Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Analysis ID:	1615427
MD5:	eecacebd341b235004ba873b857286c6
SHA1:	788fd4b0367590185afc8713173aa5a29bb8d2fb
SHA256:	ee67aeaa3db0c1f912336fb34da9b7253bb4533568c2c3915ab8149aea256d19
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

PureLog Stealer, zgRAT

Score:	42
Range:	0 - 100
Confidence:	100%

Compliance

Score:	48
Range:	0 - 100

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected PureLog Stealer

Yara detected zgRAT

Queries Google from non browser process on port 80

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Uses schtasks.exe or at.exe to add and modify task schedules

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to detect virtual machines (SLDT)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Schtasks From Env Var Folder

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara signature match

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe (PID: 6628 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe" MD5: EECACEBD341B235004BA873B857286C6)

SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp (PID: 4688 cmdline: "C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp" /SL5="$1041C,13921249,1003008,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe" MD5: D53C5E2C4C2BFBFF94E45CC949138DEF)

taskkill.exe (PID: 6128 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6756 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1012 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6300 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2300 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3228 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2848 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4416 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3056 cmdline: "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe" MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2128 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3628 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5228 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "dpf_ro" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 5136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 4256 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 1632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3208 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 5912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7060 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 2220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2408 cmdline: "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /f MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DuplicatePhotosFixerPro.exe (PID: 1016 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)

DPFHelper.exe (PID: 728 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)

conhost.exe (PID: 2140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6676 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 5168 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

DuplicatePhotosFixerPro.exe (PID: 180 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstall MD5: E0FD3719B7C17B8E780EFE91FCE3596C)

DPFNotifier.exe (PID: 1308 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createschedule MD5: B7D39E8D4904059FC534C356FF7B52B4)

DuplicatePhotosFixerPro.exe (PID: 2796 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)

DPFHelper.exe (PID: 6764 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)

conhost.exe (PID: 2408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1372 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2104 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

DuplicatePhotosFixerPro.exe (PID: 3364 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" updatecheck MD5: E0FD3719B7C17B8E780EFE91FCE3596C)

schtasks.exe (PID: 5764 cmdline: "schtasks.exe" /query /TN "Duplicate Photos Fixer Pro_startup" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DPFNotifier.exe (PID: 6756 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" neweventtrigger MD5: B7D39E8D4904059FC534C356FF7B52B4)

DuplicatePhotosFixerPro.exe (PID: 356 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid MD5: E0FD3719B7C17B8E780EFE91FCE3596C)

DPFHelper.exe (PID: 1020 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate MD5: 383A3B125AF2D8B4DD08C0817DE98E4A)

conhost.exe (PID: 1048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2704 cmdline: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3720 cmdline: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml" MD5: 76CD6626DD8834BD4A42E6A565104DC2)

DPFNotifier.exe (PID: 5264 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup MD5: B7D39E8D4904059FC534C356FF7B52B4)

DPFNotifier.exe (PID: 3160 cmdline: "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" startup neweventtrigger MD5: B7D39E8D4904059FC534C356FF7B52B4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UGDD.tmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MFQND.tmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-Q5NCJ.tmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x55b9b2:$s1: file:/// 0x55b89e:$s2: {11111-22222-10009-11112} 0x55b942:$s3: {11111-22222-50001-00000} 0x558d55:$s4: get_Module 0x559071:$s5: Reverse 0x4b4d47:$s6: BlockCopy 0x4ac4b6:$s7: ReadByte 0x55b9c4:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author
00000030.00000002.2662250757.0000000005142000.00000002.00000001.01000000.00000015.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000028.00000000.2541750689.0000025A57F42000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000030.00000000.2578577877.00000000006A2000.00000002.00000001.01000000.00000014.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
40.0.DPFHelper.exe.25a57f40000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
48.0.DPFNotifier.exe.6a0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
48.2.DPFNotifier.exe.5140000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x55b9b2:$s1: file:/// 0x55b89e:$s2: {11111-22222-10009-11112} 0x55b942:$s3: {11111-22222-50001-00000} 0x558d55:$s4: get_Module 0x559071:$s5: Reverse 0x4b4d47:$s6: BlockCopy 0x4ac4b6:$s7: ReadByte 0x55b9c4:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", CommandLine: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6676, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml", ProcessId: 5168, ProcessName: schtasks.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-14T20:59:25.038316+0100	2803305	3	Unknown Traffic	192.168.2.5	49940	142.250.185.228	80	TCP
2025-02-14T20:59:25.391238+0100	2803305	3	Unknown Traffic	192.168.2.5	49940	142.250.185.228	80	TCP
2025-02-14T20:59:29.073646+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:29.927154+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:30.320936+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:30.552119+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:30.897578+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:31.205284+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:31.498744+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:31.765567+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:32.050014+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:32.396400+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:32.591764+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:32.848786+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:33.139170+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:33.442763+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:33.643084+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:33.891938+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:34.178498+0100	2803305	3	Unknown Traffic	192.168.2.5	49989	18.161.97.76	80	TCP
2025-02-14T20:59:35.995499+0100	2803305	3	Unknown Traffic	192.168.2.5	49940	142.250.185.228	80	TCP
2025-02-14T20:59:37.529561+0100	2803305	3	Unknown Traffic	192.168.2.5	50000	142.250.185.228	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Virustotal: Detection: 6%

Perma Link

Compliance

Uses 32bit PE files

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Static PE information: certificate valid

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.122.121.231:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:50001 version: TLS 1.2

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: C:\users\drew\dev\xmp-core-dotnet\XmpCore\obj\Release\net35\XmpCore.pdb source: is-VB268.tmp.2.dr
Source:	Binary string: @&n.pdb source: DPFNotifier.exe, 00000037.00000002.3926728061.00000000004F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\Visual Studio 2008\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: DPFNotifier.exe, DPFNotifier.exe, 00000030.00000002.2669233395.00000000080C2000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107370597.00000225FF292000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256/ source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: n8C:\Windows\notifierlib.pdb source: DPFNotifier.exe, 00000037.00000002.3926728061.00000000004F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\notifierlib.pdbpdblib.pdb source: DPFNotifier.exe, 00000037.00000002.3957622273.0000000005A0A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107370597.00000225FF292000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdb source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: E:\MyProject\Products\DuplicatePhotosFixer\MultiFrameworks\trunk\core\ImageListView\ImageListView_v11.0_Source\ImageListView\ImageListView\obj\Release\ImageListView.pdb source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2559426067.0000022B43442000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdb source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4108175232.00000225FF6D2000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: notifierlib.pdb source: DPFNotifier.exe, DPFNotifier.exe, 00000030.00000002.2662250757.0000000005142000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3970784821.0000000007F60000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3927576428.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Magick.NET.Core.pdb source: is-96SCP.tmp.2.dr
Source:	Binary string: \??\C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.pdb source: DPFNotifier.exe, 00000037.00000002.3927576428.0000000000789000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: DPFNotifier.pdb source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000000.2578577877.00000000006A2000.00000002.00000001.01000000.00000014.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002A29000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003069000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\users\drew\dev\xmp-core-dotnet\XmpCore\obj\Release\net35\XmpCore.pdb(F source: is-VB268.tmp.2.dr
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: ?&nC:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.pdbV source: DPFNotifier.exe, 00000037.00000002.3926728061.00000000004F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Generated\Google.Apis.Drive.v3\obj\Release\net45\Google.Apis.Drive.v3.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: D:\DMF Code\core\ObjectListViewDemo\ObjectListView\obj\Release\ObjectListView.pdbX source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4108175232.00000225FF6D2000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: DuplicatePhotosFixerPro.pdb source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp, DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B877000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61ED7000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16F7000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\Regclean Pro\rcp\src\UpdateDownload\src\Release\update.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA256 source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106421087.00000225FF232000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: Magick.NET.Core.pdbSHA256 source: is-96SCP.tmp.2.dr
Source:	Binary string: DPFHelper.pdb source: DPFHelper.exe, 00000028.00000002.2555058514.0000025A59C06000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 00000028.00000000.2541750689.0000025A57F42000.00000002.00000001.01000000.0000000E.sdmp, DPFHelper.exe, 00000032.00000002.2619705899.000001E580057000.00000004.00000800.00020000.00000000.sdmp, DPFHelper.exe, 0000003B.00000002.2704080162.0000020643E07000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: f:\mydev\inno-download-plugin\unicode\idp.pdb source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Apiary\2021-08-09.10-01-46\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106421087.00000225FF232000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: notifierlib.pdbX! source: DPFNotifier.exe, 00000030.00000002.2662250757.0000000005142000.00000002.00000001.01000000.00000015.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3927576428.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe

Code function: 4x nop then jmp 00007FF84945E9AFh

45_2_00007FF84945E8A8

Networking

Queries Google from non browser process on port 80

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	HTTP traffic: GET / HTTP/1.1 Host: www.google.com

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /win/dpf/offerhtm/notifier_view.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/dff.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_dff.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/adu_icon.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_adu.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/tsr_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_tsr-2.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/sav_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_sav.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/vpn_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_vpn.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/rightbackup_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_rb.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/softwareupdater_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_ssu.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/tp_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_tp.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/ts_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_ts.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliate=&isreg=0&isexpired=0&utm_content=none&utm_days=0&hid=-3145092321608632551&langcode=en&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hid=-3145092321608632551&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /win/dpf/offerhtm/Notifier_dpf1.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 5.79.122.22 5.79.122.22
Source: Joe Sandbox View	IP Address: 5.79.122.22 5.79.122.22
Source: Joe Sandbox View	IP Address: 143.204.98.13 143.204.98.13
Source: Joe Sandbox View	IP Address: 165.227.176.158 165.227.176.158

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49989 -> 18.161.97.76:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49940 -> 142.250.185.228:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:50000 -> 142.250.185.228:80

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /gethash/ HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.duplicatephotosfixer.com
Source: global traffic	HTTP traffic detected: GET /gethash/ HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.duplicatephotosfixer.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tempfile/3777781877 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.duplicatephotosfixer.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_campaign=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_medium=newbuild&utm_days=0&appversion=1.3.1086.1004&hid=-3145092321608632551&utm_cid=&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: activate123.comConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /gethash/ HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: www.duplicatephotosfixer.com
Source: global traffic	HTTP traffic detected: GET /dpfw/helper/Magick.NET-Q8-AnyCPU.dll HTTP/1.1Accept: /User-Agent: InnoDownloadPlugin/1.5Host: activate123.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Content-Type: application/jsonHost: activate123.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /gethash/ HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.duplicatephotosfixer.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tempfile/3777781877 HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: track.duplicatephotosfixer.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_campaign=ecuriteInfo.com.Program.Unwanted.5412.32763.32020&utm_medium=newbuild&utm_days=0&appversion=1.3.1086.1004&hid=-3145092321608632551&utm_cid=&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: activate123.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /win/dpf/offerhtm/notifier_view.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/dff.png HTTP/1.1Host: cdn.systweak.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_dff.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/adu_icon.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_adu.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/tsr_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_tsr-2.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/sav_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_sav.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/vpn_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_vpn.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/rightbackup_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_rb.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/softwareupdater_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_ssu.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/tp_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_tp.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/dff/utilitykit/images/ts_logo.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET /setups/actioncenter/Images/banner_ts.png HTTP/1.1Host: cdn.systweak.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliate=&isreg=0&isexpired=0&utm_content=none&utm_days=0&hid=-3145092321608632551&langcode=en&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hid=-3145092321608632551&productid=2374&os=microsoft%20windows%2010%20pro&utm_updt=&utm_updatedate=&utm_nagdays=0&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.com
Source: global traffic	HTTP traffic detected: GET /win/dpf/offerhtm/Notifier_dpf1.json HTTP/1.1Content-Type: application/jsonHost: offers.systweak.comConnection: Close
Source: global traffic	HTTP traffic detected: GET /dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.32763.32020&utm_medium=newbuild&utm_campaign=ecuriteinfo.com.program.unwanted.5412.32763.32020&affiliateid=&isreg=0&isexpired=0&dis=0&utm_term=&utm_days=0&lang_code=en&productid=2374&macid=-3145092321608632551&pxl=dpf_def_pixel&bdts=29-01-2025&instdts=14-02-2025&sn=securiteinfo.com.program.unwanted.5412.32763.32020.exe HTTP/1.1Host: activate123.comCache-Control: no-store,no-cachePragma: no-cacheConnection: Keep-Alive

Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258079C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258078B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp& equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ohttp://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp`; equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225807A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ohttp://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwappp^ equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Phttp://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258082F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp& equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580793000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&p^ equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258082F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ahttp://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp& equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4065236977.00000225F9D0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp equals www.youtube.com (Youtube)
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4112196347.00000225FF8BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&dll equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2590304142.00000000064BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2576825587.00000000064E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ycu=http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2590304142.00000000064BA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2576825587.00000000064E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ytu=http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp& equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: activate123.com
Source: global traffic	DNS traffic detected: DNS query: www.duplicatephotosfixer.com
Source: global traffic	DNS traffic detected: DNS query: track.duplicatephotosfixer.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: offers.systweak.com
Source: global traffic	DNS traffic detected: DNS query: cdn.systweak.com
Source: global traffic	DNS traffic detected: DNS query: s1kegmsmob.execute-api.us-east-1.amazonaws.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETDate: Fri, 14 Feb 2025 19:58:35 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76

Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://127.0.0.1:
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://169.254.169.254
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://169.254.169.254#GCE_METADATA_HOST
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/tokenHhttps://oauth2.goo
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://192.168.0.61/dpftutorial.com/index.aspx
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DEE000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000272E000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000273C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580607000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DBD000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000270D000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002702000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/LR
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000368B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dll
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61ED9000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16F9000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://activate123.com/dpfw/lb/update.asp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61ED9000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16F9000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://activate123.com/dpfw/misc/update_of.asp
Source: DPFNotifier_log.txt.48.dr	String found in binary or memory: http://activate123.com/dpfw/notifier/update.asp
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002702000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002702000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?utm_source=ecuriteInfo.com.Program.Unwanted.5412.327
Source: DPFNotifier.exe, 00000037.00000002.3932806241.000000000270D000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002702000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/notifier/update.asp?utm_source=ecuriteinfo.com.program.unwanted.5412.327
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002702000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/notifier/update.aspd
Source: is-6HJT6.tmp.2.dr	String found in binary or memory: http://activate123.com/dpfw/update.asp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteInfo.com.Program.Unwanted.5
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805DB000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4064956150.0000022599B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/update.asp?marked=0&dups=0&utm_source=ecuriteinfo.com.program.unwanted.5
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805A8000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/update.asp?p
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000366A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/update.asp?utm_term=Setup&utm_source=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.000000000240C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.0000000000880000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2619344873.0000000006431000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2619593583.00000000064B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2590304142.000000000649A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/dpfw/update.asp?utm_term=Setup&utm_source=ecuriteInfo.com.Program.Unwanted.54
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61ED9000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16F9000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?&utm_days=0&langcode=en&isreg=0&isexpired=0&h
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?p
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4072528082.00000225FC1C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://activate123.com/systweak/dpfnew/utility_kit.asp?utm_days=0&langcode=en&isreg=0&isexpired=0&hi
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DEE000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000273C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://activate123.comd
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=7
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=8
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://afo.checkfilename.com/fileoptimizerweb/dotnettracker.aspx?version=9
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://alternate.downloads.s3.amazonaws.com/testupdatefolder/dpf/rb_advt_en.jpg
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://alternate.downloads.s3.amazonaws.com/testupdatefolder/dpf/usa-offer1.png
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://bitbucket.org/mitrich_k/inno-download-plugin
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258037B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/
Source: DuplicatePhotosFixerPro.exe, 0000002F.00000002.2587233468.000002C519D7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/downloads/dffw/dffsetupadg_dpfw-adg1.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://cdn.systweak.com/downloads/dffw/dffsetupadg_dpfw-adg1.exe?of=dffsetupadg_.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/downloads/setups/dpfw/dpfsetup_afterupdate_1004.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://cdn.systweak.com/runcamps/adusetup_dpf_adu_try.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/adusetupg_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/aspsetup_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/tp/tpsetup_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/tp/tpsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecu
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/tweakshotsetupg_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/runcamps/tweakshotsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-e
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_adu.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258037B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_dff.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_rb.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_sav.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_ssu.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_tp.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_ts.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_tsr-2.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/actioncenter/Images/banner_vpn.png
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/adug_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/adug_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecuriteIn
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/dffsetupg_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258037B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/dffsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecur
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/rbsetup_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/rbsetup_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecurit
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/savsetupg_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/savsetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecur
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/baps/svpnsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-e
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036C1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/df/NDP452.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/adu_icon.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258037B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/dff/utilitykit/images/dff.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/rcp/rcpg_
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://cdn.systweak.com/setups/rp/ransomwareprotector_dpf_rp_try.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/setups/tsr/tsrsetupipg_ecuriteInfo.com.Program.Unwanted.5412.32763.32020-ecu
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.systweak.com/softwareupdater/files/ssusetupg_ecuriteInfo.com.Program.Unwanted.5412.32763.
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cfn.duplicatephotofixer.com
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: is-96SCP.tmp.2.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: is-96SCP.tmp.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: is-96SCP.tmp.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2620318402.00000000066C5000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000756C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cyworld.nate.com/nuclear_mine
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000368B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://d1.duplicatephotosfixer.com/paraminfo/?param=
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://d1bbcssojg6a2i.cloudfront.net/utilitykit/rbsetup_dpf_try.exe
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/$DownloadWebPage()
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590067000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/jsonBFrmwebBrowsing::getLocationInfo()
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590082000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://keys.systweak.com/freekey/?action=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mitrichsoftware.wordpress.comB
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://mtrack.systweak.com/ProductScanTracker/ScanCleanParser.svc/firstbindingaddress
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: is-96SCP.tmp.2.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, is-96SCP.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: is-96SCP.tmp.2.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000026A9000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003259000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/ChristmasOfferhtm/notifier_curent.json
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000026E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/ChristmasOfferhtm/notifier_curenth
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/PricePage/Price.html
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B877000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71ED7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/notifier1.json
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/notifier1.json6
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/Notifier_dpf
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024B6000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/Notifier_dpf1.json
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/adu_win.html
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/asp_win.html
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/notifier_view.json
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.com/win/dpf/offerhtm/rcp_win.html
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweak.comd
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://offers.systweakDj/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rightbackup.com/eula
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rightbackup.com/privacypolicy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s1kegmsmob.execute-api.us-east-1.amazonaws.com
Source: DPFNotifier.exe, 00000037.00000002.3932806241.000000000273C000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002489000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schema.org/WebPage
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotificationsClasses
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027C5000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000024BA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotificationsClassesd
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/AppNotifier
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker;
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTracker_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerb
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerc
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/ProductScanTrackerd
Source: DPFHelper.exe, 0000003B.00000002.2704080162.0000020643E0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002DDB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000272E000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/MS_UploadFeedbackT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/STCheckGenuineness
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/STGetSoftwareCheckUpdateURL
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/STIsCurKeyNeedToExpire
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/STIsKeyGenuine
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/STIsSoftwareGenuine
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/T
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/TU
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/UploadFeedbackT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://systweak.com/UploadFileT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataResponse
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataUsingDataContractResponse
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/GetDataUsingDataContractT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/clean_operationResponse
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/clean_operationT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/reportSummaryResponseA
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/reportSummaryT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/scan_operationResponse
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/scan_operationT
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/sendFeedbackResponse
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://tempuri.org/IScanCleanParser/sendFeedbackT
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackApplicationLaunch/?params=
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackApplicationLaunch/?params=m
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000368B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tr.systweak.com/productpxl/trservice.svc/TrackSetupLaunch/?params=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000368B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2133951767.0000000000862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2133951767.0000000000862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877(
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877-
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877:
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877m
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://track.duplicatephotosfixer.com/tempfile/3777781877~
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp, DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EE0000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C1700000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmx
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmxN
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B877000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71ED7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://updateservice1.systweak.com/STGenuineValidatorDPF/STGenuineValidationService.asmxRSTCheckProd
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://updateservice1.systweak.com/miscservice/miscservice.asmx
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: is-VB268.tmp.2.dr	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4108175232.00000225FF6D2000.00000002.00000001.01000000.0000001D.sdmp	String found in binary or memory: http://www.codeproject.com/Articles/16009/A-Much-Easier-to-Use-ListView
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.0000000002222000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2620318402.00000000066C5000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002350000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000756C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatefilesfixer.com/PrivacyPolicy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatefilesfixer.com/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatefilesfixer.com/eula?showlic=1&lang=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatefilesfixer.com/privacypolicyjfrmTrayOfferFixFiles::
Source: is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotofixer.com/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B88B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotofixer.com/eula?showlic=1&lang=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590075000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotofixer.com/fhttp://www.duplicatephotosfixer.com/privacy-policy/Rhttp://www.d
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotofixer.com/firstscanned.asp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=12m
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=3m
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotofixer.com/pricedpfw?ps=6m
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.000000000232D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002448000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000366A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/?
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=A
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43666000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&amp&
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.00000000023FD000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.0000000007492000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.00000000023F3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000366A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-install/?utm_content=AfterInstall&utm_term=Setup&utm_sourc
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.0000000003654000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-uninstall/?lifeboat=1&utm_term=Setup&marked=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.0000000003654000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-uninstall/?utm_term=Setup&marked=
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotosfixer.com/after-update/?
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000366A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/after-update?utm_content=AfterUpdate&utm_term=Setup&utm_source=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/eula/?showlic=1&lang=
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.000000000368B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.000000000087B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B88B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/gethash/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/gethash/#
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/gethash//
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/gethash/0
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/gethash/F
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000754F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/?&appversion=1.3.1086.1004&utm_cid=&hid=q
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/price-pc/?O
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B88B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/privacy-policy/?lang=
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/?G
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/renewal-pc/?P
Source: is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.duplicatephotosfixer.com/support/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/support/bhttps://www.duplicatephotosfixer.com/contact-us/?
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.00000000074C6000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/terms-of-use/?showlic=1&lang=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/user-guide/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.duplicatephotosfixer.com/user-guide/Vhttp://www.lifeboat.jp/support/faq/dph.htmlXhttp://w
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B88B000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EEB000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025EF000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google-analytics.com/collect?v=1&tid=
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002784000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B877000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71ED7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025F2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com(http://www.baidu.com
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580607000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002489000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002784000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/X
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/t
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.comd
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000000.2081078619.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.istool.org/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.istool.org/isxdl.aspx
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?G
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?O
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2593403823.00000000069DC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000036A1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lifeboat.jp/products/dpf/index.php?P
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579982168.00000000075E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.radarsync.com/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.ransomwareprotector.com/eula?showlic=1&lang=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.ransomwareprotector.com/terms-of-use/#PrivacyPolicy
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000000.2081078619.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.systweak.com/NagTracking.aspx
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025EF000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/NagTracking.aspxX&Y
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/advanced-driver-updater/eula
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.systweak.com/advanced-driver-updater/eula/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/advanced-system-optimizer/eulaLhttp://www.systweak.com/privacy-policy
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.systweak.com/fhttp://www.duplicatephotosfixer.com/privacy-policy/Rhttp://www.duplicatepho
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/independence-day-offer?utm_source=dpf_update&utm_campaign=dpf_update4transpa
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580126000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258087D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/privacy-policy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2591160955.000002C51B879000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2634777554.000002BF61EDE000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C16FE000.00000004.00000800.00020000.00000000.sdmp, is-6HJT6.tmp.2.dr	String found in binary or memory: http://www.systweak.com/privacy-policy/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/software-updater/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/systweak-antivirus/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/systweak-antivirus/eula/Nhttp://www.systweak.com/privacy-policy/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.systweak.com/systweak-vpn/eula
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweaking.in/privacy-policy/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweaking.in/tweakshot-screen-recorder/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.tweaking.in/tweakshot/buynow/?coupon=20per-glb&redirect=1&
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweaking.in/tweakshot/eula/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweaking.in/tweakshot/eula/.GetDetails_TweakShot
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225803AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweakpass.com/eula/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tweakpass.com/eula/Lhttp://www.tweaking.in/privacy-policy/.GetDetails_TweakPass
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2620318402.00000000066C5000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000756C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.yildizyazilim.gen.tr%1
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwapp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225807A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/channel/UCv_Uf8fDZXJS8MWF5WWK09Q?widget_referrer=dpfwappp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258082F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258070B000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258078B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4112196347.00000225FF8BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&dll
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580793000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/embed/Ws6CCZd16Bc?start=0&end=-1&autoplay=1&fs=0&widget_referrer=dpfwapp&p
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://y31uv4ra1.vo.llnwd.net/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.box.com/api/oauth2/authorize?client_id=
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/authIhttps://oauth2.googleapis.com/revoke)certificatesLocati
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000249E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.00000000007ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591839507.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.000000000085F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/3
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591839507.000000000085D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000856000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.000000000085F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/;
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.00000000007ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/disk
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591839507.0000000000839000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2595288730.00000000035E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dll
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.0000000000862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dllK
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.0000000000862000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dllf
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.000000000087B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dllh
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.000000000087B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/helper/Magick.NET-Q8-AnyCPU.dllt
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002D22000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002672000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002BE2000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003222000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteInfo.com.Program.Unwanted.
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000249E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.com/dpfw/notifier/notifier_dpf1.asp?utm_source=ecuriteinfo.com.program.unwanted.
Source: DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://activate123.comLR
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/baps/aip_aipsite-default.exe?of=aip.exe
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/baps/aso3setup_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/baps/posetup_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/baps/sdcsetupg_sdc_site-default.exe?of=sdcsetupg_.exe
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/dffw/baps/dffsetupg_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/dpfw/baps/dpfsetupg_dpfw-site.exe?of=dpfsetupg_.exe
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/setups/photosrecovery/setups/phrecsetup_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.systweak.com/softwareupdater/files/ssusetupg_systweak-default.exe?of=ssusetupg_.exe
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.tweaking.in/runcamps/setups/apmsetupg_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.tweaking.in/setups/asr/asrsetupipg_
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://checkout.paddle.com/api/2.0/prices/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.000002258006F000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.0000000002798000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.000000000249E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentials
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentialsRhttps://accounts.google.
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://developers.google.com/api-client-library/dotnet/apis/drive/v3
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://developers.google.com/identity/protocols/oauth2/index.html#4.-send-the-access-token-to-an-ap
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/terms/api-services-user-data-policy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g4a2uta3m.vo.llnwd.net/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://github.com/google/google-api-dotnet-client/tree/master/Src/Generated
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://is.systweak.com/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://oauth2.googleapis.com/token
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://rightbackup.com/PrivacyPolicy#EULAdhttp://rightbackup.com/privacypolicy#PrivacyPolicy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.exe
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.exec
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805E6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.000002259006A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=(ThreadProductTr
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4064135370.0000022599A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn%26launchty
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.0000022580614000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn&launchtype
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225805A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s1kegmsmob.execute-api.us-east-1.amazonaws.com/trservice/tracklaunch?params=x-btn=AppLaunch&
Source: is-96SCP.tmp.2.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.advancedpdfmanager.com/eula/dhttps://www.advancedpdfmanager.com/privacy-policy/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.advancedpdfmanager.com/price-3/?coupon=20per-glb&
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2579700302.00000000038E5000.00000004.00000020.00020000.00000000.sdmp, is-96SCP.tmp.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatefilesfixer.com/eulabhttps://www.duplicatefilesfixer.com/privacypolicy
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.000000000232D000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002448000.00000004.00001000.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.00000225913B6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC6E7000.00000004.08000000.00040000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590EB6000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022591DB6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/:
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC87D000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/EULA.aspx
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/Hhttp://www.duplicatephotosfixer.com/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/boxcloud-authorize/?0BoxCloudWrapper::
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/contact-us/&ShowGiveAwayForm::
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/contact-us/Vhttp://www.lifeboat.jp/support/faq/dph.html
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/dropbox-authorize-v2/?PcDropboxscan::GeneratedAuthenticationURL
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000749E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.0000000000826000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591839507.0000000000839000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591266836.000000000643D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2611974245.0000000000839000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2590304142.000000000649A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/eula/
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2618929106.00000000063E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.000000000086D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/gethash/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/price_pc/?Nhttp://activate123.com/dpfw/update.asp?Vhttps://chec
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4074538280.00000225FC87D000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.duplicatephotosfixer.com/privacy-policy
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2646239441.0000000002C85000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000025E8000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000038.00000002.2681227240.0000000002B45000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000039.00000002.2681320260.0000000003185000.00000004.00000800.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: DPFNotifier.exe, 00000037.00000002.3932806241.0000000002489000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/logos/doodles/2025/valentines-day-2025-6753651837110609.2-2x.png
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.appdataUhttps://www.googleapis.com/auth/drive.file
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.metadatanhttps://www.googleapis.com/auth/drive.metadata.readon
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.metadataohttps://www.googleapis.com/auth/drive.metadata.readon
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.readonly
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.readonlyZhttps://www.googleapis.com/auth/drive.scripts
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/drive.scripts
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/auth/driveZhttps://www.googleapis.com/auth/drive.appdataThttps://www.goog
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://www.googleapis.com/auth/iam
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107370597.00000225FF292000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: https://www.googleapis.com/batch
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/batch/drive/v3
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4107710994.00000225FF2C2000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.googleapis.com/drive/v3/
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v3/certs%validationSettingsSJWT
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4106776181.00000225FF262000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://www.gstatic.com/iap/verify/public_key-jwk
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2074651146.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.00000000022A4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2605704510.0000000002392000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2082624813.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2602690156.000000000749E000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.0000000000826000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2591266836.000000000643D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.maxivpn.com/legal/privacy.html.
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000002.2610722914.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-RAOI3.tmp.2.dr, SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	String found in binary or memory: https://www.systweak.com/
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B877000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71ED7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/actissue.aspx?productid=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/advanced-driver-updater/eula
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/advanced-system-protector/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/photo-organizer/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/photos-recovery/eulaNhttps://www.systweak.com/privacy-policy8GetDetails_Pho
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/privacy-policy
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3929199251.00000225802A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.systweak.com/registry-cleaner/eula
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/eula/Nhttps://www.tweaking.in/privacy-policy/(Advan
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/price/?coupon=20per-glb&redirect=1&B&utm_source=
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: https://www.tweaking.in/advanced-screen-recorder/price/?coupon=20per-glb&redirect=1&zhttps://www.adv

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 134.122.121.231:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 165.227.176.158:443 -> 192.168.2.5:50001 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

Detected potential crypto function

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 38_2_00007FF848F25B35	38_2_00007FF848F25B35
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Code function: 40_2_00007FF848F08393	40_2_00007FF848F08393
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F4F795	45_2_00007FF848F4F795
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8491510FA	45_2_00007FF8491510FA
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF849159658	45_2_00007FF849159658
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8491510D1	45_2_00007FF8491510D1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492322D9	45_2_00007FF8492322D9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_05145968	48_2_05145968
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_051481D4	48_2_051481D4
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_05146C2B	48_2_05146C2B
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_05142050	48_2_05142050
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_051438C4	48_2_051438C4
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_02A1D4E0	48_2_02A1D4E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_02A10C78	48_2_02A10C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_02A10C50	48_2_02A10C50
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634B610	48_2_0634B610
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063427E0	48_2_063427E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063452C8	48_2_063452C8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634BCC0	48_2_0634BCC0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_06341D88	48_2_06341D88
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063418E7	48_2_063418E7
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634E9F0	48_2_0634E9F0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063416F1	48_2_063416F1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063427D0	48_2_063427D0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634E46C	48_2_0634E46C
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_063445EC	48_2_063445EC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634B5D0	48_2_0634B5D0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634BCB0	48_2_0634BCB0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_06341D78	48_2_06341D78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634EA44	48_2_0634EA44
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_06347800	48_2_06347800
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634E9EC	48_2_0634E9EC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_07F4E070	48_2_07F4E070
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_07F4E05F	48_2_07F4E05F
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_080960DA	48_2_080960DA
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_08095C78	48_2_08095C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_080915B8	48_2_080915B8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_08095C78	48_2_08095C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_08095D67	48_2_08095D67
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_080915AA	48_2_080915AA
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_08099668	48_2_08099668
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_051447CB	48_2_051447CB
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_051459FF	48_2_051459FF
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 49_2_00007FF848F31DEF	49_2_00007FF848F31DEF
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 49_2_00007FF848F1F795	49_2_00007FF848F1F795
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 49_2_00007FF848F29FE8	49_2_00007FF848F29FE8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 49_2_00007FF848F26FEC	49_2_00007FF848F26FEC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 49_2_00007FF848F1604D	49_2_00007FF848F1604D
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Code function: 50_2_00007FF848F48F7E	50_2_00007FF848F48F7E
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Code function: 50_2_00007FF848F48393	50_2_00007FF848F48393
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_02390C78	55_2_02390C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0239D4E0	55_2_0239D4E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_02390C05	55_2_02390C05
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05978790	55_2_05978790
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973608	55_2_05973608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05974220	55_2_05974220
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973268	55_2_05973268
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973856	55_2_05973856
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0597D420	55_2_0597D420
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05978783	55_2_05978783
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_059737A9	55_2_059737A9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_059737E9	55_2_059737E9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973694	55_2_05973694
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_059736AC	55_2_059736AC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973600	55_2_05973600
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973608	55_2_05973608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05974210	55_2_05974210
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973258	55_2_05973258
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973C84	55_2_05973C84
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973CC1	55_2_05973CC1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973BF8	55_2_05973BF8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973B06	55_2_05973B06
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_05973B27	55_2_05973B27
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747E7F0	55_2_0747E7F0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747E69A	55_2_0747E69A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474567	55_2_07474567
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747B570	55_2_0747B570
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_074731C8	55_2_074731C8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474F68	55_2_07474F68
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747BC20	55_2_0747BC20
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747E7E0	55_2_0747E7E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747B543	55_2_0747B543
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747B4EF	55_2_0747B4EF
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474373	55_2_07474373
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474F58	55_2_07474F58
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474F21	55_2_07474F21
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747BB89	55_2_0747BB89
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474900	55_2_07474900
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_07474910	55_2_07474910
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0747E844	55_2_0747E844
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_074748E0	55_2_074748E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0748E8A0	55_2_0748E8A0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0748E808	55_2_0748E808
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_0748E890	55_2_0748E890
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D1550	55_2_075D1550
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D8100	55_2_075D8100
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D0F5E	55_2_075D0F5E
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D8648	55_2_075D8648
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D1540	55_2_075D1540
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D2334	55_2_075D2334
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D224D	55_2_075D224D
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D1121	55_2_075D1121
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075D0FF1	55_2_075D0FF1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 55_2_075DDEE9	55_2_075DDEE9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_02740C78	56_2_02740C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_02740C50	56_2_02740C50
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_0274D4E0	56_2_0274D4E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF8790	56_2_05FF8790
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3608	56_2_05FF3608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3856	56_2_05FF3856
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF4220	56_2_05FF4220
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3CC1	56_2_05FF3CC1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3C84	56_2_05FF3C84
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF37E9	56_2_05FF37E9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF37A9	56_2_05FF37A9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF8781	56_2_05FF8781
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF36AC	56_2_05FF36AC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3694	56_2_05FF3694
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3608	56_2_05FF3608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3600	56_2_05FF3600
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3BF8	56_2_05FF3BF8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3B27	56_2_05FF3B27
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF3B06	56_2_05FF3B06
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 56_2_05FF4217	56_2_05FF4217
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_014D0C78	57_2_014D0C78
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_014DD4E0	57_2_014DD4E0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_014D0C50	57_2_014D0C50
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057CD930	57_2_057CD930
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057CE200	57_2_057CE200
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057CD5E8	57_2_057CD5E8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057C94E7	57_2_057C94E7
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057C1020	57_2_057C1020
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057C1011	57_2_057C1011
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057C5328	57_2_057C5328
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_057C5323	57_2_057C5323
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663608	57_2_06663608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06668790	57_2_06668790
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663268	57_2_06663268
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06664220	57_2_06664220
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663856	57_2_06663856
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663608	57_2_06663608
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663600	57_2_06663600
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_066636AC	57_2_066636AC
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663694	57_2_06663694
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_066637E9	57_2_066637E9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_066637A9	57_2_066637A9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_0666878B	57_2_0666878B
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663CC1	57_2_06663CC1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663258	57_2_06663258
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06664213	57_2_06664213
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663B27	57_2_06663B27
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663B06	57_2_06663B06
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 57_2_06663BF8	57_2_06663BF8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 58_2_00007FF848F4E930	58_2_00007FF848F4E930
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 58_2_00007FF848F51DEF	58_2_00007FF848F51DEF
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 58_2_00007FF848F3F795	58_2_00007FF848F3F795
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 58_2_00007FF848F49FE8	58_2_00007FF848F49FE8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Code function: 59_2_00007FF848F18393	59_2_00007FF848F18393

PE file contains executable resources (Code or Archives)

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-RAOI3.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2079726661.000000007FBA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2623747058.0000000002308000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000003.2077447865.00000000025A0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe, 00000000.00000000.2074239079.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	Binary or memory string: OriginalFileNamedpfsetupg_.exe vs SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Yara signature match

Source: 38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: classification engine

Classification label: mal42.troj.evad.winEXE@94/133@7/6

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe

Code function: 55_2_075D02EC GetDiskFreeSpaceExW,

55_2_075D02EC

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp

File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5420:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1048:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6404:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7084:120:WilError_03
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DuplicatePhotosFixerPro_E9AC93B9-E733-40A8-9338-47A4909521B7
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexDuplicatePhotosFixerPro_1
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1632:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2140:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2220:120:WilError_03
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:356:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5628:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5136:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Mutant created: \Sessions\1\BaseNamedObjects\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Duplicate Photos Fixer Pro_setup
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DuplicatePhotosFixerPro_97BEA57A-0FC2-42EF-BA0F-95E4CD0D05FA
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2408:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\cbackuplogmutexDPFNotifier_OutOfMemorylog
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5912:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DPFNotifier.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "DuplicatePhotosFixerPro.exe")

Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select count(*) as 'TotalDuplicatePhotos', count(distinct d.groupnumber) as 'TotalDuplicateGroups', total(case when isMark=1 then e.filesize else 0 end ) as 'TotalDuplicateMarkPhotosSize', total(case when isMark=1 then 1 else 0 end) as 'TotalDuplicateMarkPhotos' from DupImageFileLog as d join exifInfo e on e.id=d.exifid where d.groupnumber>0(TotalDuplicatePhotos(TotalDuplicateGroups0TotalDuplicateMarkPhotos8TotalDuplicateMarkPhotosSizev SelectionAssistant :: UpdateAndShowDuplicateCountFromDB : \UPDATE {0} SET IsMark= {1} where {2} in ({3});Ddelete from {0} where {1} in ({2})
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select d.key from DupImageFileLog as d join (select groupnumber, count(*) as 'ItmesCount' from DupImageFileLog where groupnumber>0 group by groupnumber having ItmesCount=1) as t1 on t1.groupnumber=d.groupnumber` SelectionAssistant :: removeSingleGroupItems : RUPDATE {0} SET {1}= 0 where {2} in ({3});nUPDATE {0} SET {1} = {2}, isMark=0 where {3} in ({4});:DPF_RESULT_UC_UNMARK_ALL_TEXT
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590073000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: select d.key from DupImageFileLog as d join (select groupnumber, count(*) as 'ItmesCount' from DupImageFileLog where groupnumber>0 group by groupnumber having ItmesCount=1) as t1 on t1.groupnumber=d.groupnumber` SelectionAssistant :: removeSingleGroupItems : RUPDATE {0} SET {1}= 0 where {2} in ({3});nUPDATE {0} SET {1} = {2}, isMark=0 where {3} in ({4});-

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Automated click: I accept the agreement

Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp.0.dr	Static PE information: section name: .didata
Source: is-RAOI3.tmp.2.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Code function: 2_2_037FEAD9 push es; ret	2_2_037FEB60
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Code function: 2_2_063E6B98 push eax; retf	2_2_063E6B99
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 38_2_00007FF848F27969 push ebx; retf	38_2_00007FF848F2796A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 38_2_00007FF848F28169 push ebx; ret	38_2_00007FF848F2816A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 38_2_00007FF848F28823 push edx; iretd	38_2_00007FF848F2882B
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 38_2_00007FF848F2E084 push B9000000h; retf 0000h	38_2_00007FF848F2E099
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848E2D2A5 pushad ; iretd	45_2_00007FF848E2D2A6
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F521E9 push ebx; retf	45_2_00007FF848F521EA
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F47969 push ebx; retf	45_2_00007FF848F4796A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F48169 push ebx; ret	45_2_00007FF848F4816A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F48823 push edx; iretd	45_2_00007FF848F4882B
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF848F400BD pushad ; iretd	45_2_00007FF848F400C1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF84915DACC push E8000003h; ret	45_2_00007FF84915DAD1
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8491530EA push E95D4EE7h; ret	45_2_00007FF849153139
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492C469C push es; retf	45_2_00007FF8492C469D
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492C0678 pushad ; iretd	45_2_00007FF8492C0679
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492C9979 push 8B485BF2h; retf	45_2_00007FF8492C9990
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492CB1BF push edi; retf	45_2_00007FF8492CB1CB
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492CA804 push edi; retf	45_2_00007FF8492CA80A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492C20A6 push ds; ret	45_2_00007FF8492C20A8
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 45_2_00007FF8492CB896 push ecx; retf	45_2_00007FF8492CB89A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 47_2_00007FF848F27969 push ebx; retf	47_2_00007FF848F2796A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 47_2_00007FF848F28169 push ebx; ret	47_2_00007FF848F2816A
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 47_2_00007FF848F28823 push edx; iretd	47_2_00007FF848F2882B
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Code function: 47_2_00007FF848F2E094 push B9000000h; retf 0000h	47_2_00007FF848F2E0A9
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_02A14503 push esp; retf	48_2_02A14509
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_02A1454C push cs; retf	48_2_02A1454F
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634E46C push es; iretd	48_2_0634E4B0
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634854E push 0000005Dh; ret	48_2_06348559
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_0634E3D3 pushfd ; retf	48_2_0634E3D4
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Code function: 48_2_06348110 push 0000005Dh; ret	48_2_06348129

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-734E1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\AppResource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MCQBH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-IG7CT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UGDD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-7Q3PF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-96SCP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-40P7P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.PlatformServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Data.SQLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MFQND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\dpfptt.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-RAOI3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-T3M7E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Dropbox.Api.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-VB268.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-004CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-DBR67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-G14SI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-Q5NCJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Threading.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-SN965.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\XmpCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-O1R9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-AVSBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-KIHDP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-LP092.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\MetadataExtractor.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\ProgramData\DownloadComponents\Magick.NET-Q8-AnyCPU.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\isxdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-B5M51.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe	File created: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET-Q8-AnyCPU.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-HH6SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Newtonsoft.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\SQLite.Interop.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro\Duplicate Photos Fixer Pro.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro\Uninstall Duplicate Photos Fixer Pro.lnk	Jump to behavior

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 22B419E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 22B5B620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 25A582B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 25A71BC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 225F9F10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 225FB950000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 2C519F00000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 2C533820000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2800000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2A70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2800000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 2BF60260000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 2BF79E80000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 1E5E7630000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 1E5E9280000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 21E0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 23C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 43C0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2740000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2930000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 4A30000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 14D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 2F70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Memory allocated: 4F70000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 268BFD50000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Memory allocated: 268D96A0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 206422D0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Memory allocated: 2065BDB0000 memory reserve \| memory write watch

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-SN965.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-734E1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\XmpCore.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\AppResource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MCQBH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-O1R9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-IG7CT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-AVSBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-KIHDP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-7Q3PF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-96SCP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-LP092.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-40P7P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.PlatformServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Data.SQLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MFQND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\MetadataExtractor.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\dpfptt.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-T3M7E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\ProgramData\DownloadComponents\Magick.NET-Q8-AnyCPU.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Dropbox.Api.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\idp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TSU06.tmp\isxdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-VB268.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-004CV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-DBR67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-B5M51.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-G14SI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Magick.NET-Q8-AnyCPU.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-HH6SP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\SQLite.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Newtonsoft.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Duplicate Photos Fixer Pro\System.Threading.dll (copy)	Jump to dropped file

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 6756	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 6104	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 5016	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 940	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 5640	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 5016	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 1988	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 7148	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 6388	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 1272	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 3596	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 2640	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 3936	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 3792	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 2640	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 3192	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe TID: 4668	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe TID: 5240	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe TID: 6820	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	File Volume queried: C:\ FullSizeInformation

Source: DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71ED7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VIRTUALevmwarefVirtualBox
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2559812805.0000022B43738000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware2
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2406342834.0000000000826000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8t
Source: DPFNotifier.exe, 00000030.00000002.2666392216.0000000006007000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{
Source: DPFNotifier.exe, 00000030.00000002.2665920992.0000000005FAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}xv
Source: DuplicatePhotosFixerPro.exe, 0000003A.00000002.2718378511.00000268C1792000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: DPFNotifier.exe, 00000030.00000002.2642240446.0000000000CFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561715298.0000022B5BD99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\mU=
Source: DPFHelper.exe, 00000032.00000002.2628418130.000001E5E9102000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2H
Source: SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp, 00000002.00000003.2129658997.0000000000872000.00000004.00000020.00020000.00000000.sdmp, DPFNotifier.exe, 00000030.00000002.2642240446.0000000000CFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DPFHelper.exe, 00000032.00000002.2628418130.000001E5E9102000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561715298.0000022B5BD5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: DPFNotifier.exe, 00000037.00000002.3957622273.00000000059D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: DuplicatePhotosFixerPro.exe, 00000031.00000002.2638051630.000002BF71EDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: {0}, {1}aCaptionbSELECT Manufacturer, Model FROM Win32_BaseBoardcSystem Product Name0IDS_NO_DETAILS_AVAILABLEdvirtualgselect Name from Win32_ProcessorkSELECT Description FROM Win32_DisplayConfigurationlDescription<ucSystemInfo:: GetSystemInfo: &IsVirtualMachine:: mSELECT LastBootUpTime FROM Win32_OperatingSystem WHERE Primary='true'nLastBootUpTime.cSystemInfo:: GetLogo: hOther
Source: DPFNotifier.exe, 00000030.00000002.2665920992.0000000005FAD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\onAt
Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B87D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Description<ucSystemInfo:: GetSystemInfo: &IsVirtualMachine::
Source: DuplicatePhotosFixerPro.exe, 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: xca78TK4vHGfSTMPKU7X
Source: DuplicatePhotosFixerPro.exe, 0000002D.00000002.4072528082.00000225FC159000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DPFNotifier.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im "DuplicatePhotosFixerPro.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_startup" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "dpf_ro" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_startup" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "Duplicate Photos Fixer ProNotifier_trigger" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /delete /tn "NotifierDuplicate Photos Fixer Pro_WD" /f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" firstinstall	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe" createschedule	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process created: C:\Windows\System32\schtasks.exe "schtasks.exe" /query /TN "Duplicate Photos Fixer Pro_startup"
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" macid
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Process created: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe "C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe" /exepath"C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe" /createautoupdate
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Duplicate Photos Fixer Pro_updates" /XML "C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\CreateCheckUpdate.xml"

Source: DuplicatePhotosFixerPro.exe, 00000026.00000002.2561128912.0000022B53630000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002D.00000002.3955932512.0000022590057000.00000004.00000800.00020000.00000000.sdmp, DuplicatePhotosFixerPro.exe, 0000002F.00000002.2592532307.000002C52B877000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: DPFNotifier.exe, 00000030.00000002.2646239441.0000000002D59000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000023E7000.00000004.00000800.00020000.00000000.sdmp, DPFNotifier.exe, 00000037.00000002.3932806241.00000000026A9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd getScalingFactor

Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-FP280.tmp\SecuriteInfo.com.Program.Unwanted.5412.32763.32020.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Auth.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.Drive.v3.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Google.Apis.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ObjectListView.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Duplicate Files Fixer\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Advanced Driver Updater\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Recorder\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Antivirus\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak VPN\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Right Backup\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Software Updater\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakPass Password Manager\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Capture\imgBanner VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Capture\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakPass Password Manager\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Software Updater\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Right Backup\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak VPN\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Systweak Antivirus\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\TweakShot Screen Recorder\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Advanced Driver Updater\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Users\user\AppData\Roaming\Systweak\Duplicate Photos Fixer Pro\UtilityKit\Duplicate Files Fixer\imgProductLogo VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\notifierlib.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\ImageListView.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe VolumeInformation
Source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFHelper.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5412.32763.32020.exe

Source: Yara match	File source: 40.0.DPFHelper.exe.25a57f40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 48.0.DPFNotifier.exe.6a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 48.2.DPFNotifier.exe.5140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.0.DuplicatePhotosFixerPro.exe.22b40ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000030.00000002.2662250757.0000000005142000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.2541750689.0000025A57F42000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000030.00000000.2578577877.00000000006A2000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000000.2515578766.0000022B40CA2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-9UGDD.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-MFQND.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-Q5NCJ.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Duplicate Photos Fixer Pro\is-EHJOT.tmp, type: DROPPED

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	11 Scheduled Task/Job	12 Process Injection	2 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	11 Scheduled Task/Job	1 Modify Registry	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	11 Disable or Modify Tools	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	161 Virtualization/Sandbox Evasion	NTDS	161 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	2 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	35 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement