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471006B000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B55B000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003019000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.0000014710057000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B547000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com(http://www.baidu.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75CB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003019000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003019000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/X
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003019000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/t
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003019000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.comD
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.comd
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.comu
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000000.1754443626.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-E87NG.tmp.1.drString found in binary or memory: http://www.innosetup.com/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.istool.org/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.istool.org/isxdl.aspx
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?G
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?O
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.0000000007861000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?P
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.radarsync.com/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ransomwareprotector.com/eula?showlic=1&lang=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ransomwareprotector.com/terms-of-use/#PrivacyPolicy
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000000.1754443626.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-E87NG.tmp.1.drString found in binary or memory: http://www.remobjects.com/ps
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2737341124.00000212E1572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.000000000322F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: http://www.systweak.com/NagTracking.aspx
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002C77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/NagTracking.aspxX&Y
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.systweak.com/advanced-driver-updater/eula
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/advanced-driver-updater/eula/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/advanced-system-optimizer/eulaLhttp://www.systweak.com/privacy-policy
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.systweak.com/fhttp://www.duplicatephotosfixer.com/privacy-policy/Rhttp://www.duplicatepho
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/independence-day-offer?utm_source=dpf_update&utm_campaign=dpf_update4transpa
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F2000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.systweak.com/privacy-policy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75F6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700059000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2232418971.000001477D6D0000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B54E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2274804131.000001E623BB8000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE810E000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA3E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C3133E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2452278043.0000018C49C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/privacy-policy/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.systweak.com/software-updater/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.systweak.com/systweak-antivirus/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweak.com/systweak-antivirus/eula/Nhttp://www.systweak.com/privacy-policy/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.systweak.com/systweak-vpn/eula
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweakpdfeditor.com/eula/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.systweakpdfeditor.com/privacy-policy/
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tweaking.in/advanced-screen-recorder/eula/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.tweaking.in/privacy-policy/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7344000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.tweaking.in/tweakshot-screen-recorder/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.tweaking.in/tweakshot/buynow/?coupon=20per-glb&redirect=1&
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.tweaking.in/tweakshot/eula/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tweaking.in/tweakshot/eula/.GetDetails_TweakShot
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C736C000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmp, is-CVRUT.tmp.1.drString found in binary or memory: http://www.tweakpass.com/eula/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tweakpass.com/eula/Lhttp://www.tweaking.in/privacy-policy/.GetDetails_TweakPass
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2737341124.00000212E1572000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C76EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.wshifen.com
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2247442468.0000000006655000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.000000000768C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.yildizyazilim.gen.tr%1
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2209472809.000000000A690000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2227835414.000000000A625000.00000004.00000020.00020000.00000000.sdmp, update.ini.1.drString found in binary or memory: http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2209472809.000000000A690000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2227835414.000000000A625000.00000004.00000020.00020000.00000000.sdmp, update.ini.1.drString found in binary or memory: http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&
                              Source: DPFNotifier.exe, 0000002F.00000002.2314925045.0000000006F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://y31uv4ra1.vo.llnwd.net/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.box.com/api/oauth2/authorize?client_id=
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/v2/authIhttps://oauth2.googleapis.com/revoke)certificatesLocati
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.com
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238980597.0000000000A23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2229281649.000000000AB4C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.000000000784B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000AAE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2230995411.00000000077A3000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.1.drString found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dll
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dllAA
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.00000000027F2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.00000000032B2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002BE2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteInfo.com.Program.Unwanted.
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.
                              Source: DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://activate123.comLR
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/runcamps/setups/spesetupipg_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/baps/aip_aipsite-default.exe?of=aip.exe
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/baps/aso3setup_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/baps/posetup_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/baps/sdcsetupg_sdc_site-default.exe?of=sdcsetupg_.exe
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/dffw/baps/dffsetupg_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/dpfw/baps/dpfsetupg_dpfw-site.exe?of=dpfsetupg_.exe
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/setups/photosrecovery/setups/phrecsetup_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.systweak.com/softwareupdater/files/ssusetupg_systweak-default.exe?of=ssusetupg_.exe
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.tweaking.in/runcamps/setups/apmsetupg_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C777E000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C775B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.tweaking.in/setups/asr/asrsetupipg_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://checkout.paddle.com/api/2.0/prices/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C76D6000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.000000000302C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000003035000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2482153555.0000000002D2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentials
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentialsRhttps://accounts.google.
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://developers.google.com/api-client-library/dotnet/apis/drive/v3
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://developers.google.com/identity/protocols/oauth2/index.html#4.-send-the-access-token-to-an-ap
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/terms/api-services-user-data-policy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g4a2uta3m.vo.llnwd.net/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://github.com/google/google-api-dotnet-client/tree/master/Src/Generated
                              Source: is-V41V4.tmp.1.drString found in binary or memory: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://is.systweak.com/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, is-U8QON.tmp.1.drString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://oauth2.googleapis.com/token
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-4530e108b6.ttf
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-74fcdd51ab.svg#iconfont
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-840387fb42.woff
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot?#iefix
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C701F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pss.bdstatic.com/static/superman/font/iconfont-fa013548a9.woff2
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rightbackup.com/PrivacyPolicy#EULAdhttp://rightbackup.com/privacypolicy#PrivacyPolicy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C762D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.exe
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.exec
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C762D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75AA000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C75AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D701A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=(ThreadProductTr
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C762D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn%26launchty
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C762D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn&launchtype
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C7528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn=AppLaunch&
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.advancedpdfmanager.com/eula/dhttps://www.advancedpdfmanager.com/privacy-policy/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.advancedpdfmanager.com/price-3/?coupon=20per-glb&
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2212960993.0000000007945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatefilesfixer.com/eulabhttps://www.duplicatefilesfixer.com/privacypolicy
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.000000000227D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000DE8000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2691232229.00000212DFDA7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8D66000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D8366000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7E66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D90D5000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D81D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/EULA.aspx
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/Hhttp://www.duplicatephotosfixer.com/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/_
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/boxcloud-authorize/?0BoxCloudWrapper::
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/contact-us/&ShowGiveAwayForm::
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/contact-us/Vhttp://www.lifeboat.jp/support/faq/dph.html
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/dropbox-authorize-v2/?PcDropboxscan::GeneratedAuthenticationURL
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000A89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075BE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2073376959.000000000A5EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2237709746.000000000A5E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/eula/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1805610285.000000000A5BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/gethash/
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/gethash/1
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2245066424.000000000A590000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/gethash/H
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1805610285.000000000A5BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/gethash/WC:
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/price_pc/?Nhttp://activate123.com/dpfw/update.asp?Vhttps://chec
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D90D5000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D81D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.duplicatephotosfixer.com/privacy-policy
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: https://www.globalsign.com/repository/0
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.appdataUhttps://www.googleapis.com/auth/drive.file
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.metadatanhttps://www.googleapis.com/auth/drive.metadata.readon
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.metadataohttps://www.googleapis.com/auth/drive.metadata.readon
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.readonly
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.readonlyZhttps://www.googleapis.com/auth/drive.scripts
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/drive.scripts
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/auth/driveZhttps://www.googleapis.com/auth/drive.appdataThttps://www.goog
                              Source: is-V41V4.tmp.1.drString found in binary or memory: https://www.googleapis.com/auth/iam
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750065772.00000212E2A02000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://www.googleapis.com/batch
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/batch/drive/v3
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.googleapis.com/drive/v3/
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://www.googleapis.com/oauth2/v3/certs%validationSettingsSJWT
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.drString found in binary or memory: https://www.gstatic.com/iap/verify/public_key-jwk
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1748318687.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.00000000021F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000A89000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2232799380.00000000075BE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.1756317548.00000000035B0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2073376959.000000000A5EA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2237709746.000000000A5E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2234677653.0000000000D32000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.maxivpn.com/legal/privacy.html.
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000002.2239338429.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-U8QON.tmp.1.dr, is-E87NG.tmp.1.dr, is-31QGN.tmp.1.drString found in binary or memory: https://www.systweak.com/
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.0000014710057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B547000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.systweak.com/actissue.aspx?productid=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: https://www.systweak.com/advanced-driver-updater/eula
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: https://www.systweak.com/advanced-system-protector/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.systweak.com/photo-organizer/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.systweak.com/photos-recovery/eulaNhttps://www.systweak.com/privacy-policy8GetDetails_Pho
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: https://www.systweak.com/privacy-policy
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2504626722.00000212C70ED000.00000004.00000800.00020000.00000000.sdmp, plan.json.partial.44.drString found in binary or memory: https://www.systweak.com/registry-cleaner/eula
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/eula/Nhttps://www.tweaking.in/privacy-policy/(Advan
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/price/?coupon=20per-glb&redirect=1&B&utm_source=
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/price/?coupon=20per-glb&redirect=1&zhttps://www.adv
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.4:49734 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 134.122.121.231:443 -> 192.168.2.4:49736 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.4:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 143.204.98.41:443 -> 192.168.2.4:49879 version: TLS 1.2

                              System Summary

                              barindex
                              Malicious sample detected (through community Yara rule)
                              Source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPEDMatched rule: Detects zgRAT Author: ditekSHen
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 37_2_00007FFD9B8B5B3537_2_00007FFD9B8B5B35
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B88F79544_2_00007FFD9B88F795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA97B2A44_2_00007FFD9BA97B2A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA910FA44_2_00007FFD9BA910FA
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA910D144_2_00007FFD9BA910D1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BB622D944_2_00007FFD9BB622D9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BD7402944_2_00007FFD9BD74029
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A938C447_2_04A938C4
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A96C2B47_2_04A96C2B
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A9205047_2_04A92050
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A981D447_2_04A981D4
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A9596847_2_04A95968
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_00780C7847_2_00780C78
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_0078D4E047_2_0078D4E0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_00780C5047_2_00780C50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F877047_2_059F8770
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F360847_2_059F3608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F421047_2_059F4210
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F326847_2_059F3268
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F385447_2_059F3854
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059FD40047_2_059FD400
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F37A747_2_059F37A7
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F37E747_2_059F37E7
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F876347_2_059F8763
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F369447_2_059F3694
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F36AC47_2_059F36AC
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F360647_2_059F3606
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F360847_2_059F3608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F420047_2_059F4200
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F3CBF47_2_059F3CBF
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F3BF647_2_059F3BF6
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F3B0447_2_059F3B04
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F3B2547_2_059F3B25
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B415A847_2_07B415A8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B45CD247_2_07B45CD2
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B4586047_2_07B45860
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B4927847_2_07B49278
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B4595F47_2_07B4595F
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B4586047_2_07B45860
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D237A947_2_07D237A9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2056847_2_07D20568
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2548847_2_07D25488
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2C16047_2_07D2C160
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2EA8047_2_07D2EA80
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D24A8747_2_07D24A87
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2BAB047_2_07D2BAB0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2055747_2_07D20557
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2547847_2_07D25478
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2C15147_2_07D2C151
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D24E3047_2_07D24E30
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D24E2047_2_07D24E20
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2EAD447_2_07D2EAD4
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2BAA047_2_07D2BAA0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2EA7047_2_07D2EA70
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D248A047_2_07D248A0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A959FF47_2_04A959FF
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_04A947CB47_2_04A947CB
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B8A9FE848_2_00007FFD9B8A9FE8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B89F79548_2_00007FFD9B89F795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B8B1DEF48_2_00007FFD9B8B1DEF
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeCode function: 49_2_00007FFD9B88839349_2_00007FFD9B888393
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 54_2_02ECD4E054_2_02ECD4E0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 54_2_02EC0C7854_2_02EC0C78
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 54_2_02EC107254_2_02EC1072
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 54_2_02EC0C5054_2_02EC0C50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_00E2D4E055_2_00E2D4E0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_00E20C7855_2_00E20C78
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_00E20C5055_2_00E20C50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1879055_2_05E18790
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1360855_2_05E13608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1385655_2_05E13856
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1326855_2_05E13268
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1422055_2_05E14220
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E13CC155_2_05E13CC1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E13C8455_2_05E13C84
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E137E955_2_05E137E9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E137A955_2_05E137A9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1878155_2_05E18781
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E136AC55_2_05E136AC
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1369455_2_05E13694
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1360855_2_05E13608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1360055_2_05E13600
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E13BF855_2_05E13BF8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E13B2755_2_05E13B27
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E13B0655_2_05E13B06
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1325855_2_05E13258
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 55_2_05E1421055_2_05E14210
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0291D4E056_2_0291D4E0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_02910C7856_2_02910C78
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_02910C5056_2_02910C50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0291107256_2_02911072
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0616022456_2_06160224
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0616044856_2_06160448
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0616021856_2_06160218
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_0616203056_2_06162030
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A360856_2_061A3608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A879056_2_061A8790
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A422056_2_061A4220
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A326856_2_061A3268
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A385656_2_061A3856
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A360056_2_061A3600
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A360856_2_061A3608
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A369456_2_061A3694
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A36AC56_2_061A36AC
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A878356_2_061A8783
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A37A956_2_061A37A9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A37E956_2_061A37E9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A421056_2_061A4210
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A325856_2_061A3258
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A3C8456_2_061A3C84
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A3CC156_2_061A3CC1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A3B0656_2_061A3B06
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A3B2756_2_061A3B27
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_061A3BF856_2_061A3BF8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E27E956_2_077E27E9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E460756_2_077E4607
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E957056_2_077E9570
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077EC58056_2_077EC580
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E442056_2_077E4420
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E336056_2_077E3360
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E81B056_2_077E81B0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E500856_2_077E5008
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077ECC2856_2_077ECC28
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077EC57256_2_077EC572
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E956056_2_077E9560
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E95C456_2_077E95C4
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E335056_2_077E3350
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E7F5056_2_077E7F50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E4FF856_2_077E4FF8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077EEC5056_2_077EEC50
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077ECC1856_2_077ECC18
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E7B0356_2_077E7B03
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E49B056_2_077E49B0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_077E49A056_2_077E49A0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3063056_2_07E30630
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3261256_2_07E32612
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3B4EE56_2_07E3B4EE
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E371E056_2_07E371E0
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3004056_2_07E30040
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3AE9856_2_07E3AE98
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3772856_2_07E37728
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3062656_2_07E30626
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3141456_2_07E31414
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3132D56_2_07E3132D
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3020156_2_07E30201
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E300D156_2_07E300D1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3003F56_2_07E3003F
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3AE9856_2_07E3AE98
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3AEE356_2_07E3AEE3
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3AE8956_2_07E3AE89
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E4339F56_2_07E4339F
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 57_2_00007FFD9B8A9FE857_2_00007FFD9B8A9FE8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 57_2_00007FFD9B8B1DEF57_2_00007FFD9B8B1DEF
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 57_2_00007FFD9B89F79557_2_00007FFD9B89F795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 57_2_00007FFD9B8B7DF657_2_00007FFD9B8B7DF6
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 57_2_00007FFD9B8B8BA257_2_00007FFD9B8B8BA2
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeCode function: 58_2_00007FFD9B8B839358_2_00007FFD9B8B8393
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeCode function: 58_2_00007FFD9B8B8F7E58_2_00007FFD9B8B8F7E
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 63_2_00007FFD9B889FE863_2_00007FFD9B889FE8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 63_2_00007FFD9B87F79563_2_00007FFD9B87F795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 63_2_00007FFD9B891DEF63_2_00007FFD9B891DEF
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                              Source: is-E87NG.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2252909252.0000000002258000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1753182181.000000007FBA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000000.1747616137.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.1750855518.0000000002530000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeBinary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPEDMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                              Source: classification engineClassification label: mal42.troj.evad.winEXE@102/135@8/7
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E31AB0 GetDiskFreeSpaceExW,56_2_07E31AB0
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer ProJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6420:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1988:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2016:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5088:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2412:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3264:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1740:120:WilError_03
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMutant created: \Sessions\1\BaseNamedObjects\Global\DuplicatePhotosFixerPro_E9AC93B9-E733-40A8-9338-47A4909521B7
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2944:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2112:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2208:120:WilError_03
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexDuplicatePhotosFixerPro_1
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3332:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1220:120:WilError_03
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMutant created: NULL
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4996:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1820:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5580:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2724:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3176:120:WilError_03
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpMutant created: \Sessions\1\BaseNamedObjects\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Duplicate Photos Fixer Pro_setup
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMutant created: \Sessions\1\BaseNamedObjects\Global\DuplicatePhotosFixerPro_97BEA57A-0FC2-42EF-BA0F-95E4CD0D05FA
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2664:120:WilError_03
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexDPFNotifier_OutOfMemorylog
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3352:120:WilError_03
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeFile created: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmpJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select count(*) as 'TotalDuplicatePhotos', count(distinct d.groupnumber) as 'TotalDuplicateGroups', total(case when isMark=1 then e.filesize else 0 end ) as 'TotalDuplicateMarkPhotosSize', total(case when isMark=1 then 1 else 0 end) as 'TotalDuplicateMarkPhotos' from DupImageFileLog as d join exifInfo e on e.id=d.exifid where d.groupnumber>0(TotalDuplicatePhotos(TotalDuplicateGroups0TotalDuplicateMarkPhotos8TotalDuplicateMarkPhotosSizev SelectionAssistant :: UpdateAndShowDuplicateCountFromDB : \UPDATE {0} SET IsMark= {1} where {2} in ({3});Ddelete from {0} where {1} in ({2})
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select d.key from DupImageFileLog as d join (select groupnumber, count(*) as 'ItmesCount' from DupImageFileLog where groupnumber>0 group by groupnumber having ItmesCount=1) as t1 on t1.groupnumber=d.groupnumber` SelectionAssistant :: removeSingleGroupItems : RUPDATE {0} SET {1}= 0 where {2} in ({3});nUPDATE {0} SET {1} = {2}, isMark=0 where {3} in ({4});:DPF_RESULT_UC_UNMARK_ALL_TEXT
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7023000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: select d.key from DupImageFileLog as d join (select groupnumber, count(*) as 'ItmesCount' from DupImageFileLog where groupnumber>0 group by groupnumber having ItmesCount=1) as t1 on t1.groupnumber=d.groupnumber` SelectionAssistant :: removeSingleGroupItems : RUPDATE {0} SET {1}= 0 where {2} in ({3});nUPDATE {0} SET {1} = {2}, isMark=0 where {3} in ({4});-
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeVirustotal: Detection: 6%
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeString found in binary or memory: /LOADINF="filename"
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe"
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp "C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp" /SL5="$20464,13921249,1003008,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe"
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /f
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /f
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "dpf_ro" /f
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /f
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /f
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /f
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /f
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: unknownProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" updatecheck
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstall
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createschedule
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: unknownProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" neweventtrigger
                              Source: unknownProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup
                              Source: unknownProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup neweventtrigger
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp "C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp" /SL5="$20464,13921249,1003008,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macidJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstallJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createscheduleJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdateJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: winsta.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: shfolder.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: msftedit.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: windows.globalization.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: bcp47mrm.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: globinputhost.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: dwmapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: schannel.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: dpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: gpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: windows.ui.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: windowmanagementapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: inputhost.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: explorerframe.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windowscodecs.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dwrite.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dwmapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: textshaping.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dataexchange.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: d3d11.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dcomp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: dxgi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: twinapi.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: msvcp140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: textinputframework.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: coreuicomponents.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: coremessaging.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ntmarta.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: coremessaging.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wininet.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: dwrite.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wtsapi32.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: winsta.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wininet.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: taskschd.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: sxs.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: xmllite.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: apphelp.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: uxtheme.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile written: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\info.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpWindow found: window name: TMainFormJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: Next >
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: Next >
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: Next >
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: I accept the agreement
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpAutomated click: Next >
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: certificate valid
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic file information: File size 14904392 > 1048576
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                              Source: Binary string: /_/MetadataExtractor/obj/Release/net35/MetadataExtractor.pdb source: is-GBGGV.tmp.1.dr
                              Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2008\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: DPFNotifier.exe, DPFNotifier.exe, 0000002F.00000002.2317621317.0000000007B72000.00000002.00000001.01000000.00000017.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750065772.00000212E2A02000.00000002.00000001.01000000.0000001C.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256/ source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.dr
                              Source: Binary string: System.pdb+ source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdbxerPro.pdbpdbPro.pdbuplicatePhotosFixerPro.pdb0 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdb-7F9C-4437-8B11-F424491E3931}\InprocServer32"T source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: PC:\Windows\DuplicatePhotosFixerPro.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: pC:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: .pdb2t source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2755300889.00000212E49B3000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750065772.00000212E2A02000.00000002.00000001.01000000.0000001C.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbl_9 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2742306845.00000212E25F1000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: indows\dll\System.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2746405286.00000212E26BD000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: E:\MyProject\Products\DuplicatePhotosFixer\MultiFrameworks\trunk\core\ImageListView\ImageListView_v11.0_Source\ImageListView\ImageListView\obj\Release\ImageListView.pdb source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2189329428.000002157CD42000.00000002.00000001.01000000.0000000F.sdmp, is-31QGN.tmp.1.dr
                              Source: Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750450742.00000212E2D62000.00000002.00000001.01000000.0000001D.sdmp
                              Source: Binary string: &C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.pdb@8 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: notifierlib.pdb source: DPFNotifier.exe, DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2512179690.000000000641E000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.PDB source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: is-AIKIJ.tmp.1.dr
                              Source: Binary string: C:\Progr.pdb* source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: is-AIKIJ.tmp.1.dr
                              Source: Binary string: DPFNotifier.pdb source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002628000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000000.2212411871.0000000000142000.00000002.00000001.01000000.00000014.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.00000000030F9000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002A29000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2748405464.00000212E2982000.00000002.00000001.01000000.00000019.sdmp, is-V41V4.tmp.1.dr
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749535506.00000212E29D2000.00000002.00000001.01000000.0000001B.sdmp
                              Source: Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdbX source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2750450742.00000212E2D62000.00000002.00000001.01000000.0000001D.sdmp
                              Source: Binary string: DuplicatePhotosFixerPro.pdb source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmp, DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2679732032.00000212DF670000.00000004.00000020.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2217814780.0000014700057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000030.00000002.2269398551.000001E60B547000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000039.00000002.2366031026.000001BCCFA37000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C31337000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: /_/MetadataExtractor/obj/Release/net35/MetadataExtractor.pdbSHA256 source: is-GBGGV.tmp.1.dr
                              Source: Binary string: d:\Regclean Pro\rcp\src\UpdateDownload\src\Release\update.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\DuplicatePhotosFixerPro.pdbpdbPro.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2680646296.00000212DF6B1000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749154416.00000212E29B2000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: DPFHelper.pdb source: DPFHelper.exe, 00000027.00000002.2183193390.0000024ECEB26000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 00000027.00000000.2174022753.0000024ECCC62000.00000002.00000001.01000000.0000000E.sdmp, DPFHelper.exe, 00000031.00000002.2261992478.000002AD06B87000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 0000003A.00000002.2348363495.0000021BBDD17000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 00000040.00000002.2431466121.000002B95E927000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: ro.pdbLNP source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2213453466.00000000035B0000.00000004.00001000.00020000.00000000.sdmp
                              Source: Binary string: symbols\exe\DuplicatePhotosFixerPro.pdb` source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2478896859.000000FE891F4000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2749154416.00000212E29B2000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: notifierlib.pdbX! source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002755000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.0000000003228000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2512179690.000000000641E000.00000004.00000020.00020000.00000000.sdmp
                              Source: Magick.NET-Q8-AnyCPU.dll.1.drStatic PE information: 0xBD5E40D3 [Thu Sep 4 15:40:03 2070 UTC]
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeStatic PE information: section name: .didata
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.drStatic PE information: section name: .didata
                              Source: is-E87NG.tmp.1.drStatic PE information: section name: .didata
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpCode function: 1_2_009F55A3 push A0080072h; retf 1_2_009F55A9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 37_2_00007FFD9B8B8823 push edx; iretd 37_2_00007FFD9B8B882B
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 37_2_00007FFD9B8B7969 push ebx; retf 37_2_00007FFD9B8B796A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 37_2_00007FFD9B8B8169 push ebx; ret 37_2_00007FFD9B8B816A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 37_2_00007FFD9B8BE084 push B9000000h; retf 0000h37_2_00007FFD9B8BE099
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B76D2A5 pushad ; iretd 44_2_00007FFD9B76D2A6
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B888823 push edx; iretd 44_2_00007FFD9B88882B
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B888169 push ebx; ret 44_2_00007FFD9B88816A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B887969 push ebx; retf 44_2_00007FFD9B88796A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B8921E9 push ebx; retf 44_2_00007FFD9B8921EA
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA93AB2 push eax; iretd 44_2_00007FFD9BA93AB5
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA909FA push ebx; ret 44_2_00007FFD9BA90A0A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BA97DD1 push esp; iretd 44_2_00007FFD9BA97DD2
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BC0A7D4 push edi; retf 44_2_00007FFD9BC0A7DA
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BC022E6 push ds; ret 44_2_00007FFD9BC022E8
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BC09949 push 8B485C2Dh; retf 44_2_00007FFD9BC09960
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BC008B8 pushad ; iretd 44_2_00007FFD9BC008B9
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9BC0B866 push ecx; retf 44_2_00007FFD9BC0B86A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 46_2_00007FFD9B8A8823 push edx; iretd 46_2_00007FFD9B8A882B
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 46_2_00007FFD9B8A7969 push ebx; retf 46_2_00007FFD9B8A796A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 46_2_00007FFD9B8A8169 push ebx; ret 46_2_00007FFD9B8A816A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_0078454C push cs; retf 47_2_0078454F
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_00784503 push esp; retf 47_2_00784509
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F079F push FFFFFFE9h; ret 47_2_059F07A1
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_059F0006 pushfd ; retf 47_2_059F0039
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07B43EFB push ecx; ret 47_2_07B43EFC
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 47_2_07D2E873 pushfd ; retf 47_2_07D2E874
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B898823 push edx; iretd 48_2_00007FFD9B89882B
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B897969 push ebx; retf 48_2_00007FFD9B89796A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B898169 push ebx; ret 48_2_00007FFD9B89816A
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 48_2_00007FFD9B8AA291 push esp; iretd 48_2_00007FFD9B8AA292
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-U8QON.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET.Core.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\AppResource.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-D7O44.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UERP.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-E87NG.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-ME4O5.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-O72F0.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-VCBPG.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.PlatformServices.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Data.SQLite.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\isxdl.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\unins000.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\dpfptt.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Dropbox.Api.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-M85J7.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-P9H9A.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-T6QRS.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-U04KK.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-IC0O6.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-GBGGV.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Threading.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-8HQM9.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\XmpCore.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\idp.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-AIKIJ.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-OJE96.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-V41V4.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll (copy)Jump to dropped file
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeFile created: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-31QGN.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-571DQ.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\MetadataExtractor.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\ProgramData\DownloadComponents\Magick.NET-Q8-AnyCPU.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\_isetup\_setup64.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHBKR.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-HH60O.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-3JQB0.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET-Q8-AnyCPU.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Newtonsoft.Json.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\SQLite.Interop.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\ProgramData\DownloadComponents\Magick.NET-Q8-AnyCPU.dllJump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /f
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer ProJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro\Duplicate Photos Fixer Pro.lnkJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro\Uninstall Duplicate Photos Fixer Pro.lnkJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolveJump to behavior
                              Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name, macaddress from Win32_NetworkAdapter where netconnectionid<>NULL and macaddress<>NULL and Manufacturer <> 'Microsoft' AND NOT PNPDeviceID LIKE 'ROOT\\%'
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 21562BF0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 2157C620000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 24ECCFC0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 24EE6AE0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 212C5340000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 212DEFB0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1477B590000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1477CEA0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 780000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2540000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2360000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1E609A10000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1E6234F0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 2AD050E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 2AD1EB30000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2E60000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 3000000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 5000000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: E20000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2930000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 4930000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2910000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2C50000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeMemory allocated: 2980000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1BCCE160000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 1BCE79E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 21BBC4D0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 21BD5CC0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 18C31250000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: 18C492E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 2B95CEE0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeMemory allocated: 2B9768D0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeCode function: 44_2_00007FFD9B88F691 sldt word ptr [eax]44_2_00007FFD9B88F691
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599618
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599484
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599341
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599228
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599113
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598560
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598406
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598281
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598145
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597987
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597864
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597722
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597594
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597484
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597233
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597027
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 596859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 596575
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595969
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595827
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595707
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595563
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595375
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595181
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595025
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594904
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594783
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594670
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594561
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594438
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594313
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594202
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594091
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593945
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593828
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593472
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593355
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593148
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593031
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592920
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592672
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592562
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592453
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592343
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592231
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592109
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591890
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591766
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591641
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591525
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591406
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591297
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599890
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599782
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599657
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599532
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599407
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599282
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599172
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599061
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598953
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598844
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598485
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598360
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598235
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598110
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597985
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597860
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597485
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597360
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597240
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597098
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596969
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596631
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596473
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596352
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596208
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596079
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595954
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595829
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595704
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595579
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595454
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595329
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595190
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595063
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594953
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594843
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594346
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593965
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593858
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593640
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWindow / User API: threadDelayed 3406
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWindow / User API: threadDelayed 6290
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeWindow / User API: threadDelayed 413
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeWindow / User API: threadDelayed 4676
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeWindow / User API: threadDelayed 5144
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET.Core.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-U8QON.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-8HQM9.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\XmpCore.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\idp.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\AppResource.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-AIKIJ.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-OJE96.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-V41V4.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-ME4O5.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-O72F0.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-31QGN.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-VCBPG.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.PlatformServices.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Data.SQLite.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\isxdl.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-571DQ.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\MetadataExtractor.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\dpfptt.exe (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\ProgramData\DownloadComponents\Magick.NET-Q8-AnyCPU.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S29N8.tmp\_isetup\_setup64.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Dropbox.Api.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-P9H9A.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-M85J7.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHBKR.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-T6QRS.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-HH60O.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-U04KK.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET-Q8-AnyCPU.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-3JQB0.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\SQLite.Interop.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Newtonsoft.Json.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-IC0O6.tmpJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Threading.dll (copy)Jump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpDropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-GBGGV.tmpJump to dropped file
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 2472Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 2016Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -35971150943733603s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -600000s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599859s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599750s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599618s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599484s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599341s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599228s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -599113s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -598560s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -598406s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -598281s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -598145s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597987s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597864s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597722s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597594s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597484s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597233s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -597027s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -596859s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -596575s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595969s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595827s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595707s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595563s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595375s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595181s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -595025s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594904s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594783s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594670s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594561s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594438s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594313s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594202s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -594091s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593945s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593828s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593472s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593355s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593148s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -593031s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592920s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592795s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592672s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592562s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592453s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592343s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592231s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592109s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -592000s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591890s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591766s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591641s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591525s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591406s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 736Thread sleep time: -591297s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 6072Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 2640Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 3496Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 1888Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 2024Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 4088Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 2032Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -29514790517935264s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -600000s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599890s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599782s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599657s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599532s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599407s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599282s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599172s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -599061s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598953s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598844s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598735s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598610s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598485s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598360s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598235s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -598110s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597985s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597860s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597735s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597610s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597485s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597360s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597240s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -597098s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596969s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596859s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596750s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596631s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596473s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596352s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596208s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -596079s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595954s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595829s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595704s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595579s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595454s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595329s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595190s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -595063s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -594953s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -594843s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -594735s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -594610s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -594346s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -593965s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -593858s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -593750s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 5888Thread sleep time: -593640s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 2472Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 2212Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 2148Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 6400Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name,Manufacturer,SMBIOSBIOSVersion,SerialNumber,ReleaseDate from Win32_BIOS
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Product,Manufacturer,SerialNumber,Version from Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Model FROM Win32_BaseBoard
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Model,Manufacturer from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599618
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599484
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599341
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599228
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 599113
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598560
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598406
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598281
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 598145
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597987
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597864
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597722
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597594
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597484
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597233
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 597027
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 596859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 596575
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595969
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595827
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595707
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595563
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595375
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595181
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 595025
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594904
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594783
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594670
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594561
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594438
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594313
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594202
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 594091
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593945
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593828
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593472
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593355
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593148
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 593031
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592920
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592795
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592672
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592562
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592453
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592343
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592231
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592109
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 592000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591890
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591766
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591641
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591525
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591406
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 591297
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 600000
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599890
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599782
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599657
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599532
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599407
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599282
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599172
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 599061
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598953
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598844
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598485
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598360
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598235
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 598110
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597985
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597860
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597485
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597360
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597240
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 597098
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596969
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596859
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596631
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596473
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596352
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596208
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 596079
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595954
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595829
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595704
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595579
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595454
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595329
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595190
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 595063
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594953
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594843
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594735
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594610
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 594346
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593965
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593858
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593750
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeThread delayed: delay time: 593640
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpFile opened: C:\Users\user\AppDataJump to behavior
                              Source: DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B547000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VIRTUALevmwarefVirtualBox
                              Source: DPFNotifier.exe, 0000002F.00000002.2312715765.0000000005A68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: DuplicatePhotosFixerPro.exe, 0000003F.00000002.2448489235.0000018C313D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000AC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: DPFNotifier.exe, 0000002F.00000002.2312715765.0000000005A68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                              Source: DuplicatePhotosFixerPro.exe, 00000039.00000002.2370164355.000001BCE8199000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2187275297.0000021564738000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware2y
                              Source: DuplicatePhotosFixerPro.exe, 00000030.00000002.2273887690.000001E61B54D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {0}, {1}aCaptionbSELECT Manufacturer, Model FROM Win32_BaseBoardcSystem Product Name0IDS_NO_DETAILS_AVAILABLEdvirtualgselect Name from Win32_ProcessorkSELECT Description FROM Win32_DisplayConfigurationlDescription<ucSystemInfo:: GetSystemInfo: &IsVirtualMachine:: mSELECT LastBootUpTime FROM Win32_OperatingSystem WHERE Primary='true'nLastBootUpTime.cSystemInfo:: GetLogo: hOther
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.000001471005D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Description<ucSystemInfo:: GetSystemInfo: &IsVirtualMachine::
                              Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000001.00000003.2238018181.0000000000AC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWLmh
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: xca78TK4vHGfSTMPKU7X
                              Source: DPFNotifier.exe, 0000002F.00000002.2312715765.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2512179690.00000000063A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: DuplicatePhotosFixerPro.exe, 0000002C.00000002.2680646296.00000212DF6B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeCode function: 56_2_07E3AE98 LdrInitializeThunk,56_2_07E3AE98
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /fJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macidJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstallJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createscheduleJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdateJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"Jump to behavior
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeProcess created: unknown unknown
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeProcess created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"Jump to behavior
                              Source: DuplicatePhotosFixerPro.exe, 00000025.00000002.2188719191.0000021574630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002C.00000002.2539132090.00000212D7007000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002E.00000002.2220670782.0000014710057000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                              Source: DPFNotifier.exe, 0000002F.00000002.2289569237.0000000002829000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000036.00000002.2331902294.00000000032E9000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.2335024915.0000000002C19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd getScalingFactor
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\is-0C4DK.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Duplicate Files Fixer\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Advanced Driver Updater\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Recorder\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Antivirus\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak VPN\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Right Backup\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Software Updater\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakPass Password Manager\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Capture\imgBanner VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Capture\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakPass Password Manager\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Software Updater\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Right Backup\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak VPN\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Antivirus\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Recorder\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Advanced Driver Updater\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Duplicate Files Fixer\imgProductLogo VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                              Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 39.0.DPFHelper.exe.24eccc60000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 47.2.DPFNotifier.exe.4a90000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 47.0.DPFNotifier.exe.140000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0000002F.00000000.2212411871.0000000000142000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000027.00000000.2174022753.0000024ECCC62000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UERP.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-D7O44.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-M85J7.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Yara detected PureLog Stealer
                              Source: Yara matchFile source: 39.0.DPFHelper.exe.24eccc60000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 47.2.DPFNotifier.exe.4a90000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 47.0.DPFNotifier.exe.140000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0000002F.00000000.2212411871.0000000000142000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000027.00000000.2174022753.0000024ECCC62000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000002F.00000002.2309134706.0000000004A92000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000000.2146491084.0000021561EB2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UERP.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-D7O44.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-M85J7.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPED
                              Yara detected zgRAT
                              Source: Yara matchFile source: 37.0.DuplicatePhotosFixerPro.exe.21561eb0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-046DT.tmp, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire InfrastructureValid Accounts141
                              Windows Management Instrumentation                              		11
                              Scheduled Task/Job                              		12
                              Process Injection                              		2
                              Masquerading                              		OS Credential Dumping131
                              Security Software Discovery                              		Remote Services1
                              Archive Collected Data                              		11
                              Encrypted Channel                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts2
                              Command and Scripting Interpreter                              		1
                              Registry Run Keys / Startup Folder                              		11
                              Scheduled Task/Job                              		1
                              Modify Registry                              		LSASS Memory2
                              Process Discovery                              		Remote Desktop ProtocolData from Removable Media3
                              Ingress Tool Transfer                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Scheduled Task/Job                              		1
                              DLL Side-Loading                              		1
                              Registry Run Keys / Startup Folder                              		11
                              Disable or Modify Tools                              		Security Account Manager161
                              Virtualization/Sandbox Evasion                              		SMB/Windows Admin SharesData from Network Shared Drive3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                              DLL Side-Loading                              		161
                              Virtualization/Sandbox Evasion                              		NTDS1
                              Application Window Discovery                              		Distributed Component Object ModelInput Capture14
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                              Process Injection                              		LSA Secrets2
                              System Owner/User Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                              Obfuscated Files or Information                              		Cached Domain Credentials3
                              File and Directory Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Timestomp                              		DCSync35
                              System Information Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              DLL Side-Loading                              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1615427 Sample: SecuriteInfo.com.Program.Un... Startdate: 14/02/2025 Architecture: WINDOWS Score: 42 103 www.wshifen.com 2->103 105 www.google.com 2->105 107 9 other IPs or domains 2->107 115 Malicious sample detected (through community Yara rule) 2->115 117 Multi AV Scanner detection for submitted file 2->117 119 Yara detected PureLog Stealer 2->119 121 3 other signatures 2->121 12 SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe 2 2->12         started        15 DPFNotifier.exe 2->15         started        17 DuplicatePhotosFixerPro.exe 2->17         started        20 2 other processes 2->20 signatures3 process4 dnsIp5 95 SecuriteInfo.com.P...412.32763.32020.tmp, PE32 12->95 dropped 22 SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp 76 100 12->22         started        27 DuplicatePhotosFixerPro.exe 15->27         started        29 DuplicatePhotosFixerPro.exe 15->29         started        97 www.google.com 142.250.185.132, 49752, 49823, 49875 GOOGLEUS United States 17->97 99 www.wshifen.com 103.235.46.96, 49881, 80 BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd Hong Kong 17->99 101 2 other IPs or domains 17->101 file6 process7 dnsIp8 109 track.duplicatephotosfixer.com 5.79.122.22, 49737, 49756, 49843 LEASEWEB-NL-AMS-01NetherlandsNL Netherlands 22->109 111 www.duplicatephotosfixer.com 134.122.121.231, 443, 49735, 49736 DIGITALOCEAN-ASNUS United States 22->111 113 activate123.com 165.227.176.158, 443, 49734, 49743 DIGITALOCEAN-ASNUS United States 22->113 87 C:\Program Files (x86)\...\is-M85J7.tmp, PE32 22->87 dropped 89 C:\Program Files (x86)\...\is-D7O44.tmp, PE32 22->89 dropped 91 C:\Program Files (x86)\...\is-9UERP.tmp, PE32 22->91 dropped 93 49 other files (4 malicious) 22->93 dropped 123 Uses schtasks.exe or at.exe to add and modify task schedules 22->123 31 DPFNotifier.exe 22->31         started        33 DuplicatePhotosFixerPro.exe 26 12 22->33         started        35 taskkill.exe 1 22->35         started        41 16 other processes 22->41 37 DPFHelper.exe 27->37         started        39 DPFHelper.exe 29->39         started        file9 signatures10 process11 process12 43 DuplicatePhotosFixerPro.exe 31->43         started        45 DPFHelper.exe 6 33->45         started        47 conhost.exe 35->47         started        49 cmd.exe 37->49         started        51 conhost.exe 37->51         started        53 cmd.exe 39->53         started        55 conhost.exe 39->55         started        57 conhost.exe 41->57         started        59 14 other processes 41->59 process13 61 DPFHelper.exe 43->61         started        63 cmd.exe 45->63         started        65 conhost.exe 45->65         started        67 conhost.exe 49->67         started        69 schtasks.exe 49->69         started        71 conhost.exe 53->71         started        73 schtasks.exe 53->73         started        process14 75 cmd.exe 61->75         started        77 conhost.exe 61->77         started        79 conhost.exe 63->79         started        81 schtasks.exe 63->81         started        process15 83 conhost.exe 75->83         started        85 schtasks.exe 75->85         started       

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.