Windows Analysis Report
PDFixers.exe

Overview

General Information

Sample name: PDFixers.exe
Analysis ID: 1447146
MD5: b4440eea7367c3fb04a89225df4022a6
SHA1: 5a6c01f821f10f6ed1f1283ecba36c5bacfb5838
SHA256: a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0
Infos:

Detection

Score: 54
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: PDFixers.exe Avira: detected
Antivirus detection for URL or domain
Source: https://pixel.pdfixers.com/Z Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: https://pixel.pdfixers.com/Z Virustotal: Detection: 5% Perma Link
Source: https://pixel.pdfixers.com/- Virustotal: Detection: 5% Perma Link
Multi AV Scanner detection for submitted file
Source: PDFixers.exe ReversingLabs: Detection: 62%
Source: PDFixers.exe Virustotal: Detection: 55% Perma Link
Source: PDFixers.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.11.17 104.21.11.17
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=AOdy1MrzgsK5ChnqbS1ygi2lJnTmyOjw3eNtk91BmlP5Q/xcKYJ6g0nEGUFY8q+EX/JnXnLW5BVH8/yv2P+n/XMHX0DD9+FkBcRHnb1XNvywHqBfQ+dsZl31NeQh; AWSALBCORS=AOdy1MrzgsK5ChnqbS1ygi2lJnTmyOjw3eNtk91BmlP5Q/xcKYJ6g0nEGUFY8q+EX/JnXnLW5BVH8/yv2P+n/XMHX0DD9+FkBcRHnb1XNvywHqBfQ+dsZl31NeQh
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Accept: */*Referer: https://pixel.pdfixers.com/Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pixel.pdfixers.comConnection: Keep-AliveCookie: AWSALB=AOdy1MrzgsK5ChnqbS1ygi2lJnTmyOjw3eNtk91BmlP5Q/xcKYJ6g0nEGUFY8q+EX/JnXnLW5BVH8/yv2P+n/XMHX0DD9+FkBcRHnb1XNvywHqBfQ+dsZl31NeQh; AWSALBCORS=AOdy1MrzgsK5ChnqbS1ygi2lJnTmyOjw3eNtk91BmlP5Q/xcKYJ6g0nEGUFY8q+EX/JnXnLW5BVH8/yv2P+n/XMHX0DD9+FkBcRHnb1XNvywHqBfQ+dsZl31NeQh
Source: global traffic DNS traffic detected: DNS query: pixel.pdfixers.com
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PDFixers.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: PDFixers.exe String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: PDFixers.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: PDFixers.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: PDFixers.exe String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: PDFixers.exe, 00000000.00000002.3232879125.0000018597F71000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: PDFixers.exe String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB6345000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/W
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3237870070.0000018DB60B7000.00000004.00000020.00020000.00000000.sdmp, UIJDJ7D4.htm.0.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Nunito
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fonts.gstatic.com/
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB630D000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB629E000.00000004.00000020.00020000.00000000.sdmp, css2[1].css.0.dr String found in binary or memory: https://fonts.gstatic.com/l/font?kit=pe1mMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbM
Source: PDFixers.exe, 00000000.00000002.3256398209.0000018DB96F6000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3258910666.0000018DBCF9D000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3234919256.00000185B1E32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Fonthausen/NunitoSans)
Source: PDFixers.exe, 00000000.00000002.3258688073.0000018DBCA00000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3258910666.0000018DBCF6E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Fonthausen/NunitoSans)Thread-000005d0-Id-00000000:SubsetRegularVersion
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB6189000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3237870070.0000018DB6111000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB629E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com.com
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3233584351.00000185B08BA000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB630D000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3237870070.0000018DB6189000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3236900428.0000018DB5BC0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3247799037.0000018DB6A58000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB629E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/)
Source: PDFixers.exe, 00000000.00000002.3235457112.0000018DB2698000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/-
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB6245000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3232879125.000001859802B000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3236900428.0000018DB5BC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...
Source: PDFixers.exe, 00000000.00000002.3232879125.000001859802B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/...p
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/3
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/A
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB6245000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/C:
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/E
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61AB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/H
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/I
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB630D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/QJq
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB6111000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/Z
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protection$
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/l/email-protectionD
Source: PDFixers.exe, 00000000.00000002.3236900428.0000018DB5D41000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3235657054.0000018DB26F8000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB629E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js)
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3240859759.0000018DB629E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js5
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB624E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js=;k
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsLMEM
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB62C5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsy
Source: PDFixers.exe, 00000000.00000002.3232879125.000001859802B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/h
Source: PDFixers.exe, 00000000.00000002.3247799037.0000018DB6A58000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ema
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61AB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/l
Source: PDFixers.exe, 00000000.00000002.3232879125.000001859802B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/p
Source: PDFixers.exe, 00000000.00000002.3240859759.0000018DB630D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.com/~J
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB6111000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pixel.pdfixers.comV
Source: PDFixers.exe, 00000000.00000002.3249888411.0000018DB73E0000.00000004.00000020.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3234919256.00000185B1E32000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFL
Source: PDFixers.exe, 00000000.00000002.3249888411.0000018DB73E0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFLF
Source: PDFixers.exe, 00000000.00000002.3258688073.0000018DBCA00000.00000004.00000800.00020000.00000000.sdmp, PDFixers.exe, 00000000.00000002.3258910666.0000018DBCF6E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFLNunito
Source: PDFixers.exe, 00000000.00000002.3258910666.0000018DBCF9D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://scripts.sil.org/OFLNunitoSans12pt-LightVersion
Source: PDFixers.exe String found in binary or memory: https://www.globalsign.com/repository/0
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown HTTPS traffic detected: 104.21.11.17:443 -> 192.168.2.5:49708 version: TLS 1.2
Detected potential crypto function
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018DB6732E1D 0_2_0000018DB6732E1D
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018DB6738D41 0_2_0000018DB6738D41
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018DB6733D4E 0_2_0000018DB6733D4E
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018DB6733D78 0_2_0000018DB6733D78
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_0000018DB6733013 0_2_0000018DB6733013
PE file does not import any functions
Source: PDFixers.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: PDFixers.exe, 00000000.00000002.3233584351.00000185B0903000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameD3 vs PDFixers.exe
Source: PDFixers.exe, 00000000.00000002.3256776823.0000018DB97F9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamejscript9.dll.muiD vs PDFixers.exe
Searches for the Microsoft Outlook file path
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE Jump to behavior
Source: classification engine Classification label: mal54.winEXE@1/5@1/1
Source: C:\Users\user\Desktop\PDFixers.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\UIJDJ7D4.htm Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Mutant created: NULL
Source: PDFixers.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PDFixers.exe Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\PDFixers.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: PDFixers.exe ReversingLabs: Detection: 62%
Source: PDFixers.exe Virustotal: Detection: 55%
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msimtf.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: jscript9.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Section loaded: t2embed.dll Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PDFixers.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: PDFixers.exe Static PE information: certificate valid
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PDFixers.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: PDFixers.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: PDFixers.exe Static file information: File size 8507584 > 1048576
Source: PDFixers.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x7fea00
Source: PDFixers.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PDFixers.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Binary contains a suspicious time stamp
Source: PDFixers.exe Static PE information: 0x9FA57E8D [Mon Nov 16 06:26:21 2054 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_00007FF848F1065D push ebx; iretd 0_2_00007FF848F1066A
Source: C:\Users\user\Desktop\PDFixers.exe Code function: 0_2_00007FF848F100BD pushad ; iretd 0_2_00007FF848F100C1
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\PDFixers.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18597E20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 185AFF70000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB2690000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6500000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6540000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6560000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6590000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6630000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6670000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB66B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6710000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6750000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6770000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6790000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB67B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB67D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB67F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6810000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6830000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6850000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6870000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6890000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB68D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB68F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6930000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6950000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6970000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB69B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB69D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB69F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6A30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6A70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6A90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6AB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6B30000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6B70000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6B90000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6BB0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6BD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB6BF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB75E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7600000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7620000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7640000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7660000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7680000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB76C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB76E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7700000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7720000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7740000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7760000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB77A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB77C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB77E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7800000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7820000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7840000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7880000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB78A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB78C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB78E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7900000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7920000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7960000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7980000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB79A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB79C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7A00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7A20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7A40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7A60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7AA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7AC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7AE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7B00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7B20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7B40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7B60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7BA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7BC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7BE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7C00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7C20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7C40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7C60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7C80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7CC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7CE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7D00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7D20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7D40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7D60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7D80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7DA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7DE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7E00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7E20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7E40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7E60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7E80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7EA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7EC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7F00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7F20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7F40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7F60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7F80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7FA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7FC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB7FE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8020000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8040000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8060000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8080000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB80A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB80C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB80E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8120000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8140000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8160000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8180000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB81A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB81C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB81E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8200000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8240000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8260000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8280000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB82A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB82C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB82E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8300000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8320000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8360000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8380000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB83A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB83C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB83E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8400000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8420000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8440000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8480000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB84A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB84C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB84E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8500000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8520000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8540000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8560000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB85A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB85C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB85E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8600000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8620000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8640000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8660000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8680000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB86C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB86E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8700000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8720000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8740000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8760000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8780000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB87C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB87E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8800000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8820000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8840000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8860000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8880000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB88A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB88E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8900000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8920000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8940000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8960000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8980000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB89A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB89C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8A00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8A20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8A40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8A60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8A80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8AA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8AC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8AE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8B20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8B40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8B60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8B80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8BA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8BC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8BE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8C00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8C40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8C60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8C80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8CA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8CC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8CE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8D00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8D20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8D60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8D80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8DA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8DC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8DE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8E00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8E20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8E40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8E80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8EA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8EC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8EE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8F00000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8F20000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8F40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8F80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8FA0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8FC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB8FE0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9000000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9020000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9040000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9060000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB90A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB90C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB90E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9100000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9120000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9140000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9160000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9180000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB91C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB91E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9200000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9220000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9240000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9260000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9280000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB92A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB92E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9300000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9320000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9340000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9360000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9380000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB93A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB93C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9400000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9420000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9840000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9860000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9880000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB98A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB98C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9900000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9920000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9940000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9960000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB9980000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB99A0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB99C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: 18DB99E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB624E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: PDFixers.exe, 00000000.00000002.3237870070.0000018DB61BC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW`
Source: C:\Users\user\Desktop\PDFixers.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Users\user\Desktop\PDFixers.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PDFixers.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447146 Sample: PDFixers.exe Startdate: 24/05/2024 Architecture: WINDOWS Score: 54 9 pixel.pdfixers.com 2->9 13 Multi AV Scanner detection for domain / URL 2->13 15 Antivirus detection for URL or domain 2->15 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 6 PDFixers.exe 23 2->6         started        signatures3 process4 dnsIp5 11 pixel.pdfixers.com 104.21.11.17, 443, 49708, 49710 CLOUDFLARENETUS United States 6->11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.11.17
 pixel.pdfixers.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
pixel.pdfixers.com 104.21.11.17 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pixel.pdfixers.com/ false
  • 4%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://pixel.pdfixers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js false
  • 2%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown