Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download

Advanced System Repair Pro 1.9.6.4 Crack With License Key Free Download [Latest] 2021 Advanced System Repair Pro Crack is a powerful. Association ConCerence S 2014. 66. The Journal. Science M Technology. The Professional Body for Specialist,. Technical and Managerial Staff. Autumn 2014. Advanced System Repair Pro License Key Is the name of the new and powerful software for repair and optimizing Windows operating system.

: Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download

RECUVA PRO 2 CRACK + TORRENT VERSION WITH SERIAL KEY 2021 FREE DOWNLOAD [2021]
IOBIT UNINSTALLER 8.5 CRACK - FREE ACTIVATORS
Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download
Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download
Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download
\x00\x00\x00z\x00\x00\x00p\x00\x00\x00n\x00\x00\x00l\x00\x00\x00j\x00\x00\x00`\x00\x00\x00^\x00\x00\x00\\x00\x00\x00Z\x00\x00\x00O\x00\x00\x00N\x00\x00\x00K\x00\x00\x00J\x00\x00\x00@\x00\x00\x00?\x00\x00\x00<\x00\x00\x00;\x00\x00\x001\x00\x00\x000\x00\x00\x00
\x00\x00\x00+\x00\x00\x00$\x00\x00\x00#\x00\x00\x00 \x00\x00\x00\x19\x00\x00\x00\x17\x00\x00\x00\x11\x00\x00\x00\x10\x00\x00\x00?\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x06\x00\x00\x00\x04\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00
Object ID 72 contains compressed stream data: \xae\x0f\xff\xae\x0e\xff\xad\x0e\xff\xad\x0e\xff\x08\xac\xff\xac\xff\x08\xab\xff\xab\xff\x08\xab?\xff\xab?\xff\x08\xab?\xff\x07\xaa?\xff\xaa?\xff\x08\xaa?\xff\x07\xaa?\xff\xaa?\xff\x08\xaa?\xff\x07\xa9?\xff\xa9?\xff\x08\xa9?\xff\x07\xa9?\xff\x06\xa8?\xff\x08\xa8?\xff\x07\xa8?\xff\x06\xa8?
Object ID 74 contains compressed stream data: \x00\x00\x00\x80\x00\x00\x00\x7f\x00\x00\x00~\x00\x00\x00}\x00\x00\x00 \x9e\x1f\xfb\xbf\xfd\x19\x15\xbc\xf8@\x06\x13\xed\xf7v\xfc@\xbb\xf8i\xfb\xa6\xec\x06\xc4\xa2\xc2\xd0\x9a\x9a\x89\x86\x99\x1e\x13\xdd\xb5\x07\x13\xed\x8f{{\x8dy\x1bEJd\xfb\x03\x1f'\xfb\x82\xec\x07\xc4\xa2\xc2\xd0\x9a\x9a\x89\x86\x99\x1e\x13\xdd\xb5\x07\x13\xed\x8f{{\x8dy\x1bEJd\xfb\x03\x1f'.b\xe8\xfc@\xbc\xf8@\xf7\x82\x07\x0e\xb9\xa0v\xf8@\xb4\xf7e\xb4\x85w\x12\xf7\x05\xbc\xf7\x82\xbc\x13\xec\xf8$\x16\xbc\xf8@\xf7\x0e\xb4\xfb\x0e\xec\x06\xc4\xa2\xc2\xd0\x9a\x9a\x89\x86\x99\x1e\x13\xdc\xb5\x07\x13\xec\x8f{{\x8dy\x1bEJd\xfb\x03\x1f'\xfb\x82\xec\x07\xc4\xa2\xc2\xd0\x9a\x9a\x89\x86\x99\x1e\x13\xdc\xb5\x07\x13\xec\x8f{{\x8dy\x1bEJd\xfb\x03\x1f'.b\xe8\xfc@\xbc\xf8@\xf7\x82\x07\x0ew\x9f\xf8i\x99\x96\x96\xf7_\x9f\x06\xfb\x8f\x96\x07w\x9f\xf8t\x9a\x98\x96\xf7Q\x9f\x08\xfb\x90\x97\x1e\xa0G\x95\x99\x98\xff?\xb3\xbc?\xf8\xc4\x14\xf8\xad\x15, Object ID 105 contains compressed stream data: \x01\x00\x04\x02\x00\x01\x01\x01\x1fLIGLHP+FidelitySans-UltraLight\x00\x01\x01\x01\x1e\xf8\x1b\x01\xf8\x1c\x04\xf8\x1d?\x15\xfbH\xfb\xda\xfa\xe8\xfa{\x05\xf7B\x10\xf7D\x11\xb6\xf7\xe7\x12\x00\x03\x01\x01FP]Fidelity Sans is a trademark of Jonas Hecksher, Playtype, e-Types AS.UltraLight/FSType 0 def\x00\x00\x00\x00\x00\x02\x01\x01\x9b\x9e\xf8\x88\xa0v\xf7\xfb\xf7Sj\xf7#&\xf7)1\xe5c\xb3\x12\xa4\xc4\x95\xf7C\x95\xd8\x94\xf7\x04\x13\xc6@\xa4\x16\xf8V\xf9X\xfcV\x06\x13\xc6\xc0\xf75\xfb[\x15\x13\xc7@-\xfb.\x81\x06\x13\xc6\xc0\xf7\xcd\xed\x07\xb8\xbfyOVaoZ\x1f\x13\xa7@\x89\xf7+\x15/\xfb#\xe9\x06\xb2\xb5\xa0\xbf\xc0^\x9ce\x1f\xf7\x84\xfb\xc5\x15\x13\xc6\xc0\x88\x84\x81\x89\x82\x1bl~\x9f\xa6\x1f\xf7-_\x94\x07\x13\xd2\xc0\xb7\x06\x13\xca\xc0\xc6\x94\x07\x13\xd2@P\xc7\x82\x07\x13\xc6@O\xfb-\x06p\x9a\x80\xa2\x92\x95\x8d\x8e\x91\x1e\x0e\xf7\x8e\x0ew\x9f\xf8`\x99\x95\x95\xf7j\x9f\x06\xfb\x8e\x95\x07w\x9f\xf8t\x9a\x98\x96\xf7Q\x9f\x08\xfb\x90\x97\x1e\xa0G\x95\x99\x98\xff?\x9e\xa1?, Object ID 107 contains compressed stream data: \x01\x00\x04\x02\x00\x01\x01\x01\x19LIGLHP+FidelitySans-Bold\x00\x01\x01\x01#\xf8\x1b\x01\xf8\x14\x04\xf8\x1c?\x15\xfb'\xfb\x93\x1c\x04\xd6\xfa\x85\x05\xf76\x0f\xf7p\x10\xf7r\x11\xbe\x1c
\x12\x00\x02\x01\x01FSFidelity Sans is a trademark of Jonas Hecksher
Playtype
e-Types AS./FSType 0 def\x00\x00\x01\x00\x01\x01\x00\x08\x00\x00\x00\x00\x0f\x00\x00\x12\x01\x00\x15\x00\x00\x1f\x00\x00&\x00\x00(\x00\x00*\x00\x00.\x01\x001\x00\x004\x01\x008\x00\x00B\x08\x00L\x05\x00S\x03\x00X\x02\x00m\x00\x00\x00\x00*\x02\x00\x01\x00\x8a\x00\x8d\x00\xbf\x00\xe0\x00\xfa\x01\x17\x01>\x01\x85\x01\xd0\x01\xf4\x02\x1f\x02\x81\x02\x97\x02\xed\x03)\x03n\x03\xd2\x03\xf4\x04H\x04\xbf\x05%\x05m\x05\xcb\x06&\x06k\x075\x07x\x07\xaf\x07\xe8\x08\x0f\x08\x88\x08\xdd%\x8a\xd1+g\xb9???E?\x87?\xf67\xa0v\xf84\xf7\x12\x86\xdf7\xf7?A\xd5c\xb3\x12\xa4\xbf\xc3\xe9\xc7\x9c\xf7\x1a\xb0\x13\xc7\xc0\xa4\x16\xf8V\xf9X\xfcV\x06\xf73\xfbn\x15X\xfb\x02S\xf7\xb4\xf5\x06\xc2\xbcuIN]nR\x1f\xf7l\xfb\x07\x15bv\xa0\xb4\x1f\xf4i\x07\x13\xcb\xc0\xb4\xad\xbe\xbeX\xbcbZ+\x07t\x96\x84\x9c\x92\x93\x8c\x8d\x8f\x1ed\x07\x13\xc7\xc0\x88\x83}\x89}\x1b\x13\xa7\xc0\xfbn\xf7\x8a\x15Z\x06\x13\x93\xc07\xbc\x07\xa3\xa0\x99\xa8\x1f\x13\xa7\xc0\xa7u\x98t\x1e\x0e\xfb\xe2\x0e\xfbY\x80\xf7=\xf8\xbaw\x01\xf3\xf7F\x03\xf7\x17\xf7v\x15\xf7\x10\x06\xa6\xf8v\x05\xfbF\x06\xe4\xfdc\x15\xbd\xb2\xae\xbb\xbac\xb2ZZcd\[\xb3h\xbc\x1f\x0e\xfb\xb1\xf8Q\xf7\x9b\x8bw\x12\xba\xf7\\x13`\xf7\x08\xf9X\x15\x13\xa0F\xfb\x9b\x05\xf7\x05\x06\xe2\xf7\x9b\x05\x0e\xfb\x1f\xf7\x8f\x01\xa8\xf7h\x03\xf7$\xfb\x1f\x15\xec\xf7\x8f\x05\xfb\x1f\x06B\xfb\x8f\x05\x0e\x80\xf7;\x01\xd3\xf7@\x03\xd3\xd2\x15[\xb3i\xbb\xb7\xb3\xad\xbb\xbad\xb1^[ce\\x1e\x0es\xa0v\xf9Xw\x01\xf7\x98\xf7\x1d\x03\xf7\x98\x16\xf7\x1d\xf9X\xfb\x16\x06MKH[=c\xbf!\x18\xc2\xa5\xbe\xaa\xb5\xb8\x08\x0es\x8b\xf7\x07\xf8y\xf7\x10\x01\xf8\xf7"\x03\xac\xf7\x00\x15\xfb\x00\xf8z\xf7\x07\xfb\xc2\x07\xf76\xf73\x05\xda\xd5\xc5\xc6\xf6\x1a\xf7!\xfb\x02\xd0\xfb\x13$AdWL\x1e\xfb'\x07\xd2\xdc\xce\xb6\xdd\x1b\xce\xb1aNYpdCF\x1f\x0es\xa0v\xf7'\xf7\x01\xf7\xd1\xf7\x1b\x8bw\x12\xf7\xe2\xf7\x19\x13\xd8\xf8h\xf7'\x15\xde\xf7\x017\xf8X\xfb<\x06#\xfb?\xfb?\xfbRT\xfb\x1e\x08\xfb\x05\xf7\xcc\xfb'\xf7\x1c\x07\x13\xe8\xfb\x1a\xf8\xd1\x15\xfb\xd1\xfbR\x07\xb7\xf2\xd2\xf7\x10\xd3\xe5\x08\x0es\xb7\xf8\x97\x01\xa6\xf8\x8e\x03\xa6\xf8\xc3\x15\xfb\x02\x07\xf7\xf0\xfb*\xfb\xf0\xfb$\x05\xfb\x03\x07\xf8\x8e\xf7f\x05\xe9\x07\x0e\x98\x8b\xf7\x06\xf7R\xf7\x07\xf7A\xf7\x08\x01\xda\xf7!\x03\xda\x16\xf8q\xf7\x06\xfb\xe4\xf7R\xf7\xc1\xf7\x07\xfb\xc1\xf7A\xf7\xd8\xf7\x08\xfce\x06\x0e\xf7Cy\xf7\x0f\xf7I\xf7\x02\xf7`\xf7\x14\x01\xb9\xf7'\xf7\xfc\xf7\x1f\x03\xf8L\xf8\xec\x15\xcf\xe5tW\xda\x1f\xf7%\x07\xacR.\xa4+\x1b\xfbw\xfb2\xfb,\xfbr\xfbr\xf7+\xfb*\xf7\x7f\xf4\xf1\xa5\xb8\xd6\x1fu\xbd\x05\xf7\xb9\xfb\xb0\xfb\x02\xf7%\xfb/\x07{l_\x81[\x1b\xfb0:\xf6\xf7"\xf7!\xec\xf4\xf7*\x1f\x0e\xfb\xb0\xa0v\xf9Xw\x01\xda\xf7!\x03\xda\x16\xf7!\xf9X\xfb!\x06\x0e\xf7\xf5\xa0v\xf8\x93w\x9f\xf7Y\x8bw\x12\xda\xff\x00\x86\x80\x00\xf8\x8f\xff\x00\x87\x80\x00\x13\xdc\xf7l\xf8\x93\x15\xf7\\xfc\x93\x05\xee\x06\x13\xac\xf7^\xf8\x93\x05\x90\x06\x88\xfc\x93\x05\xf7\x1d\xf9X\xfbU\x06\xfbP\xfc\x97\x05\x86\x06\xfbZ\xf8\x97\x05\xfbU\xfdX\xf7\x1d\x06\x13\xdc\x86\xf8\x93\x05\x0e\xf7A\xa0v\xf9Xw\x01\xda\xf7\x1a\xff\x01I\x80\x00\xff\x00\x87\x80\x00\x03\xda\x16\xf7\x1d\x06\x85\xf8\x80\x05\x8f\x06\xf7\xc7\xfc\x80\x05\xf71\xf9X\xfb\x1f\x06\x92\xfc\x8e\x05\x88\x06\xfb\xcb\xf8\x8e\x05\xfb-\x06\x0e\xb9\xa0v\xf7\xa3\xf7\x07\xf7b\xf7\x08\x01\xda\xf7\x1d\xf7{\xf7(\x03\xf7\xe9\xf7\xa3\x15\xf7 \xf7\x06\xd3\xf7)\xf76\xfb\xc1\xfb\x1b\x1f\xfb\x98\xfdX\xf7\x1d\xf7\xa3\x06\xf7?\xf7\xd5\x15\xc5\xc0lEEXhP\x1f\xfb\xf7b\x06\x0e\x92w\xf7\x05\xf8\x9d\xf7\x06\x01\xc3\xf7$\xf7a\xf7$\x03\xf8\xa7\xf9/\x15\xadRE\xa61\x1b\xfb#\xfb\x07?\xfb\x1b\xfb\x06\xd0N\xf7$f\x1f\xdbu\xc3pK\x1aIXjGI3\xaa\xcf;\x1e\xfb+\x07g\xc8\xdfr\xe1\x1b\xf7\x1c\xf7\x16\xd6\xf7+\xf7\x04C\xc5\xfb%\xb3\x1f3\xa3_\xa1\xc7\x1a\xc5\xb6\xad\xcf\xcf\xdehV\xd0\x1e\x0e\x88\xa0v\xf8\xe4\xf7\x08\x01\xf7p\xf7 \x03\xf7\xfc\xf8\xe4\x15\xf7g\xf7\x08\xfc\xc5\xfb\x08\xf7f\xfc\xe4\xf7 \x06\x0e\xf8B\x8b\xf7F\xfb1v\xf8\xb4\xf78\x8bw\x12\x93\xfax\x13h\xf8\x8c\xf8\xb4\x15\x8e\x06\xf7'\xfc\xb4\x05\xf7'\x06\xf7_\xf9X\x05\xfb$\x06\x13\x98\xfb\x19\xfc\xa6\x05\x88\x06\xfb!\xf8\xa6\x05\xfb-\x06\xfb\x1c\xfc\xa6\x05\x88\x06\xfb\x19\xf8\xa6\x05\xfb*\x06\xf7]\xfdX\x05\xf7'\x06\x0er}\xe6Sv\xf80\xf4\x12\xb2\xf7\x16\xf7V\xf7\x18\x13\xb8\xf7\xff\xf7s\x15.\x07e`j \x9f\x1e\x0e\xfb1\xa0v\xf9Xw\x01\x9b\xf7\xf0\x03\xca\x16\xf7\xc1\xf9X\x05[\x06\xfb\xc0\xfdX\x05\x0e~\xb7\xf9\x19\xb8\x01\xc0\xbf\xf7\xf1\xbf\x03\xf8\x8e\xf7\xf6\x15\xf7A[\xf7V\xfbF\xfbH\\xfbV\xfbA\xfbB\xba\xfbU\xf7H\xf7F\xbb\xf7U\xf7B\x1eW\x16\xfb\x00z\xfbk\xfb1\xfb2z\xf7k\xf7\x00\xf6\x9c\xf7k\xf72\xf71\x9c\xfbk \x1e\x0e\xa0v\xf9Xw\x01\xf7\xae\xbe\x03\xf7\xae\x16\xbe\xf9XZ\x06YUW^Ol\xa0b\x18\xc0\xa7\xb9\xaf\xb3\xba\x08\x0e\x8b\xb8\xf9?\xe6\xfb\x15\xfb\x15-0\xfb\x15\xfb\x12\xe61\xf7\xbd\xc0\xa0\xaa\xa8\x1e\x8c\x8a\xfba\xfb\xe5\x05\xf7\x97\xf8\x8b\x15$=A('E\xd5\xf2\xf2\xd3\xd5\xf1\xf1\xd2@%\x1e\x0e\xfb\x89\x84\xd9Rv\xf8-\xda\x8bw\x12\xf7\x00\xd7\x13h\xf7&\xf8&\x15\x9e\x9e\x9b\xa3\xa1y\x9cwvzzus\x9c{\xa0\x1f\xfc-\x04\x9e\x9e\x9a\xa3\x1f\x13\x98\xa1y\x9cwvzzu\x1e\x13hs\x9c \xcd\xf8\xce\x01\xbd\xdd\xf7\xea\xdd\x03\xbd\xf7\x83\x15\xfb0\xf7\x03)\xf7"\xf7#\xf7\x02\xf0\xf7/\xf71\xfb\x02\xec\xfb#\xfb"\xfb\x03&\xfb/\x1e\xdd\x8d\x15\xf3\xce\xde\xf3\xf3\xce7"#H7##H\xdf\xf5\x1e\x0e\xce\xfbov\xf7v\xcc\xf8\xcd}w\x12\xdf\xdc\xf7\xd8\xdd\x13\xec\xf8}\xf7\x85\x15!J7)J^\x9e\xbaX\x1e\xf7z\x07\xc4\xc1\xb5\xa3\xcb\x1b\xec\xce9"\x1f\xfb\xd7\xfbc\x15i\xc2\xbb}\xc8\x1b\xf7 \xf0\xf4\xf7
\xf7.\x06\xfb\x10\xfbF\xfb\x11\xf7F\x05+\x06\xf7=\xfby\xfbQ\xfb\x8f\x05\xea\x06\xf7$\xf7Z\x05\x0eT\xfbvv\xf9kw\x01\x9e\xf8a\x03\xe8\xfb\x8b\x15\xe3\x99\xbb\xbd\xba\xf7\x11\xf7`\xf8\xae\x184\x06\xfb\x1d\xfc%\xfb&\xf8%\x050\x06\xf7M\xfca\x93x\x8b\x80\x84x\x19\x83vj3jve~\x19\x0e\x90\xa0v\xf80\xcf\xf7\x1e\xf1G\xcf\x85w\x12\xf3\xdc\xf7[\xf00\xdc\x13\xe6\xf8G\xf8\xfe\x15\xa5\xa3\xa0\xa9\x1f\x13\xd6\xa8t\xa1potun\x1e\x13\xe6m\xa2v\xa7\x1e\x13\xd5b\xfc\xfe\x15\xdc\xf8t\xfb\xb6\xd5\x06\xbf\xa1\xb9\xca\x9a\x9a\x88\x85\x9b\x1e\x13\xcd\xd2\x07\x13\xd5\x8fxu\x8d{\x1b2IZ\xfb\x01\x1f92G\xe4\xfc0\xdc\xf80\xf7e\x07\x0e\xf8Q\xf7\x80\xc6\x01\xa9\xfa@\x03\xa9\xf7\x80\x15\xfa@\xc6\xfe@\x06\x0e\xc0\xa0v\xf80\xcf\xf7@\xcf\x85w\x12\xf3\xdc\xf7i\xdc\x13\xec\xf8"\x16\xdc\xf80\xf7?\xcf\xfb?\xd5\x06\xbf\xa1\xb9\xca\x9a\x9a\x88\x85\x9b\x1e\x13\xdc\xd2\x07\x13\xec\x8fxu\x8d{\x1b2IZ\xfb\x01\x1f9\xfbi\xd5\x07\xbf\xa1\xb9\xca\x9a\x9a\x88\x85\x9b\x1e\x13\xdc\xd2\x07\x13\xec\x8fxu\x8d{\x1b2IZ\xfb\x01\x1f92G\xe4\xfc0\xdc\xf80\xf7i\x07\x0ew\x9f\xf8t\x9a\x98\x96\xf7Q\x9f\x06\xfb\x90\x97\x07\x1e\xa0G\x95\x99\x98\xff?\xce\xdd?\xf7\x8e\x14\xf8\xbf\x15 Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download
source
Static Parser
relevance
10/10
  • Creates mutants
    details
    "\Sessions\1\BaseNamedObjects\Local\Acrobat Instance Mutex"
    "\Sessions\1\BaseNamedObjects\DBWinMutex"
    "DBWinMutex"
    "Local\Acrobat Instance Mutex"
    "\Sessions\1\BaseNamedObjects\com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
    "com.adobe.acrobat.rna.RdrCefBrowserLock.DC"
    source
    Created Mutant
    relevance
    3/10
  • PDF file has an embedded URL
    details
    "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Gatak.DR&ThreatID=-2147278948#tab=1" (Based on: "ca6ef35c003206de4a2c320fd972791e1e329df6b85d50e529c40f4b5f6586ed.pdf.bin")
    "https://www.cyber.nj.gov/threat-profiles/trojan-variants/gatak" (Based on: "ca6ef35c003206de4a2c320fd972791e1e329df6b85d50e529c40f4b5f6586ed.pdf.bin")
    "https://pages.fidelityinvestments.com/campaign/workplacecustomerprotection/" (Based on: "ca6ef35c003206de4a2c320fd972791e1e329df6b85d50e529c40f4b5f6586ed.pdf.bin")
    source
    String
    relevance
    3/10
  • Process launched with changed Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download Opera Web Browser for Windows 10
    details
    Process "RdrCEF.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\;%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\test_tools""
    Process "RdrCEF.exe" (Show Process) was launched with missing environment variables: "MEOW" Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download
    source
    Monitored Target
    relevance
    10/10
  • Scanning for window names
    details
    "AcroRd32.exe" searching for window "_AcroAppTimer"
    "AcroRd32.exe" searching for class "AdobeAcrobatSpeedLaunchCmdWnd"
    "AcroRd32.exe" searching for class "AdobeReaderSpeedLaunchCmdWnd"
    "AcroRd32.exe" searching for class "Acrobat Instance Window Class"
    "AcroRd32.exe" searching for class "JFWUI2" Apeaksoft Android Data Recovery Registration key
    source
    API Call
    relevance
    10/10
  • Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download Spawns new processes
    details
    Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download Spawned process "RdrCEF.exe" with commandline "--backgroundcolor=16448250" (Show Process)
    Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=673CFD083F760DF7E068DE83BBECCBE9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.Show Process)
    Spawned process "RdrCEF.exe" with commandline "--type=renderer --primordial-pipe-token=60A14213098D46283BED74162D67DF64 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071.Show Process)
    source
    Monitored Target
    relevance
    3/10
  • Installation/Persistance
    • Dropped files
      details
      "A9Rsvmky1_zgdkzb_32g.tmp" has type "data"
      "A9R1k8jikc_zgdkze_32g.tmp" has type "data"
      "A9R6ysnn3_zgdkzf_32g.tmp" has type "Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)"
      "A9R1ykr9py_zgdkzc_32g.tmp" has type "data"
      "A9R1heltmq_zgdkzd_32g.tmp" has type "data"
      "Visited Links" has type "data"
      "0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl" has type "data"
      "CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl" has type "data"
      "urlref_httpswww.microsoft.comsecurityportalthreatencyclopediaentry.aspxName_TrojanWin32Gatak.DR_ThreatID_-2147278948#tab_1" has type "HTML document UTF-8 Unicode (with BOM) text with very long lines with CRLF line terminators"
      "urlref_httpswww.cyber.nj.govthreat-profilestrojan-variantsgatak" has type "HTML document UTF-8 Unicode text with very long lines with CRLF LF line terminators"
      "urlref_httpspages.fidelityinvestments.comcampaignworkplacecustomerprotection" has type "HTML document ASCII text with very long lines with CRLF LF line terminators"
      source
      Extracted File
      relevance
      3/10
    • Touches files in the Windows directory
      details
      free test maker - Activators Patch "RdrCEF.exe" touched file "%WINDIR%\SysWOW64\oleaccrc.dll"
      "RdrCEF.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
      "RdrCEF.exe" touched file "%WINDIR%\SysWOW64\KBDUS.DLL"
      "RdrCEF.exe" touched file "%WINDIR%\System32\drivers\etc\hosts"
      "RdrCEF.exe" touched file "%WINDIR%\System32\spool\drivers\color\sRGB Color Space Profile.icm"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\arial.ttf"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALN.TTF"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ariali.ttf"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNI.TTF"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbd.ttf"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNB.TTF"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\arialbi.ttf"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ARIALNBI.TTF"
      "RdrCEF.exe" touched file "%WINDIR%\Fonts\ariblk.ttf"
      source
      API Call
      relevance
      7/10
  • Network Related
    • Found potential URL in binary/memory
      details
      Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download Pattern match: "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Gatak.DR&ThreatID=-2147278948#tab=1"
      Pattern match: "https://www.cyber.nj.gov/threat-profiles/trojan-variants/gatak"
      Pattern match: "https://pages.fidelityinvestments.com/campaign/workplacecustomerprotection/"
      Pattern match: "http://www.color.org"
      Pattern match: "http://www.w3.org/1999/02/22-rdf-syntax-ns#"
      Pattern match: "http://schemas.microsoft.com/CMSvNext"
      Pattern match: "https://+window.location.hostname+/en-us/silentauth;n.style=display"
      Pattern match: "https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=6db6281e-906e-7476-9f13-46bbbe9de347_c5b6c48d-bb3c-06df-bcee-b82aeeddbda1_2b326cdb-063a-b229-e01a-c68419b182fb_a0e8a600-b2fc-705e-c3d1-c7dd4c37cd5f_d061eac9-aa90-3c62-8cb7-6da8d4425f5e"
      Pattern match: "https://cloudblogs.microsoft.com/microsoftsecure/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/"
      Pattern match: "https://www.microsoft.com/en-us/windows/windows-defender?ocid=cx-wdsi-ency"
      Pattern match: "http://schemas.microsoft.com/office/infopath/2003"
      Pattern match: "http://windows.microsoft.com/en-us/windows/using-defender#1TC=windows-10"
      Pattern match: "https://www.microsoft.com/en-us/wdsi/help/malware-infection-sources"
      Pattern match: "https://support.microsoft.com/en-us/help/14210/security-essentials-download"
      Pattern match: "http://www.microsoft.com/security/scanner/"
      Pattern match: "https://www.microsoft.com/en-us/wdsi/help/folder-variables#temp"
      Pattern match: "hostthenpost.org/uploads/<image"
      Pattern match: "www.imagesup.net/?di=<image"
      Pattern match: "bpp.bppharma.com/calibre/view?present=0987667"
      Pattern match: "deid.sharpfans.org/calibre/view?present=0987667"
      Pattern match: "img.philippe-benoit.com/calibre/view?present=0987667"
      Pattern match: "minitravel.strangled.net/tutor/inst?promo=459087"
      Pattern match: "mone.neenakahlon.com/calibre/view?present=0987667"
      Pattern match: "valter.crabdance.com/tutor/inst?promo=459087"
      Pattern match: "https://www.microsoft.com/en-us/wdsi/help/prevent-malware-infection"
      Pattern match: "https://www.microsoft.com/en-us/wdsi/definitions"
      Pattern match: "https://microsoft.qualtrics.com/jfe/form/SV_3l8JrZqjsnFgjeR?url=/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Gatak.DR&ThreatID=-2147278948"
      Pattern match: "assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.17.1/scripts/mwf-auto-init-main.var.min.js"
      Pattern match: "https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,600,700,800"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/7/33662_02_LZ_P2P_0929_Hero.png"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/4/cust-protect2016-hero.png"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/4/Greenline-cust-prot.png"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/4/cust-prot-2016-sprite.png"
      Pattern match: "https://nexus.ensighten.com/fidelity/nbb2bprod/Bootstrap.js"
      Pattern match: "https://nexus.ensighten.com/fidelity/nbb2bstage/Bootstrap.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/7/button_view"
      Pattern match: "https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/ScrollToPlugin.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/TweenMax.min.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/jquery.gsap.min.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/modernizr.custom.66901.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/jquery.preload.min.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/2/skrollr.min.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/4/cust_protect_2016_scripts2.js"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/7/P2P_Prepared2Protect.png"
      Pattern match: "http://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/3/CSPlogo_header.png"
      Pattern match: "https://image.fidelityinvestments.com/lib/fe901570706c0c7b76/m/7/P2P_Greenline.png"
      Pattern match: "https://pages.fidelityinvestments.com/Script/HttpRequest.js"
      Pattern match: "https://pages.fidelityinvestments.com/Script/pageTracking.js"
      Pattern match: "https://pages.fidelityinvestments.com/"
      Pattern match: "http://opengraphprotocol.org/schema/"
      Pattern match: "https://www.cyber.nj.gov/threat-profiles/trojan-variants/gatak/"
      Pattern match: "http://static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/58402c15e4fcb526209017b7/1480600608723/?format=1000w/"
      Pattern match: "http://static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/58402c15e4fcb526209017b7/1480600608723/?format=1000w"
      Pattern match: "static.squarespace.com/universal/scripts-compressed/common-d1e5df8aa1d8c4dd46b8-min.en-US.js"
      Pattern match: "https://www.cyber.nj.gov,name:NJCCIC,description"
      Pattern match: "static1.squarespace.com/static/sitecss/555b2d4ee4b011aa38092227/797/52a74dafe4b073a80cd253c5/555b2d4ee4b011aa38092230/1007-05142015/1517253361851/site.css?&filterFeatures=false&noMedia=true&part=1/"
      Pattern match: "static1.squarespace.com/static/sitecss/555b2d4ee4b011aa38092227/797/52a74dafe4b073a80cd253c5/555b2d4ee4b011aa38092230/1007-05142015/1517253361851/site.css?&filterFeatures=false/"
      Pattern match: "www.google-analytics.com/analytics.js','ga"
      Pattern match: "maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css"
      Pattern match: "https://code.jquery.com/jquery-2.1.3.min.js"
      Pattern match: "ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"
      Pattern match: "siteimproveanalytics.com/js/siteanalyze_6100888.js"
      Pattern match: "https://code.jquery.com/jquery-latest.min.js"
      Pattern match: "http://wwww.cyber.nj.gov/publications"
      Pattern match: "www.addthis.com/dashboard"
      Pattern match: "https://www.google-analytics.com/analytics.js','ga"
      Pattern match: "https://www.njhomelandsecurity.gov/careers-internships"
      Pattern match: "http://www.cyber.nj.gov/publications"
      Pattern match: "http://dmd.metaservices.microsoft.com/dms/metadata.svc"
      Pattern match: "https://www.cyber.nj.gov/cyber-alerts"
      Pattern match: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
      Pattern match: "https://www.cyber.nj.gov/cyber-at-a-glance"
      Pattern match: "http://www.cyber.nj.gov/cyber-blog"
      Pattern match: "https://www.cyber.nj.gov/social-engineering-awareness"
      Pattern match: "http://www.cyber.nj.gov/threat-analysis"
      Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d2d6a320a5e6c1f5 HTTP/1.1Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 20 Apr 2017 16:02:20 GMTIf-None-Match: 04e707defb9d21:0User-Agent: Microsoft-CryptoAPI/6.1Hos"
      Heuristic match: "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?cb4f3a6e3a5b402f HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ctldl.windowsupdate.com"
      Pattern match: "http://www.cyber.nj.gov/weekly-bulletin"
      Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: s2.symcb.com"
      Pattern match: "http://www.symauth.com/cps0"
      Pattern match: "http://www.symauth.com/rpa0"
      Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBuN56dlW1Lzehhu%2FtdSD3U%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: sv.symcd.com"
      Pattern match: "http://www.symauth.com/cps0*"
      Heuristic match: "GET /CRL/Omniroot2025.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: cdp1.public-trust.com"
      Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAt%2BEJA8OEkP%2Bi9nmoehp7k%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
      Heuristic match: "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSLIycRsoI3J6zPns4K1aQgAqaqHgQUZ50PIAkMzIo65YJGcmL88cyQ5UACEAG2Yem3HYLmNssdMr3TCFk%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.digicert.com"
      Pattern match: "http://www.njsp.org/divorg/invest/pdf/computer-crime-statutes.pdf"
      Pattern match: "https://www.cyber.nj.gov/cybersecurity-training/"
      Pattern match: "http://www.cyber.nj.gov/webinars"
      Pattern match: "https://homelandsecurity.nj.gov/report.html"
      Pattern match: "static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/59133089bf629a79f7d610ad/1517342766353/?format=1500w"
      Pattern match: "http://www.theregister.co.uk/2016/11/22/healthcare_trojan/"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/58402c15e4fcb526209017b7/1480600608723/"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/577f97fac534a505061a89e0/58402b8ebe6594419e3736fa/1489428234315/"
      Pattern match: "http://www.cyber.nj.gov/threat-profiles/trojans/"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/5a660137ec212df9325b4ece/5a660137085229f6b1eebf06/1516634469183/smoke+loader.jpg"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/5a65fc190d9297cda9c99d28/5a65fc19652dea9bcc9b0bd8/1516633147540/killdisk+component+display.png"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/5a56494324a69418868c81d3/5a5649430d92973e887605cf/1515604319627/Screen+Shot+2018-01-10+at+12.11.05+PM.png"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/5a38243124a6949ae3265bfe/5a382431ec212d303256706d/1513628768718/cutlet+maker.jpg"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/5a381d6024a6949ae324e29d/5a381d61ec212d303254efa5/1513626999619/prilex.jpg"
      Pattern match: "http://www.facebook.com/njccic"
      Pattern match: "https://twitter.com/NJCybersecurity"
      Pattern match: "https://www.linkedin.com/company-beta/11138668/"
      Pattern match: "http://instagram.com/njcybersecurity"
      Pattern match: "http://www.nj.gov/nj/privacy.html"
      Pattern match: "http://www.nj.gov/nj/legal.html"
      Pattern match: "http://nj.gov"
      Pattern match: "https://static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/56fc3df4b6aa60091f51b1c3/1459371533856/"
      Pattern match: "https://static1.squarespace.com/static/ta/52a74d9ae4b0253945d2aee9/1007/scripts/site-bundle.js"
      Pattern match: "http://www.w3.org/2000/svg"
      Heuristic match: "!u.sJ"
      source
      String
      relevance
      10/10
  • Spyware/Information Retrieval
    • Found a reference to a known community page
      details
      "<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:article="http://ogp.me/ns/article" lang="en-US" itemscope itemtype="http://schema.org/Article" class="touch-styles">" (Indicator: "facebook.com")
      "<meta name="twitter:title" content="Gatak"/>" (Indicator: "twitter")
      "<meta name="twitter:image" content="http://static1.squarespace.com/static/555b2d4ee4b011aa38092227/t/58402c15e4fcb526209017b7/1480600608723/?format=1000w"/>" (Indicator: "twitter")
      "<meta name="twitter:url" content="https://www.cyber.nj.gov/threat-profiles/trojan-variants/gatak"/>" (Indicator: "twitter")
      "<meta name="twitter:card" content="summary"/>" (Indicator: "twitter")
      "<meta name="twitter:description" content="Gatak Trojan was first observed in 2012 and has since affected thousands of organizations. It is programmed to spread rapidly once it has infected an organization. The Trojan infects victims by convincing them to visit sites claiming to be pirated enterprise software products."/>" (Indicator: "twitter")
      "<a href="http://www.facebook.com/njccic" target="_blank" class="sqs-svg-icon--wrapper facebook">" (Indicator: avg secure vpn serial key android Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download href="https://twitter.com/NJCybersecurity" target="_blank" class="sqs-svg-icon--wrapper twitter">" (Indicator: "twitter")
      "<use class="sqs-use--icon" xlink:href="#twitter-icon"></use>" (Indicator: "twitter")
      "<use class="sqs-use--mask" xlink:href="#twitter-mask"></use>" (Indicator: "twitter")
      "</a><a href="https://www.linkedin.com/company-beta/11138668/" target="_blank" class="sqs-svg-icon--wrapper linkedin">" (Indicator: "linkedin.com")
      source
      String
      relevance
      7/10
  • File Details

    All Details:

    GatakWhitePaper_FINAL_11.2.17.pdf

    Screenshots

    Loading content, please wait.

    Hybrid Analysis

    Tip: Click an analysed process below to view more details.

    Analysed 4 processes in total (System Resource Monitor).

    • AcroRd32.exe Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download "C:\ca6ef35c003206de4a2c320fd972791e1e329df6b85d50e529c40f4b5f6586ed.pdf" (PID: 3976)
      • RdrCEF.exe Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download --backgroundcolor=16448250 (PID: 1500) Hash Seen Before
        • RdrCEF.exe Advanced System Repair Pro 1.9.6.4 Crack With Serial Key Download --type=renderer --primordial-pipe-token=673CFD083F760DF7E068DE83BBECCBE9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071. (PID: 3176) Hash Seen Before
        • RdrCEF.exe --type=renderer --primordial-pipe-token=60A14213098D46283BED74162D67DF64 --lang=en-US --disable-pack-loading --lang=en-US --log-file="%PROGRAMFILES%\(x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/18.9.20044 Chrome/59.0.3071. (PID: 2944) Hash Seen Before
    Logged Script Calls Logged Stdout Extracted Streams Memory Dumps
    Reduced Monitoring Network Activityy Network Error Multiscan Match

    Network Analysis

    DNS Requests

    No relevant DNS requests were made.

    HTTP Traffic

    No relevant HTTP requests were made.