Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Reader_Install_Setup.exe

Overview

General Information

Sample name:Reader_Install_Setup.exe
Analysis ID:1391064
MD5:f543b65c504c5d548e6005f2cba5ddb6
SHA1:b5484f2abd286c49360077ae18fa1f0fcdc77900
SHA256:9fd5d542f797d9dc630738d7c1b803d34bc0bab593c8d992f9a159ac0a28b276
Infos:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Found evaded block containing many API calls
Found potential string decryption / allocating functions
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • Reader_Install_Setup.exe (PID: 7420 cmdline: C:\Users\user\Desktop\Reader_Install_Setup.exe MD5: F543B65C504C5D548E6005F2CBA5DDB6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Reader_Install_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Reader_Install_Setup.exeStatic PE information: certificate valid
Source: Reader_Install_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003393E0 GetFileAttributesW,PathFileExistsW,PathIsDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_003393E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00344620 PathIsDirectoryW,GetFileAttributesW,GetLastError,FindFirstFileW,FindNextFileW,GetLastError,FindClose,DeleteFileW,DeleteFileW,RemoveDirectoryW,RemoveDirectoryW,FindClose,GetLastError,0_2_00344620
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E59000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1675262282.0000000007E4C000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017704
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000017704R
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000017706(v(
Source: Reader_Install_Setup.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1670096819.0000000007E09000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/)
Source: Reader_Install_Setup.exeString found in binary or memory: https://github.com/Fin
Source: Reader_Install_Setup.exe, 00000000.00000003.1663642057.0000000004141000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905428102.0000000007FBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Financial-Times/polyfill-service/issues/317
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drString found in binary or memory: https://mths.be/array-from
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drString found in binary or memory: https://mths.be/array-of
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/V
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903903113.0000000007F0D000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://p.typekit.net/p.gif
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/p.gif?s=1&k=bxf0ivf&ht=tk&h=C%3A%5CUsers%5Cuser%5CDesktop%5CReader_Install_Se
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2902258068.0000000005040000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rdc.adobe.io/adm/actionList
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.drString found in binary or memory: https://rdc.adobe.io/adm/actionList?installerName=readerdc64_en_ha_install.exe&defaultInstallerName=
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/analytics/events
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E4B000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.drString found in binary or memory: https://rdc.adobe.io/analytics/events?UniqueId=46AAA59F-2AE3-4072-9622-61163E17181B&abbr=rdr&admErro
Source: Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rdc.adobe.io/analytics/eventsanalyticstestWorkflowApplication
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/w
Source: Reader_Install_Setup.exeString found in binary or memory: https://reactjs.org/docs/err
Source: Reader_Install_Setup.exe, 00000000.00000003.1676080029.0000000007D21000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2911197588.0000000009C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: Reader_Install_Setup.exe, 00000000.00000003.1663276754.00000000092DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=arguments.length
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfills
Source: Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfillsThis
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfillsn.unstable_shouldYieldn.unstable_forceFrameRate
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/T
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2899455039.0000000003568000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2900577435.00000000036A3000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001418000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, 160[1].0.drString found in binary or memory: https://use.typekit.net/bxf0ivf.js
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.js#
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsEvent1256
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsL
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000144F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.js_Install_Setup.exe/160C959/
Source: Reader_Install_Setup.exe, 00000000.00000002.2911694624.0000000009D00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsinitErrorMultipleInstanceRunningI
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsn
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsn.type
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003251200_2_00325120
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E41700_2_002E4170
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FD2400_2_002FD240
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E12E00_2_002E12E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003213D00_2_003213D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003124100_2_00312410
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FC7B00_2_002FC7B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003207D00_2_003207D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F99100_2_002F9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031F9700_2_0031F970
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003229500_2_00322950
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DEE500_2_002DEE50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00323F000_2_00323F00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00306F900_2_00306F90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002ED0000_2_002ED000
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DB0400_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003140900_2_00314090
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003100C00_2_003100C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D10D00_2_002D10D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004B51500_2_004B5150
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004B31730_2_004B3173
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004AB11B0_2_004AB11B
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EE1E00_2_002EE1E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031E1C00_2_0031E1C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003022000_2_00302200
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004BD22A0_2_004BD22A
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003372E00_2_003372E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032C3000_2_0032C300
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031B3600_2_0031B360
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030F3E00_2_0030F3E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EF4300_2_002EF430
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F25000_2_002F2500
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F45700_2_002F4570
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032B5B00_2_0032B5B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003446200_2_00344620
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004C16610_2_004C1661
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032E6000_2_0032E600
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FF7200_2_002FF720
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031C7100_2_0031C710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D97100_2_002D9710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003437400_2_00343740
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004D07E00_2_004D07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032D7F00_2_0032D7F0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F07E00_2_002F07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003387E00_2_003387E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D87D00_2_002D87D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003518400_2_00351840
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F38500_2_002F3850
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004A58E00_2_004A58E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003069A00_2_003069A0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030E9900_2_0030E990
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003419800_2_00341980
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003529E00_2_003529E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0033CA300_2_0033CA30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030CA000_2_0030CA00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00325A600_2_00325A60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030BA400_2_0030BA40
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003ABABB0_2_003ABABB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00312AA00_2_00312AA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00335AF00_2_00335AF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00327BA00_2_00327BA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F1C200_2_002F1C20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032BCA00_2_0032BCA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EFC800_2_002EFC80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00314CF00_2_00314CF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0034CCE00_2_0034CCE0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032AD300_2_0032AD30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00302D100_2_00302D10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00328D600_2_00328D60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00338D900_2_00338D90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004AAD8D0_2_004AAD8D
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031EDD00_2_0031EDD0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032CE700_2_0032CE70
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004CCE0F0_2_004CCE0F
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00326E800_2_00326E80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00305ED00_2_00305ED0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00315F200_2_00315F20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00329F100_2_00329F10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DCF500_2_002DCF50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DDF900_2_002DDF90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0049FB1E appears 56 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DBB40 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DBE30 appears 128 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0033D100 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0049FC00 appears 44 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DC370 appears 97 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DC400 appears 87 times
Source: Reader_Install_Setup.exeStatic PE information: Resource name: PNG type: DOS executable (COM, 0x8C-variant)
Source: Reader_Install_Setup.exe, 00000000.00000000.1642519353.000000000070F000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exe, 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exeBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oleaccrc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: pgpmapih.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: windowscodecs.dllJump to behavior
Source: Reader_Install_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean7.winEXE@1/13@0/0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E9910 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,OpenProcess,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_002E9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DB040 GetDiskFreeSpaceExW,GetDiskFreeSpaceExW,GetLogicalDrives,0_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E03E0 FindResourceW,LoadResource,LockResource,SizeofResource,0_2_002E03E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile created: C:\Users\user\AppData\Local\Adobe\FC8E3F82-914E-4939-8222-C31F7BB4E7DEJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Adobe_ADM.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Adobe_GDE.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Adobe_ADMLogsJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Reader_Install_Setup.exeString found in binary or memory: che Fertig stellen und starten Sie den Installationsvorgang neu." }, "invalidSKU": { "message": "Das {0}-Installationsprogramm ist veraltet oder eine Datei wurde umbenannt. Klicken Sie auf Fertig stellen, um das aktuelle Installa
Source: Reader_Install_Setup.exeString found in binary or memory: 84ydtiU3il6ry9nY {\r\n -webkit-animation: none;\r\n animation: none;\r\n }\r\n}\r\n\r\n.W6C_Cm_0CSNW7ljg2Y9l {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n}\r\n\r\n.xyiYCq7vZX3AEsLK_h4t {\r
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/waitForCompletion
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/launchProcessGuid
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/arguments/argument
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/launchPath
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/returnCode
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/errorCode
Source: Reader_Install_Setup.exeString found in binary or memory: rrorUpdateMessage": { "message": " -installer " }, "ActionList_AlreadyExists": { "message": "" }, "ActionList_Complete": {
Source: Reader_Install_Setup.exeString found in binary or memory: -pack: start;\r\n justify-content: flex-start;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz .WNvdx4uqUWtr9A7ET3s8 {\r\n posit
Source: Reader_Install_Setup.exeString found in binary or memory: /install/arguments/argument
Source: Reader_Install_Setup.exeString found in binary or memory: /install/progressWaitLimit
Source: Reader_Install_Setup.exeString found in binary or memory: /install/returnCodes/returnCode
Source: Reader_Install_Setup.exeString found in binary or memory: /install/progressWaitTime
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n .yZVqwct25RQtg_rJyphu {\r\n -ms-flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .yZVqwct25RQtg_rJyphu .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex
Source: Reader_Install_Setup.exeString found in binary or memory: 5GF_bATvy {\r\n z-index: 1;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-wrap: wrap;\r\n flex-wrap: wrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw .c1Sk
Source: Reader_Install_Setup.exeString found in binary or memory: rt;\r\n align-items: flex-start;\r\n -ms-flex-pack: center;\r\n justify-content: center;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI26_236LLhD2moOSicV,\r\n.KreO5lkqzKRYE6kMOpU8 > .znKiFK8BtK3Ryz9nqB1f {\r\n width: 100%;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI2
Source: Reader_Install_Setup.exeString found in binary or memory: flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .HR7PgL6swGh5IOFzTcX2 .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .HR7PgL6swGh
Source: Reader_Install_Setup.exeString found in binary or memory: Adobe Acrobat" }, "Congratulations": { "message": "Onnittelut" }, "ActionList_Verify": { "message": "Tarkistetaan asennusta..." }, "ActionList_ErrorUpdateMessage": { "message": "Komentoriviargumentti -installer vaaditaan, mutt
Source: Reader_Install_Setup.exeString found in binary or memory: "Congratulations": { "message": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided."
Source: Reader_Install_Setup.exeString found in binary or memory: ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.q2Zc28XrMrY0gB3RKQXQ > .P9ttp5CfYv4K8NwPCfAS,\r\n.q2Zc28XrMrY0gB3RKQXQ > .m8oOHyBtRiyoCu3QS5_q, .q2Zc28XrMrY0gB3RKQXQ > .uTTRfMaOKj_KeT7DYxKx, .q2Zc28XrMrY0gB3RKQXQ > .iJvWw3vT2QR1DLdPDvu3, .q
Source: Reader_Install_Setup.exeString found in binary or memory: r\n\r\n.sSYTlm_fbXuMQ2nOLx0w {\r\n -ms-flex-negative: 1 !important;\r\n flex-shrink: 1 !important;\r\n}\r\n\r\n.DASZHkth1o5IOMZyhTDx {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n}\r\n\r\n.LAWb7Cbf0N5DYoYZseWF {\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: flex-shrink-0":"on8QKWtR02qa9o9le_l4","flex-shrink-1":"sSYTlm_fbXuMQ2nOLx0w","justify-content-start":"DASZHkth1o5IOMZyhTDx","justify-content-end":"LAWb7Cbf0N5DYoYZseWF","justify-content-center":"FXBomI8D0oPm5hc8wxwA","justify-content-between":"wcoUwDW3XLAvF5XE
Source: Reader_Install_Setup.exeString found in binary or memory: f_0","justify-content-around":"YZxKsrbvidFu366yCv8k","align-items-start":"kzhaT0Oba_fChd17ICcv","align-items-end":"DfrSF9G_NhJxaBrTyI9E","align-items-center":"T2gjS8V2_aCimczn_mvA","align-items-baseline":"wvV162mt8CM64dJRJC_K","align-items-stretch":"uwleunsKzY
Source: Reader_Install_Setup.exeString found in binary or memory: essage": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided." }, "ActionList_AlreadyExist
Source: Reader_Install_Setup.exeString found in binary or memory: oW2nYlOE4","align-content-start":"Ux_l3vTkayi2Nq7VsaVG","align-content-end":"NeoGktt2uqAOkIls2tkD","align-content-center":"kFFYrbLbLECA7hshfgB4","align-content-between":"_ovIEpiGXhGpst7ciRVY","align-content-around":"lkHcf3zkijisAIDcTRgA","align-content-stretch
Source: Reader_Install_Setup.exeString found in binary or memory: ign-items: flex-start !important;\r\n}\r\n\r\n.DfrSF9G_NhJxaBrTyI9E {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n}\r\n\r\n.T2gjS8V2_aCimczn_mvA {\r\n -ms-flex-align: center !important;\r\n align-items: center !important;\r
Source: Reader_Install_Setup.exeString found in binary or memory: \n justify-content: flex-start;\r\n align-items: flex-end;\r\n}\r\n\r\n.IDKVSl_h7I8AUkTJyJZR{\r\n color:#505050;\r\n margin-left: auto;\r\n}\r\n\r\n.mdye5L_d5nxHhgXOJzOl {\r\n background-color: #2680eb\r\n}\r\n\r\n.uA6xPsp_APEYTCYzQpAm {\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: :"NEedZEkDvapuuRM76fDm","align-self-auto":"HZJOrTsRFta7TuRD5mLC","align-self-start":"OcYm86Cu28Oe4t9OrHGy","align-self-end":"Wie7fqOQFV_ARe1Jw09R","align-self-center":"M8kCN1fgOGwZVFJ3wLAX","align-self-baseline":"JItXRBa5bZTWWkWA6xmX","align-self-stretch":"B36
Source: Reader_Install_Setup.exeString found in binary or memory: VG {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n}\r\n\r\n.NeoGktt2uqAOkIls2tkD {\r\n -ms-flex-line-pack: end !important;\r\n align-content: flex-end !important;\r\n}\r\n\r\n.kFFYrbLbLECA7hshfgB4 {\r\n -ms-flex-l
Source: Reader_Install_Setup.exeString found in binary or memory: -content-sm-start":"B5btvvlXn96uf7yGf1tR","justify-content-sm-end":"PoT2qU4sMKBleURcc2cJ","justify-content-sm-center":"AVIeQzlddzrtDxIBXkKd","justify-content-sm-between":"ivJwQA579UzEbjI7CkZ_","justify-content-sm-around":"z68IWjEqXuP67bRb8eEp","align-items-sm-
Source: Reader_Install_Setup.exeString found in binary or memory: tart":"fJTv_QJTsr6EO2H1q4V3","align-items-sm-end":"w8v8i3VE57doJW3WhKMD","align-items-sm-center":"xPBnP81DTQHre7ixEe_q","align-items-sm-baseline":"Fv8YCtye3D9Er3k3sYNM","align-items-sm-stretch":"V6bazQgwJb2yoGr1NWeW","align-content-sm-start":"WLLVW2mH0bVmfnnPL
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n align-self: auto !important;\r\n}\r\n\r\n.OcYm86Cu28Oe4t9OrHGy {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n}\r\n\r\n.Wie7fqOQFV_ARe1Jw09R {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !
Source: Reader_Install_Setup.exeString found in binary or memory: m-auto":"IzdFJiZ2UCQMY9aGg_QA","align-self-sm-start":"iiYDHEA6tQXlGqaKw7jz","align-self-sm-end":"uq0dyk4fScobfEBVnATd","align-self-sm-center":"UpE4hJfsUm5TuZtTZvsv","align-self-sm-baseline":"e4_Oxc7RitQH_sjNSulu","align-self-sm-stretch":"k3cpKukN1yqN0o_bwWbO",
Source: Reader_Install_Setup.exeString found in binary or memory: reverse":"vy8MgiufjANaWTk_ZwWQ","flex-md-fill":"Oew_loBO0_dkmOrnii5w","flex-md-grow-0":"suF3M9_Dg1jwPDHryUtV","flex-md-grow-1":"NgldPqvt9DiqtAbphcRj","flex-md-shrink-0":"InhTYOgC9dF8dQSb1MLY","flex-md-shrink-1":"OqqmkSrciAjIMRn4zhht","justify-content-md-start"
Source: Reader_Install_Setup.exeString found in binary or memory: "hkIpV6klVOwAo752VSvr","justify-content-md-end":"eLk5KmeziN3FG_ZvWUbk","justify-content-md-center":"wx9l9CrohZahb5XLMrGW","justify-content-md-between":"ysWVT3V793_xoLXozo0y","justify-content-md-around":"cCZYopTiajqBE6zSF4mb","align-items-md-start":"THpMIn_rv9g
Source: Reader_Install_Setup.exeString found in binary or memory: J1zTlRSw","align-items-md-end":"GDHTGrjlGD0S0f1_DiJ5","align-items-md-center":"wtOokl2f_oejiBt8WE_w","align-items-md-baseline":"RZpDrGEVofFZ2OwqC2qL","align-items-md-stretch":"wekS_MR1HkGU6Ej1xqxk","align-content-md-start":"LkRjjQuLuuq2HISiPqJR","align-content
Source: Reader_Install_Setup.exeString found in binary or memory: -flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n -ms-flex-pack: justify;\r\n justify-content: space-between;\r\n padding: 1rem 1rem;\r\n border-bottom: 1px solid #dee2e6;\r\n border-top-left-radius: calc(0.3rem -
Source: Reader_Install_Setup.exeString found in binary or memory: z26TjBddI4","align-self-md-start":"xTvlYZBtMd3hxVUw0G1S","align-self-md-end":"fZE3fFOWzrNpoqLg33AU","align-self-md-center":"R1In6pl7PW91BoY3krKQ","align-self-md-baseline":"J1mijNk_O5u2_BNY_hz0","align-self-md-stretch":"NAXMdJmeSI56lhqzCE60","flex-lg-row":"mj9d
Source: Reader_Install_Setup.exeString found in binary or memory: vvlXn96uf7yGf1tR {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .PoT2qU4sMKBleURcc2cJ {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .AVIeQzlddzrtDxIBXkKd {
Source: Reader_Install_Setup.exeString found in binary or memory: w99NEZmcvYy","flex-lg-fill":"HKtXJhwNMeSoCd3MgKGQ","flex-lg-grow-0":"dvvTGp7Qb5VsoLexKoAj","flex-lg-grow-1":"MF9RSy7GVU0ZJs8Gio4O","flex-lg-shrink-0":"lPtuBlsAx25tEyrdPW0j","flex-lg-shrink-1":"smDQGRg_vRvZ1zTRxO2O","justify-content-lg-start":"hz1rXkTClh20Fh5LF
Source: Reader_Install_Setup.exeString found in binary or memory: ex-pack: distribute !important;\r\n justify-content: space-around !important;\r\n }\r\n .fJTv_QJTsr6EO2H1q4V3 {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .w8v8i3VE57doJW3WhKMD {\r\n -ms-flex-align:
Source: Reader_Install_Setup.exeString found in binary or memory: 5h","justify-content-lg-end":"mXqDCUtaC_JMHMad0ZwV","justify-content-lg-center":"qOrqtkCp3ivHw7SVfILq","justify-content-lg-between":"LdfUwIH0FNecJPWWPrg1","justify-content-lg-around":"nVtckCgiojWEvbI_02td","align-items-lg-start":"SkBdZQ4j6W8eEExZe0hD","align-i
Source: Reader_Install_Setup.exeString found in binary or memory: ems-lg-end":"WAJbhUQHN23bq7qy5Sn4","align-items-lg-center":"kd6x9h_3ZymIzA4bgzN7","align-items-lg-baseline":"KO8aNPXTLKYLQxI6em9l","align-items-lg-stretch":"Km2Za0W8caH7Y94_8Cii","align-content-lg-start":"W43tG1Sz8VgKlzT3ABdI","align-content-lg-end":"jl0mwv_1I
Source: Reader_Install_Setup.exeString found in binary or memory: self-lg-start":"G9A3tlQ35wA03mx2tzqx","align-self-lg-end":"eLScPzCVVKub71kFSTo6","align-self-lg-center":"AjPsmeBDtyK_yy_tIXdq","align-self-lg-baseline":"tEiZrAGTU4ltRxVsQYja","align-self-lg-stretch":"zM8DoQ0E3PzQ1e4NdlbO","flex-xl-row":"xiURbQvawKtv3lpRx8BS","
Source: Reader_Install_Setup.exeString found in binary or memory: o=e.n(t),a=e(2312),i=e.n(a)()(o());i.push([r.id,".h3prVibJIx6xMWozlLvS{\r\n display: flex;\r\n flex-direction: row;\r\n flex-wrap: nowrap;\r\n align-content: flex-end;\r\n justify-content: flex-start;\r\n align-items: flex-end;\r\n}",""]),i.l
Source: Reader_Install_Setup.exeString found in binary or memory: xl-fill":"kGKaQXNtKVolETkb6VY_","flex-xl-grow-0":"NeShcrAZ5y_hpxB1Krrg","flex-xl-grow-1":"ysC1kPY5k3OAcyOOrAZF","flex-xl-shrink-0":"c7DdFRyXaVXxSNLm96SA","flex-xl-shrink-1":"vVfhGb47ZI1vy9SKdLAy","justify-content-xl-start":"EMKOqdcLxlLCtgNKAVN9","justify-conte
Source: Reader_Install_Setup.exeString found in binary or memory: YDHEA6tQXlGqaKw7jz {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .uq0dyk4fScobfEBVnATd {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .UpE4hJfsUm5TuZtTZv
Source: Reader_Install_Setup.exeString found in binary or memory: t-xl-end":"y9ejXHhttjAEgovYXYMU","justify-content-xl-center":"COPRSpy9kETB_SZQ4smx","justify-content-xl-between":"mYnlm8yqHdRJ8jWo0Ula","justify-content-xl-around":"SRf5p8hsCyhBY1KbbllG","align-items-xl-start":"AwPLyaWsRJ3kVfxTYAKZ","align-items-xl-end":"JLhQy
Source: Reader_Install_Setup.exeString found in binary or memory: 9YeJ2Xzm4rGI0o","align-items-xl-center":"TnX6CLfh8vo_Q_DeYU2g","align-items-xl-baseline":"VtD1JQ5GGSN55msvqOuH","align-items-xl-stretch":"r3SPzoMrEJe9HyIuwWCJ","align-content-xl-start":"kaIxRiZtzxK_YyZMBHo_","align-content-xl-end":"l1QG33TebFm8kJRTmnh7","align
Source: Reader_Install_Setup.exeString found in binary or memory: content-xl-center":"MV4EN51PwhHoa9MTCThc","align-content-xl-between":"ch_UlL0T5dkZlpBCGf6z","align-content-xl-around":"qeeJg8mLhC36_AtZhgPi","align-content-xl-stretch":"VnQjhwHZwYkSNDH0IDLS","align-self-xl-auto":"f6I_MfERc6Cd5U2cvKdb","align-self-xl-start":"Pa
Source: Reader_Install_Setup.exeString found in binary or memory: -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .eLk5KmeziN3FG_ZvWUbk {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .wx9l9CrohZahb5XLMrGW {\r\n -ms-flex-pack:
Source: Reader_Install_Setup.exeString found in binary or memory: portant;\r\n justify-content: space-around !important;\r\n }\r\n .THpMIn_rv9gXJ1zTlRSw {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .GDHTGrjlGD0S0f1_DiJ5 {\r\n -ms-flex-align: end !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: //launchReader
Source: Reader_Install_Setup.exeString found in binary or memory: //launchAcrobat
Source: Reader_Install_Setup.exeString found in binary or memory: //launchReaderSAPP
Source: Reader_Install_Setup.exeString found in binary or memory: mportant;\r\n }\r\n .wekS_MR1HkGU6Ej1xqxk {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .LkRjjQuLuuq2HISiPqJR {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: https://helpx.adobe.com/acrobat/kb/download-64-bit-installer.html
Source: Reader_Install_Setup.exeString found in binary or memory: n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .fZE3fFOWzrNpoqLg33AU {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .R1In6pl7PW91BoY3krKQ {\r\n -ms-flex-it
Source: Reader_Install_Setup.exeString found in binary or memory: !important;\r\n justify-content: flex-start !important;\r\n }\r\n .mXqDCUtaC_JMHMad0ZwV {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .qOrqtkCp3ivHw7SVfILq {\r\n -ms-flex-pack: center !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: -content: space-around !important;\r\n }\r\n .SkBdZQ4j6W8eEExZe0hD {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .WAJbhUQHN23bq7qy5Sn4 {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !
Source: Reader_Install_Setup.exeString found in binary or memory: Km2Za0W8caH7Y94_8Cii {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .W43tG1Sz8VgKlzT3ABdI {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .jl0mwv_1IlwXKTH
Source: Reader_Install_Setup.exeString found in binary or memory: lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffs
Source: Reader_Install_Setup.exeString found in binary or memory: Congratulations": { "message": "Gratulerer!" }, "ActionList_Verify": { "message": "Verifiserer installasjon ..." }, "ActionList_ErrorUpdateMessage": { "message": "Kommandolinjeargumentet -installasjonsprogram kreves, men er ikke oppg
Source: Reader_Install_Setup.exeString found in binary or memory: n: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .eLScPzCVVKub71kFSTo6 {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .AjPsmeBDtyK_yy_tIXdq {\r\n -ms-flex-item-align: center !impor
Source: Reader_Install_Setup.exeString found in binary or memory: stify-content: flex-start !important;\r\n }\r\n .y9ejXHhttjAEgovYXYMU {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .COPRSpy9kETB_SZQ4smx {\r\n -ms-flex-pack: center !important;\r\n justify-content: ce
Source: Reader_Install_Setup.exeString found in binary or memory: !important;\r\n }\r\n .AwPLyaWsRJ3kVfxTYAKZ {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .JLhQyJ9YeJ2Xzm4rGI0o {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n }\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: ft..." }, "ActionList_ErrorUpdateMessage": { "message": "Das Befehlszeilenargument -installer muss angegeben werden." }, "ActionList_AlreadyExists": { "message": "Die Anwendung ist bereits installiert." }, "ActionList_Comp
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .kaIxRiZtzxK_YyZMBHo_ {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .l1QG33TebFm8kJRTmnh7 {\r\n -ms-fle
Source: Reader_Install_Setup.exeString found in binary or memory: \n align-self: flex-start !important;\r\n }\r\n .gvNgooS8lRGqBrL8T2NG {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .hd7N4PctGEIBBTckCPnz {\r\n -ms-flex-item-align: center !important;\r\n align-sel
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile read: C:\Users\user\Desktop\Reader_Install_Setup.exeJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: Reader_Install_Setup.exeStatic PE information: certificate valid
Source: Reader_Install_Setup.exeStatic file information: File size 1445432 > 1048576
Source: Reader_Install_Setup.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x159200
Source: Reader_Install_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0070DE50 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_0070DE50
Source: Reader_Install_Setup.exeStatic PE information: real checksum: 0x16cd57 should be: 0x166b71
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0049FAEC push ecx; ret 0_2_0049FAFF
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_080651F3 pushad ; iretd 0_2_080651F6
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0970D590 pushfd ; ret 0_2_0970D591
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 3520000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 36D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 43B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 43D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 7F60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 8000000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 8020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9750000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 97B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9850000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 98B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9990000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 99D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9A10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9AF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9B10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9B40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9B60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9C80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9CC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9D40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 7F40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 91F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9210000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9470000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 94E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9500000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9520000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: A1A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 95B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: A2A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9810000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 98D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 99B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: B5A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: B5C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: B960000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: BD00000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 95D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 9630000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 1350000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: 1370000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeEvaded block: after key decisiongraph_0-78360
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003393E0 GetFileAttributesW,PathFileExistsW,PathIsDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_003393E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00344620 PathIsDirectoryW,GetFileAttributesW,GetLastError,FindFirstFileW,FindNextFileW,GetLastError,FindClose,DeleteFileW,DeleteFileW,RemoveDirectoryW,RemoveDirectoryW,FindClose,GetLastError,0_2_00344620
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004A067B VirtualQuery,GetSystemInfo,0_2_004A067B
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpxN
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-74836
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004A6EB1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004A6EB1
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00358331 OutputDebugStringA,GetLastError,0_2_00358331
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0070DE50 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_0070DE50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004C4A24 mov eax, dword ptr fs:[00000030h]0_2_004C4A24
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004B6F6C mov ecx, dword ptr fs:[00000030h]0_2_004B6F6C
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0049F624 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0049F624
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004A6EB1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004A6EB1
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EDB00 GetModuleFileNameW,GetVersionExW,ShellExecuteExW,CloseHandle,0_2_002EDB00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E95A0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_002E95A0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetModuleHandleW,GetProcAddress,RtlEncodePointer,RtlDecodePointer,GetLocaleInfoEx,GetLocaleInfoW,0_2_0036D567
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_004C9387
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,0_2_004C9582
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: EnumSystemLocalesW,0_2_004C9674
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: EnumSystemLocalesW,0_2_004C9629
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: EnumSystemLocalesW,0_2_004C26F3
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: EnumSystemLocalesW,0_2_004C970F
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_004C979A
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,0_2_004C99ED
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_004C9B16
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,0_2_004C9C1C
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004C9CEB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: GetLocaleInfoW,0_2_004C2CB0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Users\user\Desktop\Reader_Install_Setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00330FE0 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlEnterCriticalSection,RtlLeaveCriticalSection,CreateFileW,Sleep,CreateFileW,CreateNamedPipeW,CreateNamedPipeW,ConnectNamedPipe,GetLastError,GetLastError,Sleep,GetLastError,RtlLeaveCriticalSection,ConnectNamedPipe,GetLastError,GetLastError,GetLastError,GetLastError,CreateThread,RtlLeaveCriticalSection,RtlLeaveCriticalSection,RtlLeaveCriticalSection,0_2_00330FE0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003404D0 GetLocalTime,GetTimeFormatW,GetDateFormatW,0_2_003404D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004C51D9 GetTimeZoneInformation,0_2_004C51D9
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DEE50 GetVersionExW,GetModuleFileNameW,PathRemoveFileSpecW,PathFileExistsW,GetModuleHandleW,GetProcAddress,GetSystemWindowsDirectoryW,SetDllDirectoryW,LoadLibraryW,PathIsDirectoryW,LoadLibraryW,LoadLibraryW,6F5433E0,CommandLineToArgvW,__Init_thread_footer,__Init_thread_footer,SHCreateDirectoryExW,GetLastError,WaitForSingleObject,TerminateThread,CloseHandle,LoadIconW,FreeLibrary,0_2_002DEE50

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
Access Token Manipulation		1
Virtualization/Sandbox Evasion		LSASS Memory1
Query Registry		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Process Injection		1
Disable or Modify Tools		Security Account Manager21
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Access Token Manipulation		NTDS1
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Process Injection		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain Credentials25
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Obfuscated Files or Information		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Software Packing		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
DLL Side-Loading		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://mths.be/array-of0%Avira URL Cloudsafe
https://mths.be/array-from0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://p.typekit.net/VReader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://use.typekit.net/af/a2527e/000000000000000000017704/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://reactjs.org/docs/errReader_Install_Setup.exefalse
        		high
        https://use.typekit.net/af/4b3e87/000000000000000000017706/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://use.typekit.net/TReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://reactjs.org/docs/error-decoder.html?invariant=arguments.lengthReader_Install_Setup.exe, 00000000.00000003.1663276754.00000000092DD000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://use.typekit.net/bxf0ivf.jsn.typeReader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://use.typekit.net/af/a2527e/000000000000000000017704/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                  		high
                  https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://use.typekit.net/af/74ffb1/000000000000000000017702/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://use.typekit.net/bxf0ivf.js#Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://use.typekit.net/af/a2527e/000000000000000000017704/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://reactjs.org/link/react-polyfillsReader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://use.typekit.net/af/cb695f/000000000000000000017701/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                              		high
                              https://use.typekit.net/bxf0ivf.js_Install_Setup.exe/160C959/Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000144F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://typekit.com/eulas/000000000000000000017704Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                  		high
                                  https://use.typekit.net/af/4b3e87/000000000000000000017706/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://typekit.com/eulas/000000000000000000017706Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                      		high
                                      https://use.typekit.net/af/40207f/0000000000000000000176ff/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://typekit.com/eulas/0000000000000000000176ffReader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                          		high
                                          http://typekit.com/eulas/000000000000000000017701Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                            		high
                                            http://typekit.com/eulas/000000000000000000017702Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E59000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1675262282.0000000007E4C000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                              		high
                                              http://typekit.com/eulas/000000000000000000017703Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                		high
                                                http://typekit.com/eulas/000000000000000000017706(v(Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://use.typekit.net/af/74ffb1/000000000000000000017702/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                    		high
                                                    https://mths.be/array-fromReader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://mths.be/array-ofReader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://use.typekit.net/af/eaf09c/000000000000000000017703/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://use.typekit.net/bxf0ivf.jsnReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://use.typekit.net/bxf0ivf.jsEvent1256Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://use.typekit.net/Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://use.typekit.net/af/74ffb1/000000000000000000017702/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://use.typekit.net/bxf0ivf.jsinitErrorMultipleInstanceRunningIReader_Install_Setup.exe, 00000000.00000002.2911694624.0000000009D00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://use.typekit.net/af/a2527e/000000000000000000017704/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/twbs/bootstrap/blob/main/LICENSE)Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://use.typekit.net/af/eaf09c/000000000000000000017703/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                                          		high
                                                                          https://reactjs.org/docs/error-decoder.html?invariant=Reader_Install_Setup.exe, 00000000.00000003.1676080029.0000000007D21000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2911197588.0000000009C76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://p.typekit.net/Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://getbootstrap.com/)Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1670096819.0000000007E09000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/FinReader_Install_Setup.exefalse
                                                                                    		high
                                                                                    https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://use.typekit.net/af/4b3e87/000000000000000000017706/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                                                        		high
                                                                                        https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://use.typekit.net/af/74ffb1/000000000000000000017702/27/d?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://typekit.com/eulas/000000000000000000017704RReader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://use.typekit.net/bxf0ivf.jsLReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://p.typekit.net/p.gif?s=1&k=bxf0ivf&ht=tk&h=C%3A%5CUsers%5Cuser%5CDesktop%5CReader_Install_SeReader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/Financial-Times/polyfill-service/issues/317Reader_Install_Setup.exe, 00000000.00000003.1663642057.0000000004141000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905428102.0000000007FBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://p.typekit.net/p.gifReader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903903113.0000000007F0D000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                                                                      		high
                                                                                                      https://use.typekit.net/bxf0ivf.jsReader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2899455039.0000000003568000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2900577435.00000000036A3000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001418000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, 160[1].0.drfalse
                                                                                                        		high
                                                                                                        https://use.typekit.net/af/40207f/0000000000000000000176ff/27/Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drfalse
                                                                                                          		high
                                                                                                          https://use.typekit.net/af/cb695f/000000000000000000017701/27/a?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://reactjs.org/link/react-polyfillsn.unstable_shouldYieldn.unstable_forceFrameRateReader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://reactjs.org/link/react-polyfillsThisReader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://use.typekit.net/af/4b3e87/000000000000000000017706/27/l?primer=0635fba006f1437d962ae878ad04aReader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  No contacted IP infos

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                  Analysis ID:1391064
                                                                                                                  Start date and time:2024-02-12 20:06:05 +01:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 6m 22s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:Reader_Install_Setup.exe
                                                                                                                  Detection:CLEAN
                                                                                                                  Classification:clean7.winEXE@1/13@0/0
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 88%
                                                                                                                  • Number of executed functions: 213
                                                                                                                  • Number of non-executed functions: 82
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 23.40.205.17, 23.40.205.16, 23.40.205.67, 23.220.188.152, 23.54.168.43, 23.54.168.50, 192.168.2.4, 52.5.13.197, 52.202.204.11, 54.227.187.23, 23.22.254.206
                                                                                                                  • Excluded domains from analysis (whitelisted): rdc.adobe.io, e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a1874.dscg1.akamai.net, fe3cr.delivery.mp.microsoft.com, p.typekit.net-stls-v3.edgesuite.net, ocsp.digicert.com, use-stls.adobe.com.edgesuite.net, ssl-delivery.adobe.com.edgekey.net, geo-dc.adobe.com, dlmping2.adobe.com, a1988.dscg1.akamai.net
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                  • VT rate limit hit for: Reader_Install_Setup.exe

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  No simulations

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  No context

                                                                                                                  Domains

                                                                                                                  No context

                                                                                                                  ASNs

                                                                                                                  No context

                                                                                                                  JA3 Fingerprints

                                                                                                                  No context

                                                                                                                  Dropped Files

                                                                                                                  No context

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):49120
                                                                                                                  Entropy (8bit):0.0017331682157558962
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Ztt:T
                                                                                                                  MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                  SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                  SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                  SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\160[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1369
                                                                                                                  Entropy (8bit):5.042349729995224
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:OPH/wMz8MespW0mWUvF0k6aM94NaM94SKCBMazEJMThHyaPqAVg7vVsI6:OXntkRWmFC9u9sCaazECFHyafVFH
                                                                                                                  MD5:AB2A2BC6C53F862BA5018B7A6EA76C08
                                                                                                                  SHA1:3BF47FD954DC9DCE93DA87B0EA42F78488646A4E
                                                                                                                  SHA-256:240B1B561A404C5309587A17F3B0FBFF6ACEE2E816D565BDE1999C60CB00FC1F
                                                                                                                  SHA-512:78180D38566AF52FB74B71AB9BE9009E4A75B36C6D27056C851849B7077CD1F8C0500F1178FBFE3CDFAE590B9A9A6DDAB812E460971D03F0127C01E09648AF03
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:.<!doctype html>..<html lang="en" style="font-size:3.26vh">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=Edge">.. <script src="https://use.typekit.net/bxf0ivf.js" type="text/javascript"></script>.. <script type="text/javascript">try { Typekit.load(); } catch (e) {}</script>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>ADM</title>.. <style>.. body {.. margin: 0px;.. background-color: #ffffff;.. -webkit-tap-highlight-color: rgba(0,0,0,0);.. font-style: normal;.. border-top:1px solid #c7c6c7;.. }.. </style>.. <script>.. function onLoadComplete() {.. function messageFromNative(message, jsonDataString) {.. window.messageFromNative(message, jsonDataString).. }.. window.sendMessageToNative("documentReady", "").. }.. </script>.. <script defer="defer" src="../SC

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 40156, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40156
                                                                                                                  Entropy (8bit):7.99077330546425
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:768:zqK4oMIHg6OWlw62kItML9n0TM+rMiVIoZSruxA443l0PPv:zf45IAFemML9n0TfVIeauxB43l03v
                                                                                                                  MD5:83E5380B9DC2077B664E383CF6FCF47E
                                                                                                                  SHA1:D8AE10285EADED477A647A39293E9294958C0572
                                                                                                                  SHA-256:741A4BC7D04FC8385F9A1DB0CCC586A224F14233B08D764D37EA165163A247A0
                                                                                                                  SHA-512:8EB2833ABC2C13491D2BD30B962A41457AEEA3F5C782108E6319B0ABDE0C97AA3B347D57E8A031DBC5B4BCF5DB3729D68D6F2A098E182BD5C62E761A1476B313
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:wOFFOTTO...........l........................BASE...D...F...Fe!].CFF ...8..v.....Q<..DYNA..zD........d...GDYN..{@.......Q.ow#GPOS..|`...z..7LUd..OS/2.......Y...`].y.cmap................gasp................head.......5...6..%ghhea.......!...$....hmtx............h8+.maxp...0.........0P.name............E..post........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................Y..............x.c`d```5...5...+.3.......P/....??...[.....L Q.b..n...x...n.@.....!.V,.@.cGV.FB$m..j.H..6N<i..`O#...@..X.$<......#g........x....^}.-.x.S..t1.|......,=.b...............S.J|...e..s.O......;.]j>z>D.|.|.W...1...R.b.....}muQ..ra...R.3)Fy......T..1...s..c.g...d8..O....'M......FW...-...X*..+c...H*....t..].|=.e"..R........o.fm.......:T.^Q..z...c(.S..........a..w.KN{.l...M]..tu9...k.b.L.N...v...Y..R.[0....1...C*/..8.^...GM..r....jvfx..<.o..t.P.....=Kv-.kr..n.....5.%.9].>q......f:.3<C.e9.-5.:Yz4O....:e....+b.}.oS..1x.c`f.........).....B3.1.1..E.9..XX..X......P........

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[2]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 39564, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):39564
                                                                                                                  Entropy (8bit):7.989107484119666
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:cyVNSFlHRrs14+NsyQTfaVEAiYgPA9eFXPi37iRX3+qqVFtZN7Pv:XSFlKTcfaVaYgweFXPiLknHqXtDv
                                                                                                                  MD5:A870EE6A735514C321010F19CE3644D7
                                                                                                                  SHA1:59FE54D58D3C53AF232A98A6EFA98170ECCEDD20
                                                                                                                  SHA-256:79E3A4E2C2274ACD602155924DC8C0B7C3AFDCD40450B2DFEDA302AD8E140649
                                                                                                                  SHA-512:B0AEBF67D8989C8F794592A892997C2372FEA9D0076E6EFAD032DD643FB5BB23C730A7EF1FF14807A52DB058E68D9094D8EE713DD2EB82E2676E90430BE29F1C
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:wOFFOTTO........... ........................BASE...D...F...Fe(].CFF ...@..sm.....m..DYNA..w.........c...GDYN..x...."...Q.y*.GPOS..y.......7vo...OS/2.......Y...`[.t.cmap................gasp................head.......4...6..%`hhea.......!...$....hmtx............9!2.maxp...8.........0P.name.............8I.post...p....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................`..............x.c`d```5.J}..5...+.3........P..?.?....1 ....$..fn.Rx..An.@....I..jo0.>...!..$H........`a{.=Ab.u.]...B..E..T..<...Y....3.{o....._.....k....x......c.Mj.......f~..B......9...s..A.V......g.Mj.{>F...|..0.[.5>=.P..1X....}iuV..|n..)b..R..TL...b.K].X.R...M..!..H...?....N...N...p..x..21...wS.J.T.m...;.Jv..Y....e..B.....kk....o.&.rn....z~u...%. .Bq\..X.`.M.b.....)p...Y-........r.L.`.5+..i>5.;.<..C3%'...U...X......D..{.!F.~...8=..c.~y.{w.s.*.{..U.....*...._....~.j....*..)Sg.....R^:.u[v..m.....j.eJ.w.u.T.....Oy.s-..m.x..x.c`f.........................L,,LL,..L.@yF.(

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\231[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):565859
                                                                                                                  Entropy (8bit):5.75699707817581
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:WbbVuAi2W7oxxnXKC9SjJ0Xh1kb9um4GMJ2z4vwOrtJNiidS:gVuAnW7unXrzrDS
                                                                                                                  MD5:6C465CC474639C94025D46A7ECCC839D
                                                                                                                  SHA1:DE19BA37FE2C39BB6C17CC8243632C94A65BA55E
                                                                                                                  SHA-256:00D1E5374C7EB8B7B6F92E3E21EEDEFEA23E7E930564101AAC9D8C0A2EE1DA10
                                                                                                                  SHA-512:78F6BD67D398E4A0AE6F5E58D1EE51BB7EC4DBE0E2900BAE519D53D1FA147129578F940846A0C0806AD479D75F83864D3593D7944BE5A89B05F9E3C16D4016B4
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:var index;!function(){var r={5500:function(r,n,e){function t(r){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(r){return typeof r}:function(r){return r&&"function"==typeof Symbol&&r.constructor===Symbol&&r!==Symbol.prototype?"symbol":typeof r},t(r)}!function(r,n){./*! https://mths.be/array-of v0.1.0 by @mathias */.!function(){"use strict";var r=function(){try{var r={},n=Object.defineProperty,e=n(r,r,r)&&n}catch(r){}return e}(),n=function(){for(var n,e=arguments,t=e.length,o=function(r){try{return!!new r}catch(r){return!1}}(this)?new this(t):new Array(t),a=0;a<t;)n=e[a],r?r(o,a,{value:n,writable:!0,enumerable:!0,configurable:!0}):o[a]=n,a+=1;return o.length=t,o};r?r(Array,"of",{value:n,configurable:!0,writable:!0}):Array.of=n}(),Object.defineProperty(Array.prototype,"fill",{configurable:!0,value:function(r){if(this===n||null===this)throw new TypeError(this+" is not an object");var e=Object(this),t=Math.max(Math.min(e.length,9007199254740991),0)||0,o=1 in a

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\p[1].gif

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):35
                                                                                                                  Entropy (8bit):2.9302005337813077
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:CUHaaatrllH5:aB
                                                                                                                  MD5:81144D75B3E69E9AA2FA3E9D83A64D03
                                                                                                                  SHA1:F0FBC60B50EDF5B2A0B76E0AA0537B76BF346FFC
                                                                                                                  SHA-256:9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
                                                                                                                  SHA-512:2D073E10AE40FDE434EB31CBEDD581A35CD763E51FB7048B88CAA5F949B1E6105E37A228C235BC8976E8DB58ED22149CFCCF83B40CE93A28390566A28975744A
                                                                                                                  Malicious:false
                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                  Preview:GIF89a.............,..............;

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\d[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 37480, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):37480
                                                                                                                  Entropy (8bit):7.989671357448148
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:+Fth4mFn+GiKkGQPWdGPgIVw9xRju2H3/Nn/byU:Am+nxiKsPWdGPH+FuVU
                                                                                                                  MD5:EE10AE517D40542F597A9E0E2852B52B
                                                                                                                  SHA1:D30F8C2467A4689844268B82E0E2ECFE3464CDAE
                                                                                                                  SHA-256:ED1815F9829E1F6A710FCDC182613F614F4887E39281E095360BEEC1CCC72348
                                                                                                                  SHA-512:A327F9E3B5B9AA8CB13BC118DA5F26AF5C3A8DBB66128F36F18E09EB019A222846694A6A8C13FDC48F0460BC9E79BA7EA9DC8AA9EB8B30F63576448328E83ACB
                                                                                                                  Malicious:false
                                                                                                                  Reputation:low
                                                                                                                  Preview:wOFFOTTO...h.......T........................BASE...D...F...Fe$].CFF ...8..l....x.Q.DYNA..pT.......|Zh`.GDYN..q<.......9J..uGPOS..rL......3.*^..OS/2.......]...`\Xv.cmap...T.........G.;gasp................head.......4...6.:%Fhhea.......$...$.$..hmtx...T........;..Xmaxp...0.........0P.name...........~n\.hpost...<....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................\..............x.c`d```5...v........(.p>9..F.W...b.|............8x.RKn.0..9...m.U.]..@(Z..8..N...6.$.`}\.1.#....A.=I......"(...>>..;<.C..8[..5w-...G..O.w.Y;|.!>;..[|u..}<R.u_qW.....{K.;x.e......p..o....;....'.;...(u..2.bq...k1+...Ud.J.q..yz.1...ZW{.[.U..bf.,MB.....z2..M...C7..3.RWuZ.....D .R.Mi....Trp6....Zfi..P.C.^.n..]..9..652)s_.gQ.?..`..<@ ..8'.c..14....0.9W..{.0[ag.. .....#..6..v..jr.......M...kFm...._8..k.%S.~.~.N..e.X.......%w.....es.i;...e.=.V-.kr.....9...k8kF..c....Z..W.t....9.;.c~K.C}sj..=u.k.]]..}.7........x.c`f..8.......)....o......`....fefba.dbQ``jg```d..G.'W....

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\d[2]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 39972, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):39972
                                                                                                                  Entropy (8bit):7.991697943495219
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:768:/CjC6+7R1Cf1RSIpcme1GO3SgcXFwwSUyaXgofeoUyN+MPv:/Cjh+lQf1xpG3S1XFwwSUyaXgofPqov
                                                                                                                  MD5:DF0CD5EDE266E9EA694C3D28209FCE9F
                                                                                                                  SHA1:ECCA8585322A40CF1D0A479EBE67597ADF50E69D
                                                                                                                  SHA-256:5ECD3C64E4C0D1A51D13E2762BECB9E7DA2ACD30D670058A6B16761BE3E017DB
                                                                                                                  SHA-512:B747532E1CDF0C57EF67D45389B61D14ACAF19BC36A9E007189F0F551CBC3D13AD518803A572AB061CB42F129C1AAEEFF25AB066C72CBE4B562841624D5EAE75
                                                                                                                  Malicious:false
                                                                                                                  Preview:wOFFOTTO...$.......8........................BASE...D...F...Fe$].CFF ...4..t..../.>.PDYNA..y ........c...GDYN..z...."...Q..mGPOS..{@......7v_...OS/2.......Y...`\Wv.cmap................gasp................head.......4...6..%uhhea.......!...$....hmtx...$........P+/kmaxp...,.........0P.name................post........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................\..............x.c`d```5..S.........(.p>94.F......|..ef`....&c..x.RKn.0..9N...Qt.5.v..R 8.Wv..Y%...%..........0...]t.S...@G...M..!q.{3C.Q....<t.o.=.a...^a...>...>9....a.........J.....O.=..b.{.x{......p.......~8|......$.....:..U.h.84F...e].ul.J.I...f..F.u......2.q1..,.#...xr5..m..N]......N..,D..].P*..ii.e...Trx6.....6I(#...z..S]..9Tz.1rY.f....'..U.G..P..D..P".&^....8.,x].....7.....e..sl.F.Jc#.Y..s...Th............aL.....E...t..(;..U...;....,......^H...LJ..g.x.A^[....X.._.g6.kb..}G..%.n.e......}.X....]?g^;~C.^4..t...<...x.c`f|.8.......).....B3.1.1*.E.Y..XX..X......P............

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\bxf0ivf[1].js

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (2369)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):18413
                                                                                                                  Entropy (8bit):5.5692261470401165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:S12hpIgIVsUGiRm4lIeU4iDFeFs2NdFJsQF+i:SF7GiRm4X0JqsG7Ui
                                                                                                                  MD5:CFE609917C9E7D4EED2C80563DED171B
                                                                                                                  SHA1:2E5BBD88B040662BF8023FD6A9D55CC760008695
                                                                                                                  SHA-256:AD84B43FFD121E46AC4D2FA817B5863E4802C523BC3FB5E864DB28B3DB0E2514
                                                                                                                  SHA-512:1F600E1ABF1814C89589462ADE13F2E5399082236829EB45A530C852AE135910CB332D540B228DA744B60241BC74E85A3E5EB60CBC65B860E8E9148AF79C54D7
                                                                                                                  Malicious:false
                                                                                                                  Preview:/*. * The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. *. * adobe-clean:. * - http://typekit.com/eulas/000000000000000000017701. * - http://typekit.com/eulas/000000000000000000017702. * - http://typekit.com/eulas/000000000000000000017703. * - http://typekit.com/eulas/0000000000000000000176ff. * - http://typekit.com/eulas/000000000000000000017704. * - http://typekit.com/eulas/000000000000000000017706. *. * . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */.if(!window.Typekit)window.Typekit={};window.Typekit.config={"a":"19707152","c":[".tk-adobe-clean","\"adobe-clean\",sans-serif",".tk-adobe-clean-condensed","\"adobe-clean-condensed\",sans-serif"],"fi":[7180,7181,7182,7184,7185,22474],"fc":[{"id":7180,"family":"adobe-clean","src":"https://use.typekit.net/af/cb695f/000000

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\d[1]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 40596, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40596
                                                                                                                  Entropy (8bit):7.990882155754029
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:768:B2Ws4f6Rc1d7fPlzKC8h7Wy1qmDG8WCecBE6SvNxkCTuLQjlrXPv:B21o6A7fPlh8iPClQNxkC6+1/v
                                                                                                                  MD5:590A9EEBC0AC0BA776529CBA1D5B718A
                                                                                                                  SHA1:E1AA96B54C162F1DEA3CE203B45CD115051BA351
                                                                                                                  SHA-256:28195F698F74D701F5B253495756F7ECD70C50047C1F795952587E6F3E742B19
                                                                                                                  SHA-512:387ADC334C00F4083660107D9C4C3FE3461F1BF4D135A2A7DCF475FFC9C04680D0ECEA30591F253DF584F8F063CC430D69162AD1B8BFFB6C01972079BF6447BF
                                                                                                                  Malicious:false
                                                                                                                  Preview:wOFFOTTO...................................BASE...D...F...Fe.].CFF ...P..w....n..z.DYNA..{.........d...GDYN..|....#...Q0.exGPOS..~.......7JT...OS/2.......Y...`].z.cmap................gasp................head.......4...6..%}hhea...$...!...$....hmtx............t.).maxp...H.........0P.name................post...x....... ...2..............ideoromn..DFLT..cyrl..grek..latn...................W..............x.c`d```5.R.{fz<..W.f..@.....0....>.....\f.&.(.h...x...n.@.E..IUUB]...D.*e..X.x...T....... l..'(|D.......t..t...4.T.xd....o.m.o..........W......{nR....=|.|.w.-t..YA.5Wy..s....s......|..{nR...!...#|h|.....I.J....L..oK..R\.SS.M.X=....b../l)F......2.I....H.&....!M.H..(._....9......p......E.p;..TJ..c.&..T.{.g.J.{/..$...zJ......v.n.z..rj..fye[..u.]u.'..P..>f0.@....%g....c.h...M\l...R.....c.H.V...v././....|1...0.RU...@N..17..!...UCG...y...sn\.....K..8...n..o.uNqgA.u..yZA]...(N..._...nJ....s......S.@...9..^....!...+.j..a.].g.....l..x.c`fbeV``e``.b.```...q.F..@QnN

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\d[2]

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Web Open Font Format, CFF, length 40248, version 0.0
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40248
                                                                                                                  Entropy (8bit):7.989634769609523
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:LDFkEGYLN2ySKC2EspJHit0n4ZHtSxGHRT99rgv8sBe9gUR98RzVuppM+2RX2xQ5:L2E7N6u/its45ExGHR/8v8Dg29OzVu/M
                                                                                                                  MD5:C26C1B68EDD07AB0069CF2EFE0886C1F
                                                                                                                  SHA1:3579AED1FC9953159F817E57E7899849AC94EA85
                                                                                                                  SHA-256:72073CA6C71BCC781491B054C4325A663834082457FD896CB6E1E9931BF6E013
                                                                                                                  SHA-512:5459372E0DD2056437217F9668C393111C54E3C31FBDCA997E9D06C1DC3519DBA0AB0AB7B1F28A10AE10009AC828AEA9BFC21A2E58185F79E2403FEEEF424E32
                                                                                                                  Malicious:false
                                                                                                                  Preview:wOFFOTTO...8...............................BASE...D...F...Fe.].CFF ...@..vs........DYNA..z.........d...GDYN..{...."...QZ].BGPOS..|....c..7B....OS/2.......Y...`^B{.cmap...0............gasp................head.......4...6..%phhea.......!...$....hmtx...8..........%.maxp...8.........0P.name...............]post........... ...2..............ideoromn..DFLT..cyrl..grek..latn...................U..............x.c`d```5..,....o....P..|r...........k ....$..Y\.jx...n.0....'E..}..{hZ..8...@29.....~hH....;t.#.......y..@.(.5.!.!....RW.............[x...G....65[.......z~..A.?X...rU......s....#......<{>F...|..2.;X..<.P..1Z....}eu^..bi.)c.WR..L...Vb.+]..l.W...1..e:...,.#.....z<.:.S.:.....E..........P*...c....T..6..T.. .d..HF.....X...v.~......G........9. .Bq\.FX.`.M.c....s..e....h.3v.....8.fH....4gM..+...X..R....Y..KD....D.......?..=N.<..._.........y......C...U....[.....~.lN.~.....W..{.\^;..?.._..a...T...t.....K.Y....}...2..x.c`f.`na`e``.b.```...q.F..@Qn.f&..&&....v.<#..

                                                                                                                  C:\Users\user\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (538), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):27074
                                                                                                                  Entropy (8bit):3.5932758324359004
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:8ofE7sJ8emLsghGJZgt2FJhs4KPgfFBfjaf:8wE7sJ8emLsghGJZgUFJhs4KPQbjaf
                                                                                                                  MD5:8CFD3CACE9B67887B7B810F9E4621686
                                                                                                                  SHA1:CCF7D15878A0B0516414FDE769F75F01004EFF07
                                                                                                                  SHA-256:CDF58A700BE244CE5E7AEE4CB6B75B6887D30182E8ABBED05C45A3D72BF9D643
                                                                                                                  SHA-512:C22AF68D8201BB2414E848CC78DCAE8396D47C83166AABB817AC76877B19E8FF68165EEEF68EDA36F8131A1CD8E524886DB31B23B1BC7F8E1C3688D5D960CC9C
                                                                                                                  Malicious:false
                                                                                                                  Preview:..0.2./.1.2./.2.4. .2.2.:.0.4.:.4.6.:.2.4.0. .|. .[.I.N.F.O.]. .|. . .|. .A.D.M. .|. . .|. .A.p.p.l.i.c.a.t.i.o.n.C.o.n.t.e.x.t. .|. . .|. . .|. .7.4.2.4. .|. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.D.M. .W.o.r.k.f.l.o.w. .s.t.a.r.t... .V.e.r.s.i.o.n.:. .2...0...0...7.5.9.s. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....0.2./.1.2./.2.4. .2.2.:.0.4.:.4.6.:.2.4.0. .|. .[.T.R.A.C.E.]. .|. . .|. .A.D.M. .|. . .|. .A.p.p.l.i.c.a.t.i.o.n.C.o.n.t.e.x.t. .|. . .|. . .|. .7.4.2.4. .|. .C.o.m.m.a.n.d. .L.i.n.e. .:. .t.e.s.t...e.x.e. .....0.2./.1.2./.2.4. .2.2.:.0.4.:.4.6.:.2.4.0. .|. .[.I.N.F.O.]. .|. . .|. .A.D.M. .|. . .|. .A.p.p.l.i.c.a.t.i.o.n.C.o.n.t.e.x.t. .|. . .|. . .|. .7.4.2.4. .|. .A.d.m.i.n. .a.n.d. .n.o.t. .c.h.i.l.d. .p.r.o.c.e.s.s... .N.o. .n.e.e.d. .f.o.r. .I.P.C.....0.2./.1.2./.2.4. .2.2.:.0.4.:.4.6.:.5.8.4. .|. .[.I.N.F.O.]. .|. . .|. .A.D.M. .|. . .|. .A.p.p.l.i.c.a.t.i.o.n.C.o.n.t.e.x.t. .|. . .|. . .|. .7.4.2.4. .|. .W.h.i.t.e. .l.i.s.t.e.d. .U.R.L.s. .

                                                                                                                  C:\Users\user\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):390
                                                                                                                  Entropy (8bit):3.1291540451651096
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Q9KlZQfhY6qnRarPAADi6Iy3wZQfhY6qnRarPmgNZSY:Q9KlsZqnRaTAAu6WsZqnRaTmuZ3
                                                                                                                  MD5:F996CCA3E3BA7267860BDD400F1B4AF1
                                                                                                                  SHA1:54DAC1019BF21B7A0CB69E12F56DE5C6D6CE8A29
                                                                                                                  SHA-256:D095D32D2054EFDEC3708530A021FC774A38E219D7039B99A48AF5CC6CD5AC6E
                                                                                                                  SHA-512:E1E9108220A248C5EFF2CFFDE409D42798D0CF2ED1DE834C9596BED2F1DC07A573FADD8162319F4691191993CBC01B8CDA14BA09FC0995AB0075F398224F9176
                                                                                                                  Malicious:false
                                                                                                                  Preview:..0.2./.1.2./.2.4. .2.2.:.0.4.:.4.9.:.5.1.7. .|. .[.I.N.F.O.]. .|. . .|. . .|. . .|. . .|. . .|. . .|. .7.6.0.8. .|. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.s.t.a.r.t. .o.f. .D.o.w.n.l.o.a.d.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....0.2./.1.2./.2.4. .2.2.:.0.4.:.4.9.:.5.1.7. .|. .[.I.N.F.O.]. .|. . .|. . .|. . .|. . .|. . .|. . .|. .7.6.0.8. .|. .G.D.E. .V.e.r.s.i.o.n. .i.s. .2...0...0...1.....

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                  Entropy (8bit):7.92254026129775
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.66%
                                                                                                                  • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:Reader_Install_Setup.exe
                                                                                                                  File size:1'445'432 bytes
                                                                                                                  MD5:f543b65c504c5d548e6005f2cba5ddb6
                                                                                                                  SHA1:b5484f2abd286c49360077ae18fa1f0fcdc77900
                                                                                                                  SHA256:9fd5d542f797d9dc630738d7c1b803d34bc0bab593c8d992f9a159ac0a28b276
                                                                                                                  SHA512:a84a7069a9b93b1248db9b3e12fe6be532fb613df6131d3cafb13fc438203b13fd4966e47fc53e6e14679328b6037a3ba4f37dd0d812c0f1309f37cf8479f567
                                                                                                                  SSDEEP:24576:YVzEoS9oS3wlGdQBBBua6f9Bau+cvKPpafsTZFTWmKKeb0XUf6QGr+e:Yg9SYd0fEBa1PpXTZFeoE8v
                                                                                                                  TLSH:79652312410A0F77D82FA8B05AB776745333BD014E9843DA276BFF197B3215AB5E212B
                                                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........D...%...%...%..LW...%..LW...%..LW..D%..LW...%.. Y...%.. Y...%.. Y..>$...%...%....w..%..LW...%..HX...%...%...&..FX...%..FX...%.

                                                                                                                  File Icon

                                                                                                                  Icon Hash:4d9292f2c88cf60d

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x83de50
                                                                                                                  Entrypoint Section:UPX1
                                                                                                                  Digitally signed:true
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x65C0C696 [Mon Feb 5 11:29:26 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:377cbbb5b52e6b71f4c4ec2ff9f040fb

                                                                                                                  Authenticode Signature

                                                                                                                  Signature Valid:true
                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                  Error Number:0
                                                                                                                  Not Before, Not After
                                                                                                                  • 03/11/2023 00:00:00 04/11/2025 23:59:59
                                                                                                                  Subject Chain
                                                                                                                  • CN=Adobe Inc., OU=Acrobat 11, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                  Version:3
                                                                                                                  Thumbprint MD5:DE33CDD57B201C17BA1D948F9027EA38
                                                                                                                  Thumbprint SHA-1:8E5C0EF19E4319A5161B04C5179899335768CCC0
                                                                                                                  Thumbprint SHA-256:66048B4FFA7CEC38A851BD978E87BC469612964C9319C94005AC0FA060A6CE65
                                                                                                                  Serial:0E6E32FCB0E03A0C0B2BC04B56F2038B

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  pushad
                                                                                                                  mov esi, 006E5000h
                                                                                                                  lea edi, dword ptr [esi-002E4000h]
                                                                                                                  push edi
                                                                                                                  or ebp, FFFFFFFFh
                                                                                                                  jmp 00007F65D4DE6852h
                                                                                                                  nop
                                                                                                                  nop
                                                                                                                  nop
                                                                                                                  nop
                                                                                                                  nop
                                                                                                                  nop
                                                                                                                  mov al, byte ptr [esi]
                                                                                                                  inc esi
                                                                                                                  mov byte ptr [edi], al
                                                                                                                  inc edi
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  jc 00007F65D4DE682Fh
                                                                                                                  mov eax, 00000001h
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  adc eax, eax
                                                                                                                  add ebx, ebx
                                                                                                                  jnc 00007F65D4DE684Dh
                                                                                                                  jne 00007F65D4DE686Ah
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  jc 00007F65D4DE6861h
                                                                                                                  dec eax
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  adc eax, eax
                                                                                                                  jmp 00007F65D4DE6816h
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  adc ecx, ecx
                                                                                                                  jmp 00007F65D4DE6894h
                                                                                                                  xor ecx, ecx
                                                                                                                  sub eax, 03h
                                                                                                                  jc 00007F65D4DE6853h
                                                                                                                  shl eax, 08h
                                                                                                                  mov al, byte ptr [esi]
                                                                                                                  inc esi
                                                                                                                  xor eax, FFFFFFFFh
                                                                                                                  je 00007F65D4DE68B7h
                                                                                                                  sar eax, 1
                                                                                                                  mov ebp, eax
                                                                                                                  jmp 00007F65D4DE684Dh
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  jc 00007F65D4DE680Eh
                                                                                                                  inc ecx
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  jc 00007F65D4DE6800h
                                                                                                                  add ebx, ebx
                                                                                                                  jne 00007F65D4DE6849h
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  adc ecx, ecx
                                                                                                                  add ebx, ebx
                                                                                                                  jnc 00007F65D4DE6831h
                                                                                                                  jne 00007F65D4DE684Bh
                                                                                                                  mov ebx, dword ptr [esi]
                                                                                                                  sub esi, FFFFFFFCh
                                                                                                                  adc ebx, ebx
                                                                                                                  jnc 00007F65D4DE6826h
                                                                                                                  add ecx, 02h
                                                                                                                  cmp ebp, FFFFFB00h
                                                                                                                  adc ecx, 02h
                                                                                                                  lea edx, dword ptr [eax+eax]

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2012 UPD4 build 61030

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x2999600x6cUPX0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x443a040x214.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x43f0000x4a04.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x15e4000x2a38UPX0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x443c180x24.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x43e03c0x18UPX1
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x43e05c0xc0UPX1
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x297a400x200UPX0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  UPX00x10000x2e40000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  UPX10x2e50000x15a0000x1592001034b32fe6e75a8e5cdb50c3792de610False0.9886137269105396data7.935275952671535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0x43f0000x50000x4e00a7dcfceb9180eac41b5b468e9c8f4989False0.22030248397435898data3.9114937420207667IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  CONFIG0x2a99b40x39femptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2a9d540x3f44emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2adc980x45e4emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2b227c0x44d2emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2b67500x4db6emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2bb5080x42e9emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2bf7f40x410eemptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2c39040x4311emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2c7c180x42d7emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2cbef00x3a6demptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2cf9600x3a61emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2d33c40x41a3emptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2d75680x412demptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2db6980x43cfemptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2dfa680x42beemptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2e3d280x545demptyEnglishUnited States0
                                                                                                                  DICTIONARY0x2e91880x4155dataEnglishUnited States0.9946188340807175
                                                                                                                  DICTIONARY0x2ed2e00x412ddataEnglishUnited States0.9967036260113875
                                                                                                                  DICTIONARY0x2f14100x406ddataEnglishUnited States0.993148608500576
                                                                                                                  DICTIONARY0x2f54800x40a8dataEnglishUnited States0.9945021749637506
                                                                                                                  DICTIONARY0x2f95280x3e5adataEnglishUnited States0.9954892870567598
                                                                                                                  DICTIONARY0x2fd3840x4179dataEnglishUnited States0.993974106556888
                                                                                                                  DICTIONARY0x3015000x45dcdataEnglishUnited States0.9957503914113174
                                                                                                                  DICTIONARY0x305adc0x4494dataEnglishUnited States0.9962975620870358
                                                                                                                  DICTIONARY0x309f700x4366dataEnglishUnited States0.9975657818476875
                                                                                                                  DICTIONARY0x30e2d80x414fdataEnglishUnited States0.9966505173754411
                                                                                                                  DICTIONARY0x3124280x5515dataEnglishUnited States0.9975207749873743
                                                                                                                  GIF0x3179400x2bdataEnglishUnited States1.2093023255813953
                                                                                                                  PNG0x31796c0x6d3dataEnglishUnited States1.0062965082999427
                                                                                                                  PNG0x3180400xa5ddataEnglishUnited States1.0041462495288354
                                                                                                                  PNG0x318aa00x50adataEnglishUnited States1.0085271317829458
                                                                                                                  PNG0x318fac0x435fdataEnglishUnited States0.9968110396010901
                                                                                                                  PNG0x31d30c0x4054dataEnglishUnited States0.995931503521982
                                                                                                                  PNG0x3213600x694dataEnglishUnited States1.0065320665083135
                                                                                                                  PNG0x3219f40x75fdataEnglishUnited States1.0058293587705351
                                                                                                                  PNG0x3221540x604dataEnglishUnited States1.0071428571428571
                                                                                                                  PNG0x3227580x7b6dataEnglishUnited States1.0055724417426546
                                                                                                                  PNG0x322f100x1f8fdataEnglishUnited States0.999628666914222
                                                                                                                  PNG0x324ea00x3d66dataEnglishUnited States0.9968189337065785
                                                                                                                  PNG0x328c080x3decdataEnglishUnited States0.9966565733030532
                                                                                                                  PNG0x32c9f40x5a4dataEnglishUnited States1.007617728531856
                                                                                                                  PNG0x32cf980x4f1dataEnglishUnited States1.008695652173913
                                                                                                                  PNG0x32d48c0x5b9dataEnglishUnited States1.0075085324232083
                                                                                                                  PNG0x32da480xef1dataEnglishUnited States1.002875816993464
                                                                                                                  PNG0x32e93c0xfe8dataEnglishUnited States1.0027013752455796
                                                                                                                  PNG0x32f9240xd20dataEnglishUnited States1.0032738095238096
                                                                                                                  PNG0x3306440xda7dataEnglishUnited States1.0031473533619457
                                                                                                                  PNG0x3313ec0xec9dataEnglishUnited States1.0029062087186262
                                                                                                                  PNG0x3322b80xf72dataEnglishUnited States1.0027819929185635
                                                                                                                  PNG0x33322c0x3bcadataEnglishUnited States0.9968639749117993
                                                                                                                  PNG0x336df80xfa6dataEnglishUnited States1.0027458811782326
                                                                                                                  PNG0x337da00x521dataEnglishUnited States1.0083777608530085
                                                                                                                  PNG0x3382c40x3d45dataEnglishUnited States0.9969397513547976
                                                                                                                  PNG0x33c00c0x55bdataEnglishUnited States1.0080233406272794
                                                                                                                  PNG0x33c5680xcc6dataEnglishUnited States1.0033639143730886
                                                                                                                  PNG0x33d2300xd60dataEnglishUnited States1.00321261682243
                                                                                                                  PNG0x33df900xe57dataEnglishUnited States1.002996458730591
                                                                                                                  PNG0x33ede80xd1cdataEnglishUnited States1.0032777115613827
                                                                                                                  PNG0x33fb040xd25dataEnglishUnited States1.0032689450222882
                                                                                                                  PNG0x34082c0xefePGP Secret Sub-key -EnglishUnited States1.0028660760812924
                                                                                                                  PNG0x34172c0xf66dataEnglishUnited States1.0027904616945713
                                                                                                                  PNG0x3426940xd24dataEnglishUnited States1.003269916765755
                                                                                                                  PNG0x3433b80xdeadataEnglishUnited States1.0030881527231892
                                                                                                                  PNG0x3441a40x4486dataEnglishUnited States0.997377722038536
                                                                                                                  PNG0x34862c0x4a51dataEnglishUnited States0.9965308804204993
                                                                                                                  PNG0x34d0800x3ba7DOS executable (COM, 0x8C-variant)EnglishUnited States0.9973806561456355
                                                                                                                  SC0x350c280x10b18OpenPGP Secret KeyEnglishUnited States0.9958757458757459
                                                                                                                  SC0x3617400x8a263dataEnglishUnited States0.9902360835473147
                                                                                                                  RT_CURSOR0x3eb9a40x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ebad80xb4dataEnglishUnited States1.0611111111111111
                                                                                                                  RT_CURSOR0x3ebb8c0x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ebcc00x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ebdf40x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ebf280x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec05c0x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec1900x134SysEx File - MesoshaEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec2c40x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec3f80x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec52c0x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec6600x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec7940x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec8c80x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ec9fc0x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_CURSOR0x3ecb300x134dataEnglishUnited States1.0357142857142858
                                                                                                                  RT_BITMAP0x3ecc640xb8dataEnglishUnited States1.059782608695652
                                                                                                                  RT_BITMAP0x3ecd1c0x144OpenPGP Secret KeyEnglishUnited States1.0339506172839505
                                                                                                                  RT_ICON0x4409b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 11811 x 11811 px/mEnglishUnited States0.10020746887966805
                                                                                                                  RT_ICON0x3ef4080x8a8dataEnglishUnited States1.0036101083032491
                                                                                                                  RT_ICON0x3efcb00x568dataEnglishUnited States1.0079479768786128
                                                                                                                  RT_ICON0x3f02180x3a1ddataEnglishUnited States0.9760704443100088
                                                                                                                  RT_ICON0x3f3c380x25a8dataEnglishUnited States0.9910788381742739
                                                                                                                  RT_ICON0x3f61e00x10a8dataEnglishUnited States0.9826454033771107
                                                                                                                  RT_ICON0x3f72880x468dataEnglishUnited States1.0097517730496455
                                                                                                                  RT_DIALOG0x3f76f00x6cdataEnglishUnited States1.0833333333333333
                                                                                                                  RT_DIALOG0x3f775c0xe8dataEnglishUnited States1.0387931034482758
                                                                                                                  RT_DIALOG0x3f78440x34dataEnglishUnited States1.1730769230769231
                                                                                                                  RT_STRING0x3f78780x82dataEnglishUnited States1.0846153846153845
                                                                                                                  RT_STRING0x3f78fc0x2adataEnglishUnited States1.2619047619047619
                                                                                                                  RT_STRING0x3f79280x184dataEnglishUnited States1.0283505154639174
                                                                                                                  RT_STRING0x3f7aac0x4eedataEnglishUnited States1.008716323296355
                                                                                                                  RT_STRING0x3f7f9c0x264dataEnglishUnited States1.0179738562091503
                                                                                                                  RT_STRING0x3f82000x2dadataEnglishUnited States1.015068493150685
                                                                                                                  RT_STRING0x3f84dc0x8adataEnglishUnited States1.0797101449275361
                                                                                                                  RT_STRING0x3f85680xacdataEnglishUnited States1.063953488372093
                                                                                                                  RT_STRING0x3f86140xdedataEnglishUnited States1.0495495495495495
                                                                                                                  RT_STRING0x3f86f40x4a8dataEnglishUnited States1.0092281879194631
                                                                                                                  RT_STRING0x3f8b9c0x228dataEnglishUnited States1.019927536231884
                                                                                                                  RT_STRING0x3f8dc40x2cdataEnglishUnited States1.25
                                                                                                                  RT_STRING0x3f8df00x53edataEnglishUnited States1.0081967213114753
                                                                                                                  RT_GROUP_CURSOR0x3f93300x22dataEnglishUnited States1.3235294117647058
                                                                                                                  RT_GROUP_CURSOR0x3f93540x14dataEnglishUnited States1.35
                                                                                                                  RT_GROUP_CURSOR0x3f93680x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f937c0x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f93900x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f93a40x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f93b80x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f93cc0x14dataEnglishUnited States1.4
                                                                                                                  RT_GROUP_CURSOR0x3f93e00x14Non-ISO extended-ASCII text, with NEL line terminatorsEnglishUnited States1.4
                                                                                                                  RT_GROUP_CURSOR0x3f93f40x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f94080x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f941c0x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f94300x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f94440x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_CURSOR0x3f94580x14dataEnglishUnited States1.45
                                                                                                                  RT_GROUP_ICON0x442f640x16dataEnglishUnited States1.1363636363636365
                                                                                                                  RT_VERSION0x442f800x358dataEnglishUnited States0.40654205607476634
                                                                                                                  RT_HTML0x3f97dc0x559dataEnglishUnited States1.0029218407596785
                                                                                                                  RT_MANIFEST0x4432dc0x727XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4265428727471327

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  ADVAPI32.dllFreeSid
                                                                                                                  COMCTL32.dllInitCommonControlsEx
                                                                                                                  GDI32.dllLPtoDP
                                                                                                                  gdiplus.dllGdipFree
                                                                                                                  KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
                                                                                                                  ole32.dllOleRun
                                                                                                                  OLEAUT32.dllSysFreeString
                                                                                                                  SHELL32.dllDragFinish
                                                                                                                  SHLWAPI.dllUrlIsW

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  No network behavior found

                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:20:06:54
                                                                                                                  Start date:12/02/2024
                                                                                                                  Path:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Users\user\Desktop\Reader_Install_Setup.exe
                                                                                                                  Imagebase:0x2d0000
                                                                                                                  File size:1'445'432 bytes
                                                                                                                  MD5 hash:F543B65C504C5D548E6005F2CBA5DDB6
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:9.9%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:30.7%
                                                                                                                    Total number of Nodes:2000
                                                                                                                    Total number of Limit Nodes:57
                                                                                                                    execution_graph 74828 70de50 74829 70de68 74828->74829 74830 70df82 LoadLibraryA 74829->74830 74834 70dfc7 VirtualProtect VirtualProtect 74829->74834 74831 70df99 74830->74831 74831->74829 74833 70dfab GetProcAddress 74831->74833 74833->74831 74836 70dfc1 ExitProcess 74833->74836 74835 70e02c 74834->74835 74835->74835 78285 35a565 78286 35a57f 78285->78286 78289 3611a0 78286->78289 78290 36c407 46 API calls 78289->78290 78291 3611b3 78290->78291 78292 35a58a 78291->78292 78293 356107 RaiseException 78291->78293 78294 3611de 78293->78294 80293 38cb89 80294 38cb98 80293->80294 80296 38cb9f 80293->80296 80297 3a5c74 80294->80297 80298 3a5c95 _memcpy_s 80297->80298 80307 3a5d1c 80297->80307 80301 3a5cc5 VerSetConditionMask VerSetConditionMask VerifyVersionInfoW GetSystemMetrics 80298->80301 80299 49f076 _ValidateLocalCookies 5 API calls 80300 3a5d2f 80299->80300 80300->80296 80308 3a646a 80301->80308 80303 3a5d0e 80385 3a5f39 80303->80385 80307->80299 80471 49fb1e 80308->80471 80310 3a6476 GetSysColor 80311 3a6497 GetSysColor 80310->80311 80312 3a648b GetSysColor 80310->80312 80314 3a64ae GetSysColor 80311->80314 80315 3a64ba 80311->80315 80312->80311 80314->80315 80472 36773e 80315->80472 80317 3a64d0 22 API calls 80318 3a65fa 80317->80318 80319 3a6603 GetSysColor 80317->80319 80320 3a6615 GetSysColorBrush 80318->80320 80319->80320 80321 3a6882 80320->80321 80322 3a6631 GetSysColorBrush 80320->80322 80324 356107 RaiseException 80321->80324 80322->80321 80323 3a6644 GetSysColorBrush 80322->80323 80323->80321 80325 3a6657 80323->80325 80326 3a6887 80324->80326 80484 36838f 80325->80484 80328 3a6664 CreateSolidBrush 80489 36821f 80328->80489 80331 36838f 53 API calls 80332 3a6682 CreateSolidBrush 80331->80332 80333 36821f 52 API calls 80332->80333 80334 3a6693 80333->80334 80335 36838f 53 API calls 80334->80335 80336 3a66a0 CreateSolidBrush 80335->80336 80337 36821f 52 API calls 80336->80337 80338 3a66b1 80337->80338 80339 36838f 53 API calls 80338->80339 80340 3a66be CreateSolidBrush 80339->80340 80341 36821f 52 API calls 80340->80341 80342 3a66d2 80341->80342 80343 36838f 53 API calls 80342->80343 80344 3a66df CreateSolidBrush 80343->80344 80345 36821f 52 API calls 80344->80345 80346 3a66f0 80345->80346 80347 36838f 53 API calls 80346->80347 80348 3a66fd CreateSolidBrush 80347->80348 80349 36821f 52 API calls 80348->80349 80350 3a670e 80349->80350 80351 36838f 53 API calls 80350->80351 80352 3a671b CreateSolidBrush 80351->80352 80353 36821f 52 API calls 80352->80353 80354 3a672c 80353->80354 80355 36838f 53 API calls 80354->80355 80356 3a6739 CreatePen 80355->80356 80357 36821f 52 API calls 80356->80357 80358 3a6752 80357->80358 80359 36838f 53 API calls 80358->80359 80360 3a675f CreatePen 80359->80360 80361 36821f 52 API calls 80360->80361 80362 3a6776 80361->80362 80363 36838f 53 API calls 80362->80363 80364 3a6783 CreatePen 80363->80364 80365 36821f 52 API calls 80364->80365 80366 3a679a 80365->80366 80367 3a67b1 80366->80367 80370 36838f 53 API calls 80366->80370 80368 3a67ba CreateSolidBrush 80367->80368 80369 3a681e 80367->80369 80371 36821f 52 API calls 80368->80371 80512 3a574c 7 API calls 2 library calls 80369->80512 80370->80367 80373 3a681c 80371->80373 80495 3d8623 80373->80495 80374 3a6828 80374->80321 80375 3a682c 80374->80375 80376 36821f 52 API calls 80375->80376 80379 3a6845 CreatePatternBrush 80376->80379 80381 36821f 52 API calls 80379->80381 80383 3a6856 80381->80383 80382 3a687c std::locale::_Setgloballocale 80382->80303 80513 367849 80383->80513 80386 3a5f48 __EH_prolog3_GS 80385->80386 80387 36773e 59 API calls 80386->80387 80388 3a5f57 GetDeviceCaps 80387->80388 80389 3a5f98 80388->80389 80390 3a5fd3 80389->80390 80393 3683e2 52 API calls 80389->80393 80391 3a5ff1 80390->80391 80395 3683e2 52 API calls 80390->80395 80392 3a600f 80391->80392 80399 3683e2 52 API calls 80391->80399 80396 3a602d 80392->80396 80402 3683e2 52 API calls 80392->80402 80394 3a5fcc DeleteObject 80393->80394 80394->80390 80398 3a5fea DeleteObject 80395->80398 80397 3a604b 80396->80397 80403 3683e2 52 API calls 80396->80403 80400 3a6069 80397->80400 80408 3683e2 52 API calls 80397->80408 80398->80391 80401 3a6008 DeleteObject 80399->80401 80404 3a6087 80400->80404 80411 3683e2 52 API calls 80400->80411 80401->80392 80405 3a6026 DeleteObject 80402->80405 80407 3a6044 DeleteObject 80403->80407 80406 3a60a5 80404->80406 80412 3683e2 52 API calls 80404->80412 80405->80396 80409 3a60c3 80406->80409 80416 3683e2 52 API calls 80406->80416 80407->80397 80410 3a6062 DeleteObject 80408->80410 80413 3a60e1 80409->80413 80420 3683e2 52 API calls 80409->80420 80410->80400 80414 3a6080 DeleteObject 80411->80414 80415 3a609e DeleteObject 80412->80415 80542 3a5bcb 80413->80542 80414->80404 80415->80406 80419 3a60bc DeleteObject 80416->80419 80418 3a60f9 _memcpy_s 80422 3a6106 GetTextCharsetInfo 80418->80422 80419->80409 80421 3a60da DeleteObject 80420->80421 80421->80413 80423 3a613e lstrcpyW 80422->80423 80425 3a61db CreateFontIndirectW 80423->80425 80426 3a616f 80423->80426 80427 36821f 52 API calls 80425->80427 80426->80425 80428 3a6178 EnumFontFamiliesW 80426->80428 80433 3a61ed 80427->80433 80429 3a61a9 EnumFontFamiliesW 80428->80429 80430 3a6194 lstrcpyW 80428->80430 80431 3a61c8 lstrcpyW 80429->80431 80430->80425 80431->80425 80434 3a622c CreateFontIndirectW 80433->80434 80435 36821f 52 API calls 80434->80435 80436 3a623e 80435->80436 80437 3a5bcb SystemParametersInfoW 80436->80437 80438 3a6259 CreateFontIndirectW 80437->80438 80439 36821f 52 API calls 80438->80439 80440 3a6281 CreateFontIndirectW 80439->80440 80441 36821f 52 API calls 80440->80441 80442 3a62ad CreateFontIndirectW 80441->80442 80443 36821f 52 API calls 80442->80443 80444 3a62ce GetSystemMetrics lstrcpyW CreateFontIndirectW 80443->80444 80445 36821f 52 API calls 80444->80445 80446 3a630a GetStockObject 80445->80446 80447 3a6338 GetObjectW 80446->80447 80448 3a6402 80446->80448 80447->80448 80449 3a634d lstrcpyW CreateFontIndirectW 80447->80449 80545 3a6888 80448->80545 80451 36821f 52 API calls 80449->80451 80452 3a639c CreateFontIndirectW 80451->80452 80453 36821f 52 API calls 80452->80453 80458 3a63b5 GetObjectW CreateFontIndirectW 80453->80458 80461 36821f 52 API calls 80458->80461 80465 3a63e1 CreateFontIndirectW 80461->80465 80466 36821f 52 API calls 80465->80466 80466->80448 80471->80310 80473 36774a __EH_prolog3 80472->80473 80474 36776d GetWindowDC 80473->80474 80518 3681dd 52 API calls 80474->80518 80476 36777f 80478 367783 std::locale::_Setgloballocale 80476->80478 80519 3681a9 RaiseException Concurrency::cancel_current_task 80476->80519 80478->80317 80485 368395 80484->80485 80486 368398 80484->80486 80485->80328 80520 3683e2 80486->80520 80488 36839d DeleteObject 80488->80328 80490 368241 80489->80490 80491 36822c 80489->80491 80490->80331 80525 368e42 52 API calls 3 library calls 80491->80525 80493 368236 80526 37f0f1 RaiseException 80493->80526 80496 3d862c 80495->80496 80506 3a686a 80495->80506 80496->80506 80527 3a7d86 20 API calls 80496->80527 80498 3d863f 80528 3a7d86 20 API calls 80498->80528 80500 3d8649 80529 3a7d86 20 API calls 80500->80529 80502 3d8653 80530 3a7d86 20 API calls 80502->80530 80504 3d865d 80531 3a7d86 20 API calls 80504->80531 80507 3679b9 80506->80507 80532 3683a5 80507->80532 80509 3679e9 ReleaseDC 80536 3677fd 80509->80536 80512->80374 80514 36838f 53 API calls 80513->80514 80515 367889 80514->80515 80516 49f076 _ValidateLocalCookies 5 API calls 80515->80516 80517 3678a1 80516->80517 80517->80373 80518->80476 80521 3683ed 80520->80521 80523 3683f4 80520->80523 80524 368e42 52 API calls 3 library calls 80521->80524 80523->80488 80524->80523 80525->80493 80526->80490 80527->80498 80528->80500 80529->80502 80530->80504 80531->80506 80533 3683b8 80532->80533 80534 3683b1 80532->80534 80533->80509 80541 368dd1 52 API calls 3 library calls 80534->80541 80537 367837 80536->80537 80538 36782b 80536->80538 80537->80382 80539 3683a5 52 API calls 80538->80539 80540 367830 DeleteDC 80539->80540 80540->80537 80541->80533 80543 3a5bda 80542->80543 80544 3a5be0 SystemParametersInfoW 80542->80544 80543->80544 80544->80418 80546 3a6894 __EH_prolog3_GS 80545->80546 80547 36773e 59 API calls 80546->80547 80548 3a68a0 80547->80548 80563 368a2f 54 API calls 80548->80563 80550 3a68b3 80551 3a68bd GetTextMetricsW 80550->80551 80552 3a6947 80550->80552 80564 368a2f 54 API calls 80551->80564 80554 356107 RaiseException 80552->80554 80563->80550 74837 36a015 74838 36a021 _strftime __EH_prolog3_catch_GS _strlen 74837->74838 74842 36a095 _memcpy_s _strftime 74838->74842 74850 36a222 74838->74850 74867 355ffd 41 API calls _memcpy_s 74838->74867 74842->74850 74868 36a680 21 API calls 74842->74868 74844 36a10a _strftime 74844->74850 74869 36afba 46 API calls 4 library calls 74844->74869 74846 36a15c 74847 36a1de 74846->74847 74848 36a179 74846->74848 74860 36a19a 74846->74860 74853 382b09 492 API calls 74847->74853 74851 36a1c7 74848->74851 74852 36a17e 74848->74852 74849 36a215 74849->74850 74873 36a38d RaiseException 74849->74873 74874 49fb0f 5 API calls _ValidateLocalCookies 74850->74874 74856 382b09 492 API calls 74851->74856 74857 36a184 74852->74857 74858 36a1b3 74852->74858 74853->74860 74854 36a205 VariantClear 74854->74849 74854->74854 74856->74860 74861 36a19f 74857->74861 74863 36a18e 74857->74863 74859 382b09 492 API calls 74858->74859 74859->74860 74860->74849 74860->74854 74862 382b09 492 API calls 74861->74862 74862->74860 74870 382b09 74863->74870 74865 36a25c 74865->74850 74866 36a308 VariantClear 74865->74866 74866->74850 74867->74842 74868->74844 74869->74846 74875 2e1a20 74870->74875 74873->74865 74876 2e1a64 74875->74876 74876->74876 74899 2dc400 74876->74899 74878 2e1a7d 74879 2dc400 43 API calls 74878->74879 74880 2e1aba 74879->74880 74907 2d8620 74880->74907 74885 3555c6 std::_Facet_Register 15 API calls 74886 2e1afb _memcpy_s 74885->74886 74888 2e1b73 74886->74888 74933 2dbe30 74886->74933 74889 2e1b8e 74888->74889 74891 2dbe30 SimpleUString::operator= 43 API calls 74888->74891 74921 33d030 74889->74921 74891->74889 74892 2e1b9f 74893 2e1bad 74892->74893 74943 309570 43 API calls 5 library calls 74892->74943 74928 2dbda0 74893->74928 74896 2e1bcb 74897 2dbda0 41 API calls 74896->74897 74898 2e1bda 74897->74898 74898->74860 74900 2dc49e 74899->74900 74904 2dc41f 74899->74904 74945 2d84d0 74900->74945 74902 2dc42b _Yarn 74902->74878 74904->74902 74944 2dc760 43 API calls 4 library calls 74904->74944 74906 2dc472 _Yarn 74906->74878 74908 2d865c 74907->74908 74916 2d8747 74907->74916 74949 49f1b7 RtlEnterCriticalSection 74908->74949 74910 2d8666 _memcpy_s 74911 3555c6 std::_Facet_Register 15 API calls 74910->74911 74910->74916 74912 2d86ad 74911->74912 74954 49f5de 44 API calls 74912->74954 74914 2d8736 74955 49f16d RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 74914->74955 74917 3555c6 74916->74917 74919 3555cd 74917->74919 74920 2e1acd 74919->74920 74957 4a72b1 74919->74957 74920->74885 74922 33d042 74921->74922 74923 33d04c 74921->74923 74922->74892 74924 3555c6 std::_Facet_Register 15 API calls 74923->74924 74925 33d054 CreateThread 74924->74925 74927 33d084 std::ios_base::_Ios_base_dtor 74925->74927 74969 33d0c0 74925->74969 74927->74892 74929 2dbdcd 74928->74929 74930 2dbdee std::ios_base::_Ios_base_dtor 74928->74930 74929->74930 78282 4a70bd 41 API calls 2 library calls 74929->78282 74930->74896 74936 2dbe4e _Yarn 74933->74936 74937 2dbe80 74933->74937 74934 2dbf34 74935 2d84d0 SimpleUString::operator= 43 API calls 74934->74935 74938 2dbf39 74935->74938 74936->74888 74937->74934 78283 2dc760 43 API calls 4 library calls 74937->78283 74940 2dbec8 _Yarn 74941 2dbf13 std::ios_base::_Ios_base_dtor 74940->74941 78284 4a70bd 41 API calls 2 library calls 74940->78284 74941->74888 74943->74893 74944->74906 74948 4a18e6 43 API calls 2 library calls 74945->74948 74950 49f1cb 74949->74950 74951 49f1d0 RtlLeaveCriticalSection 74950->74951 74956 49f23f SleepConditionVariableCS RtlLeaveCriticalSection WaitForSingleObjectEx RtlEnterCriticalSection 74950->74956 74951->74910 74954->74914 74955->74916 74956->74950 74963 4bffc4 __dosmaperr 74957->74963 74958 4c0002 74965 4a722f 74958->74965 74960 4bffed RtlAllocateHeap 74961 4c0000 74960->74961 74960->74963 74961->74919 74963->74958 74963->74960 74964 4c9f88 RtlEnterCriticalSection RtlLeaveCriticalSection __dosmaperr 74963->74964 74964->74963 74968 4bfdc1 14 API calls 2 library calls 74965->74968 74967 4a7234 74967->74961 74968->74967 74970 33d0cb 74969->74970 74971 33d0d6 std::ios_base::_Ios_base_dtor 74969->74971 74970->74971 74973 312330 CoInitialize 74970->74973 74974 2d8620 56 API calls 74973->74974 74975 312368 74974->74975 74976 2d8620 56 API calls 74975->74976 74977 3123b1 74976->74977 74978 3123c4 74977->74978 74985 320730 74977->74985 74998 3213d0 74977->74998 74979 2dbda0 41 API calls 74978->74979 74982 3123eb std::ios_base::_Ios_base_dtor 74978->74982 74980 3123dd 74979->74980 74981 2dbda0 41 API calls 74980->74981 74981->74982 74982->74971 75216 2d8570 74985->75216 74999 2d8570 160 API calls 74998->74999 75000 32141f 74999->75000 75001 2dbb90 43 API calls 75000->75001 75002 32142d 75001->75002 75003 2dc400 43 API calls 75002->75003 75004 321456 75003->75004 76029 369ca3 75004->76029 75006 321462 75007 321475 FindResourceW LoadResource SizeofResource LockResource 75006->75007 75008 2e2ad0 43 API calls 75007->75008 75009 3214be 75008->75009 75010 3320d0 46 API calls 75009->75010 75011 3214d8 75010->75011 75012 321547 75011->75012 76514 2e75b0 43 API calls 75011->76514 75014 2dc400 43 API calls 75012->75014 75030 32156b _Yarn 75014->75030 75015 321504 75016 321515 75015->75016 75017 2dbda0 41 API calls 75015->75017 75018 2dbda0 41 API calls 75016->75018 75017->75016 75018->75012 75019 2dbe30 SimpleUString::operator= 43 API calls 75020 3216a5 _Yarn 75019->75020 75021 3219ba 75020->75021 75043 321701 75020->75043 75022 2e2950 43 API calls 75021->75022 75024 3219bf 75022->75024 75023 2dbb90 43 API calls 75025 32170d 75023->75025 75026 2d8570 160 API calls 75024->75026 75027 2dc400 43 API calls 75025->75027 75028 3219f5 75026->75028 75035 32173b 75027->75035 75029 2dbb90 43 API calls 75028->75029 75032 321a03 75029->75032 75030->75019 75030->75021 75031 3217ad 75033 2dbda0 41 API calls 75031->75033 76034 33a120 75032->76034 75034 3217bc 75033->75034 75038 3217cd 75034->75038 75040 2dbda0 41 API calls 75034->75040 75035->75031 75036 330170 43 API calls 75035->75036 75036->75035 75041 2dbda0 41 API calls 75038->75041 75039 321a3c 75042 321b24 75039->75042 75045 2dc400 43 API calls 75039->75045 75040->75038 75044 321815 75041->75044 75046 2dc400 43 API calls 75042->75046 75043->75023 75047 2dbb90 43 API calls 75044->75047 75048 321a74 75045->75048 75049 321b7d 75046->75049 75050 321823 75047->75050 75057 2dbda0 41 API calls 75048->75057 75051 2d8620 56 API calls 75049->75051 76515 321170 43 API calls _ValidateLocalCookies 75050->76515 75053 321b8f 75051->75053 76046 312410 75053->76046 75054 321836 75056 321852 75054->75056 75059 2dbda0 41 API calls 75054->75059 75060 2dbda0 41 API calls 75056->75060 75061 321aa0 75057->75061 75059->75056 75063 32188e 75060->75063 75064 321b26 75061->75064 75065 321aa9 75061->75065 75062 2dbda0 41 API calls 75068 2d8570 160 API calls 75063->75068 75067 2d8570 160 API calls 75064->75067 75069 2dc400 43 API calls 75065->75069 75071 321b2b 75067->75071 75072 321893 75068->75072 75073 321ad9 75069->75073 75071->75042 75082 2dbe30 SimpleUString::operator= 43 API calls 75071->75082 75075 3218b1 75072->75075 75077 2dbe30 SimpleUString::operator= 43 API calls 75072->75077 75076 2d8570 160 API calls 75073->75076 75078 2dbda0 41 API calls 75075->75078 75079 321af0 75076->75079 75077->75075 75083 3218bd 75078->75083 75080 2dbb90 43 API calls 75079->75080 75084 321afd 75080->75084 75082->75042 75086 2e2460 41 API calls 75083->75086 76516 2f3250 43 API calls 75084->76516 75087 3218c9 75086->75087 75090 2dbda0 41 API calls 75087->75090 75093 3218d5 75090->75093 75091 321b12 75094 2dbda0 41 API calls 75091->75094 75097 49f076 _ValidateLocalCookies 5 API calls 75093->75097 75094->75042 75099 3218ee 75097->75099 75099->74978 75217 2d85a7 75216->75217 75225 2d85fd 75216->75225 75218 49f1b7 6 API calls 75217->75218 75219 2d85b1 _memcpy_s 75218->75219 75219->75225 75367 2f9910 75219->75367 75226 3207d0 75225->75226 75824 33d230 75226->75824 75228 3555c6 std::_Facet_Register 15 API calls 75229 320833 75228->75229 75230 3555c6 std::_Facet_Register 15 API calls 75229->75230 75231 320869 75230->75231 75232 2dc400 43 API calls 75231->75232 75233 3208b4 75232->75233 75234 2d8570 160 API calls 75233->75234 75236 3208bd 75234->75236 75238 320948 75236->75238 75923 2db800 43 API calls std::_Facet_Register 75236->75923 75237 32092f 75237->75238 75240 2dbe30 SimpleUString::operator= 43 API calls 75237->75240 75239 2dbda0 41 API calls 75238->75239 75241 320957 75239->75241 75240->75238 75242 2dc400 43 API calls 75241->75242 75243 320987 75242->75243 75244 2dc400 43 API calls 75243->75244 75247 3209bb 75244->75247 75246 320a2b 75248 320a51 75246->75248 75249 2dbe30 SimpleUString::operator= 43 API calls 75246->75249 75247->75248 75924 2db800 43 API calls std::_Facet_Register 75247->75924 75250 2dbda0 41 API calls 75248->75250 75249->75248 75251 320a60 75250->75251 75252 2dbda0 41 API calls 75251->75252 75253 320a6f 75252->75253 75254 2d8570 160 API calls 75253->75254 75255 320a74 75254->75255 75256 320a84 75255->75256 75257 320b99 75255->75257 75258 2dc400 43 API calls 75256->75258 75259 2dc400 43 API calls 75257->75259 75260 320ab1 75258->75260 75261 320bc6 75259->75261 75262 2dc400 43 API calls 75260->75262 75263 2dc400 43 API calls 75261->75263 75265 320ae5 75262->75265 75269 320bfa 75263->75269 75270 320b7b 75265->75270 75925 2db800 43 API calls std::_Facet_Register 75265->75925 75267 320b55 75267->75270 75272 2dbe30 SimpleUString::operator= 43 API calls 75267->75272 75268 320c6a 75271 320c90 75268->75271 75274 2dbe30 SimpleUString::operator= 43 API calls 75268->75274 75269->75271 75926 2db800 43 API calls std::_Facet_Register 75269->75926 75273 2dbda0 41 API calls 75270->75273 75275 2dbda0 41 API calls 75271->75275 75272->75270 75276 320b8a 75273->75276 75274->75271 75275->75276 75277 2dbda0 41 API calls 75276->75277 75278 320cae GetDesktopWindow GetDC 75277->75278 75279 320ccb GetDeviceCaps GetDeviceCaps ReleaseDC 75278->75279 75280 320cfe 75278->75280 75279->75280 75281 2d8570 160 API calls 75280->75281 75282 320d29 75281->75282 75283 320d4a wsprintfW 75282->75283 75284 2d8570 160 API calls 75282->75284 75285 320da0 75283->75285 75286 320d34 75284->75286 75285->75285 75287 2dbe30 SimpleUString::operator= 43 API calls 75285->75287 75927 4af935 52 API calls __snprintf_s 75286->75927 75288 320dbc 75287->75288 75290 2dc400 43 API calls 75288->75290 75295 320dec 75290->75295 75291 320d45 75291->75283 75293 320e5c 75294 320e76 75293->75294 75296 2dbe30 SimpleUString::operator= 43 API calls 75293->75296 75297 2dbda0 41 API calls 75294->75297 75295->75294 75928 2db800 43 API calls std::_Facet_Register 75295->75928 75296->75294 75298 320e85 75297->75298 75299 2dbe30 SimpleUString::operator= 43 API calls 75298->75299 75300 320ec1 75299->75300 75301 2dc400 43 API calls 75300->75301 75303 320ee5 75301->75303 75305 320f5d 75303->75305 75929 2db800 43 API calls std::_Facet_Register 75303->75929 75304 320f43 75304->75305 75306 2dbe30 SimpleUString::operator= 43 API calls 75304->75306 75307 2dbda0 41 API calls 75305->75307 75306->75305 75308 320f69 75307->75308 75309 3213d0 484 API calls 75308->75309 75310 320f7b 75309->75310 75311 2dc400 43 API calls 75310->75311 75312 320faf 75311->75312 75313 321043 75312->75313 75930 2db800 43 API calls std::_Facet_Register 75312->75930 75315 2dbda0 41 API calls 75313->75315 75317 321052 75315->75317 75316 321023 75316->75313 75319 2dbe30 SimpleUString::operator= 43 API calls 75316->75319 75828 31aa50 75317->75828 75319->75313 75321 2dc400 43 API calls 75322 321089 75321->75322 75323 2d8620 56 API calls 75322->75323 75324 321092 75323->75324 75844 2e12e0 75324->75844 75368 2dc400 43 API calls 75367->75368 75369 2f99ef 75368->75369 75527 33d160 75369->75527 75372 2dc400 43 API calls 75373 2f9b2a 75372->75373 75532 33c940 75373->75532 75376 3555c6 std::_Facet_Register 15 API calls 75377 2f9b83 75376->75377 75378 2dc400 43 API calls 75377->75378 75379 2f9bd2 75378->75379 75380 2dc400 43 API calls 75379->75380 75381 2f9c0c 75380->75381 75382 2dc400 43 API calls 75381->75382 75383 2f9c3f 75382->75383 75384 2dc400 43 API calls 75383->75384 75385 2f9c72 75384->75385 75386 2dc400 43 API calls 75385->75386 75387 2f9e60 75386->75387 75388 3555c6 std::_Facet_Register 15 API calls 75387->75388 75389 2f9f07 75388->75389 75390 2dc400 43 API calls 75389->75390 75391 2f9f59 75390->75391 75392 2dc400 43 API calls 75391->75392 75393 2fa0cd 75392->75393 75538 33c330 75393->75538 75396 2dbe30 SimpleUString::operator= 43 API calls 75397 2fa0f0 75396->75397 75398 2dbe30 SimpleUString::operator= 43 API calls 75397->75398 75399 2fa101 75398->75399 75400 3555c6 std::_Facet_Register 15 API calls 75399->75400 75403 2fa10b _memcpy_s 75400->75403 75401 2fa135 75402 3555c6 std::_Facet_Register 15 API calls 75401->75402 75406 2fa14c _memcpy_s 75402->75406 75403->75401 75640 31f5d0 57 API calls 3 library calls 75403->75640 75405 2fa176 75407 3555c6 std::_Facet_Register 15 API calls 75405->75407 75406->75405 75641 3003a0 44 API calls 2 library calls 75406->75641 75410 2fa197 _memcpy_s 75407->75410 75409 2fa2b9 75411 2dbe30 SimpleUString::operator= 43 API calls 75409->75411 75410->75409 75642 330ea0 45 API calls std::_Facet_Register 75410->75642 75413 2fa2e8 75411->75413 75415 2dbe30 SimpleUString::operator= 43 API calls 75413->75415 75414 2fa205 75416 3555c6 std::_Facet_Register 15 API calls 75414->75416 75417 2fa2f9 GetModuleFileNameW 75415->75417 75418 2fa233 75416->75418 75419 2fa382 PathFindFileNameW 75417->75419 75420 2fa352 75417->75420 75421 3555c6 std::_Facet_Register 15 API calls 75418->75421 75422 2fa3a2 75419->75422 75424 2dbe30 SimpleUString::operator= 43 API calls 75420->75424 75431 2fa25e std::ios_base::_Ios_base_dtor 75421->75431 75422->75422 75423 2dbe30 SimpleUString::operator= 43 API calls 75422->75423 75425 2fa3bd 75423->75425 75424->75419 75541 2dbb90 75425->75541 75427 2fa3cf 75428 2dc400 43 API calls 75427->75428 75429 2fa403 75428->75429 75550 4ae854 GetSystemTimeAsFileTime 75429->75550 75431->75409 75431->75431 75432 2dbe30 SimpleUString::operator= 43 API calls 75431->75432 75432->75409 75433 2fa47a 75436 2dbda0 41 API calls 75433->75436 75434 2fa419 75434->75433 75643 4adb7d 14 API calls __dosmaperr 75434->75643 75437 2fa489 75436->75437 75439 2dbda0 41 API calls 75437->75439 75438 2fa45e 75644 2f71a0 59 API calls 2 library calls 75438->75644 75441 2fa493 75439->75441 75442 2dbda0 41 API calls 75441->75442 75443 2fa4f1 75442->75443 75552 2e2ad0 75443->75552 75445 2fa521 GetModuleFileNameW 75528 2dbe30 SimpleUString::operator= 43 API calls 75527->75528 75529 33d206 75528->75529 75674 33d6d0 75529->75674 75533 33c9a7 75532->75533 75534 33c9b8 RtlInitializeCriticalSection 75532->75534 75535 2dbe30 SimpleUString::operator= 43 API calls 75533->75535 75536 2dbda0 41 API calls 75534->75536 75535->75534 75537 2f9b3c 75536->75537 75537->75376 75684 2db970 75538->75684 75542 2dbbba 75541->75542 75543 2dbc3e 75542->75543 75547 2dbbca 75542->75547 75545 2d84d0 SimpleUString::operator= 43 API calls 75543->75545 75544 2dbbd6 _Yarn 75544->75427 75546 2dbc43 75545->75546 75547->75544 75687 2dc760 43 API calls 4 library calls 75547->75687 75549 2dbc17 _Yarn 75549->75427 75551 4ae88d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 75550->75551 75551->75434 75553 2e2aef 75552->75553 75554 2e2ba0 75552->75554 75556 2e2afb _Yarn 75553->75556 75557 2e2b23 75553->75557 75560 2e2b5e 75553->75560 75561 2e2b67 75553->75561 75555 2d84d0 SimpleUString::operator= 43 API calls 75554->75555 75558 2e2ba5 75555->75558 75556->75445 75562 3555c6 std::_Facet_Register 15 API calls 75557->75562 75560->75557 75560->75558 75565 3555c6 std::_Facet_Register 15 API calls 75561->75565 75567 2e2b3f _Yarn 75561->75567 75565->75567 75567->75445 75640->75401 75641->75405 75642->75414 75643->75438 75644->75433 75675 33d708 75674->75675 75683 2f9afb 75674->75683 75676 49f1b7 6 API calls 75675->75676 75677 33d712 75676->75677 75678 3555c6 std::_Facet_Register 15 API calls 75677->75678 75677->75683 75679 33d740 75678->75679 75680 49f5de 44 API calls 75679->75680 75681 33d75d 75680->75681 75682 49f16d __Init_thread_footer 5 API calls 75681->75682 75682->75683 75683->75372 75685 3555c6 std::_Facet_Register 15 API calls 75684->75685 75686 2db9ad 75685->75686 75686->75396 75687->75549 75825 32080e 75824->75825 75826 33d23a 75824->75826 75825->75228 75931 33d390 75826->75931 75829 31aaac 75828->75829 75830 31aade 75828->75830 75831 2dc400 43 API calls 75829->75831 75832 2dc400 43 API calls 75830->75832 75833 31aacb 75831->75833 75841 31aaff 75832->75841 75835 49f076 _ValidateLocalCookies 5 API calls 75833->75835 75834 31ac1d 75945 2dfee0 75834->75945 75837 31ac93 75835->75837 75837->75321 75838 31ac2f 75839 2dbda0 41 API calls 75838->75839 75839->75833 75840 2dfee0 43 API calls 75840->75841 75841->75840 75842 31ab9d 75841->75842 75842->75834 75843 2dfee0 43 API calls 75842->75843 75843->75842 75845 2e1359 75844->75845 75966 331ff0 WideCharToMultiByte 75845->75966 75847 331ff0 46 API calls 75855 2e2ad0 43 API calls 75870 2e1364 _Yarn 75855->75870 75857 2e2460 41 API calls 75857->75870 75862 2e2bb0 43 API calls 75862->75870 75864 2e181e 76012 2e2950 75864->76012 75870->75855 75870->75857 75870->75862 75870->75864 75892 2e13c1 75870->75892 75980 2e1eb0 75870->75980 75892->75847 75923->75237 75924->75246 75925->75267 75926->75268 75927->75291 75928->75293 75929->75304 75930->75316 75932 33d3a3 75931->75932 75935 33da30 75932->75935 75936 33db10 75935->75936 75937 33da80 75935->75937 75939 49f076 _ValidateLocalCookies 5 API calls 75936->75939 75938 2dbb40 43 API calls 75937->75938 75940 33da89 75938->75940 75941 33d3f0 75939->75941 75942 2dbda0 41 API calls 75940->75942 75941->75825 75943 33dad5 75942->75943 75943->75936 75944 33eec0 120 API calls 75943->75944 75944->75943 75946 2dff40 75945->75946 75949 2dff08 _Yarn 75945->75949 75947 2e0050 75946->75947 75950 2dff4f 75946->75950 75948 2d84d0 SimpleUString::operator= 43 API calls 75947->75948 75953 2dff92 _Yarn 75948->75953 75949->75838 75964 2dc760 43 API calls 4 library calls 75950->75964 75959 2e0006 std::ios_base::_Ios_base_dtor _Yarn 75953->75959 75965 4a70bd 41 API calls 2 library calls 75953->75965 75959->75838 75964->75953 75967 4a72b1 ___std_exception_copy 15 API calls 75966->75967 75968 33201f 75967->75968 75969 33204a WideCharToMultiByte 75968->75969 75970 332028 75968->75970 75971 332098 75969->75971 75972 332068 GetLastError 75969->75972 75970->75870 76015 2eb540 43 API calls 5 library calls 75971->76015 75973 332087 75972->75973 75974 4a6d86 ___std_exception_copy 14 API calls 75973->75974 75977 3320b7 75981 2e1eda 75980->75981 76015->75977 76560 36c407 76029->76560 76031 369cb2 76032 369ccc 76031->76032 76575 36c3ab 25 API calls 2 library calls 76031->76575 76032->75006 76621 33beb0 MultiByteToWideChar 76034->76621 76037 33a23c GetLastError 76045 33a1ca 76037->76045 76038 33a180 76039 33a19b 76038->76039 76646 4a15e0 GetErrorInfo 76038->76646 76637 2e04c0 76039->76637 76042 33a1b2 76043 33a2f7 _com_issue_error 76042->76043 76642 33a000 76042->76642 76045->75039 76047 3555c6 std::_Facet_Register 15 API calls 76046->76047 76048 31247b 76047->76048 76049 3555c6 std::_Facet_Register 15 API calls 76048->76049 76050 3124b1 76049->76050 76051 2dbb90 43 API calls 76050->76051 76089 3125bd 76050->76089 76053 3124df 76051->76053 76052 31287b 76054 2dbe30 SimpleUString::operator= 43 API calls 76052->76054 76063 2d8570 160 API calls 76053->76063 76065 3127cb 76054->76065 76055 312841 76068 2dbe30 SimpleUString::operator= 43 API calls 76055->76068 76056 3127d0 76071 2dbe30 SimpleUString::operator= 43 API calls 76056->76071 76057 312830 76067 2dbe30 SimpleUString::operator= 43 API calls 76057->76067 76058 312852 76069 2dbe30 SimpleUString::operator= 43 API calls 76058->76069 76059 3127bc 76062 2dbe30 SimpleUString::operator= 43 API calls 76059->76062 76060 31281f 76066 2dbe30 SimpleUString::operator= 43 API calls 76060->76066 76061 31280e 76064 2dbe30 SimpleUString::operator= 43 API calls 76061->76064 76062->76065 76070 3124e8 76063->76070 76064->76065 76072 3128aa 76065->76072 76073 2dbe30 SimpleUString::operator= 43 API calls 76065->76073 76066->76065 76067->76065 76068->76065 76069->76065 76074 312630 76070->76074 76075 31250d 76070->76075 76076 3127df 76071->76076 76077 2dc400 43 API calls 76072->76077 76073->76072 76080 2dc400 43 API calls 76074->76080 76078 2dc400 43 API calls 76075->76078 76079 2d8570 160 API calls 76076->76079 76097 3128ce 76077->76097 76081 312519 76078->76081 76082 3127e4 76079->76082 76085 31263c 76080->76085 76087 2dc400 43 API calls 76081->76087 76088 3127f2 76082->76088 76090 2d8570 160 API calls 76082->76090 76083 2dbda0 41 API calls 76083->76089 76086 2dc400 43 API calls 76085->76086 76086->76089 76107 31254a 76087->76107 76091 2d8570 160 API calls 76088->76091 76089->76052 76089->76055 76089->76056 76089->76057 76089->76058 76089->76059 76089->76060 76089->76061 76089->76065 76089->76083 76664 31a6a0 43 API calls 2 library calls 76089->76664 76665 2f7b10 43 API calls _Yarn 76089->76665 76090->76088 76094 3127fe 76091->76094 76652 32e540 76094->76652 76096 31292c 76098 312946 76096->76098 76099 2dbe30 SimpleUString::operator= 43 API calls 76096->76099 76097->76098 76666 2db800 43 API calls std::_Facet_Register 76097->76666 76100 2dbda0 41 API calls 76098->76100 76099->76098 76101 312952 76100->76101 76103 2d8570 160 API calls 76101->76103 76104 312957 76103->76104 76659 33d260 76104->76659 76106 2dc400 43 API calls 76108 3129aa 76106->76108 76107->76089 76663 2f7b10 43 API calls _Yarn 76107->76663 76109 31aa50 43 API calls 76108->76109 76110 3129ba 76109->76110 76111 2e12e0 401 API calls 76110->76111 76112 3129cd 76111->76112 76113 2dbda0 41 API calls 76112->76113 76114 3129d9 76113->76114 76115 2dbda0 41 API calls 76114->76115 76116 3129e8 76115->76116 76117 2dbda0 41 API calls 76116->76117 76118 3129f4 76117->76118 76119 2dc940 41 API calls 76118->76119 76120 312a16 std::ios_base::_Ios_base_dtor 76119->76120 76121 2dc940 41 API calls 76120->76121 76122 312a48 std::ios_base::_Ios_base_dtor 76121->76122 76123 49f076 _ValidateLocalCookies 5 API calls 76122->76123 76124 312a6c 76123->76124 76124->75062 76514->75015 76515->75054 76516->75091 76561 36c413 __EH_prolog3 76560->76561 76562 36c48c 76561->76562 76563 36c454 76561->76563 76570 36c43a 76561->76570 76608 36bef5 TlsAlloc RtlInitializeCriticalSection LocalAlloc RaiseException 76561->76608 76610 356107 76562->76610 76601 36c4ac RtlEnterCriticalSection 76563->76601 76570->76562 76576 36c0d1 RtlEnterCriticalSection 76570->76576 76571 36c44e 76571->76562 76571->76563 76572 36c466 76609 36c553 26 API calls 3 library calls 76572->76609 76573 36c482 std::locale::_Setgloballocale 76573->76031 76575->76032 76582 36c0f2 76576->76582 76577 36c201 RtlLeaveCriticalSection 76618 356121 LocalAlloc RaiseException __EH_prolog3 Concurrency::cancel_current_task std::locale::_Setgloballocale 76577->76618 76579 36c19f _memcpy_s 76583 36c1cf RtlLeaveCriticalSection 76579->76583 76580 36c156 GlobalHandle 76585 36c1e9 76580->76585 76586 36c169 GlobalUnWire 76580->76586 76581 36c141 76613 36723f 76581->76613 76582->76577 76582->76579 76582->76580 76582->76581 76583->76571 76585->76577 76588 36c1ee GlobalHandle 76585->76588 76590 36723f 19 API calls 76586->76590 76587 36c288 RtlEnterCriticalSection 76619 36c500 RaiseException 76587->76619 76588->76577 76592 36c1fa GlobalFix 76588->76592 76594 36c17f GlobalReAlloc 76590->76594 76592->76577 76593 36c18b 76593->76585 76596 36c18f GlobalFix 76593->76596 76594->76593 76595 36c2a0 RtlLeaveCriticalSection LocalFree 76597 36c2be TlsSetValue 76595->76597 76596->76577 76596->76579 76600 36c2cf 76597->76600 76598 36c210 76598->76587 76598->76600 76600->76571 76602 36c4c5 76601->76602 76603 36c4f0 RtlLeaveCriticalSection 76601->76603 76602->76603 76604 36c4ca TlsGetValue 76602->76604 76605 36c460 76603->76605 76604->76603 76606 36c4d6 76604->76606 76605->76572 76605->76573 76606->76603 76607 36c4e2 RtlLeaveCriticalSection 76606->76607 76607->76605 76608->76570 76609->76573 76620 4a35bc RaiseException 76610->76620 76612 356120 76614 367252 76613->76614 76615 367259 GlobalAlloc 76614->76615 76616 2d7ea0 19 API calls 76614->76616 76615->76593 76617 367264 76616->76617 76618->76598 76619->76595 76620->76612 76622 33bf77 GetLastError 76621->76622 76623 33bef8 76621->76623 76636 33bf81 76622->76636 76626 4a72b1 ___std_exception_copy 15 API calls 76623->76626 76627 33bf11 _strftime 76623->76627 76623->76636 76624 49f076 _ValidateLocalCookies 5 API calls 76625 33a169 76624->76625 76625->76037 76625->76038 76626->76627 76628 33bf4c MultiByteToWideChar 76627->76628 76627->76636 76629 33bf63 76628->76629 76633 33bf8b 76628->76633 76629->76622 76630 4a6d86 ___std_exception_copy 14 API calls 76629->76630 76631 33bf74 76630->76631 76631->76622 76632 33bfb9 76635 4a6d86 ___std_exception_copy 14 API calls 76632->76635 76632->76636 76633->76632 76647 33c000 76633->76647 76635->76636 76636->76624 76638 3555c6 std::_Facet_Register 15 API calls 76637->76638 76639 2e04ee 76638->76639 76640 2e0501 SysAllocString 76639->76640 76641 2e052c std::ios_base::_Ios_base_dtor _com_issue_error 76639->76641 76640->76641 76641->76042 76643 33a03e 76642->76643 76645 33a062 std::ios_base::_Ios_base_dtor 76643->76645 76651 4a15e0 GetErrorInfo 76643->76651 76645->76045 76646->76039 76648 33c034 76647->76648 76649 33c05d OleRun 76648->76649 76650 33c06c 76648->76650 76649->76650 76650->76632 76651->76645 76667 32e4b0 76652->76667 76654 32e5e2 76654->76065 76655 2dc400 43 API calls 76656 32e582 76655->76656 76656->76654 76656->76655 76657 2dbda0 41 API calls 76656->76657 76674 306f90 76656->76674 76657->76656 76660 312977 76659->76660 76661 33d26a 76659->76661 76660->76106 76662 33d390 120 API calls 76661->76662 76662->76660 76663->76107 76664->76089 76665->76089 76666->76096 76668 2d8570 160 API calls 76667->76668 76669 32e4b8 76668->76669 76672 32e4e1 76669->76672 76855 300fd0 44 API calls 3 library calls 76669->76855 76671 32e534 76671->76656 76672->76671 76856 301230 44 API calls 3 library calls 76672->76856 76675 3555c6 std::_Facet_Register 15 API calls 76674->76675 76676 306fe2 76675->76676 76677 307008 76676->76677 76678 30841c 76676->76678 76680 307011 76677->76680 76681 3076f6 76677->76681 76679 2dc400 43 API calls 76678->76679 76683 308446 76679->76683 76684 308417 76680->76684 76687 2dc400 43 API calls 76680->76687 76682 2d8570 160 API calls 76681->76682 76854 3076fb 76682->76854 76686 2d8570 160 API calls 76683->76686 76685 2dc940 41 API calls 76684->76685 76689 3087ac std::ios_base::_Ios_base_dtor 76685->76689 76690 30844f 76686->76690 76691 307035 76687->76691 76688 3083fa 76693 2d8570 160 API calls 76688->76693 76698 49f076 _ValidateLocalCookies 5 API calls 76689->76698 76692 3555c6 std::_Facet_Register 15 API calls 76690->76692 76696 2d8570 160 API calls 76691->76696 76833 3076db std::ios_base::_Ios_base_dtor 76691->76833 76695 308487 76692->76695 76694 3083ff 76693->76694 76694->76684 76857 3087e0 76694->76857 76699 2e77a0 43 API calls 76695->76699 76700 307048 76696->76700 76697 2dbda0 41 API calls 76697->76684 76703 3087d2 76698->76703 76704 3084ae 76699->76704 76701 30706e 76700->76701 76708 2dbe30 SimpleUString::operator= 43 API calls 76700->76708 76705 2d8570 160 API calls 76701->76705 76703->76656 76706 30860b 76704->76706 76707 3084cc 76704->76707 76709 307073 76705->76709 76711 2d8570 160 API calls 76706->76711 76710 2d8570 160 API calls 76707->76710 76708->76701 76713 3555c6 std::_Facet_Register 15 API calls 76709->76713 76714 3084d1 76710->76714 76712 308610 76711->76712 76717 3070ab 76713->76717 76919 2e77a0 76717->76919 76761 2d8620 56 API calls 76761->76854 76828 2dbe30 43 API calls SimpleUString::operator= 76828->76854 76833->76697 76843 2dc400 43 API calls 76843->76854 76846 2db950 43 API calls 76846->76854 76847 2d8570 160 API calls 76847->76854 76848 3555c6 std::_Facet_Register 15 API calls 76848->76854 76849 2dc940 41 API calls 76849->76854 76850 2e77a0 43 API calls 76850->76854 76851 308ae0 43 API calls 76851->76854 76852 308e40 401 API calls 76852->76854 76853 2dbda0 41 API calls 76853->76854 76854->76688 76854->76761 76854->76828 76854->76843 76854->76846 76854->76847 76854->76848 76854->76849 76854->76850 76854->76851 76854->76852 76854->76853 76855->76672 76856->76672 76858 3555c6 std::_Facet_Register 15 API calls 76857->76858 76859 308829 76858->76859 76860 2dc400 43 API calls 76859->76860 76861 308868 76860->76861 78283->74940 78295 357750 78305 3563d6 78295->78305 78298 357797 78300 356107 RaiseException 78298->78300 78299 357762 PostMessageW 78301 35778d 78299->78301 78302 35779c 78300->78302 78308 35809d 78302->78308 78314 369cd6 78305->78314 78309 3577f1 78308->78309 78313 3580d3 78308->78313 78310 3580d4 RegOpenKeyExW 78310->78313 78311 358144 RegCloseKey 78311->78313 78312 3580f1 RegQueryValueExW 78312->78313 78313->78309 78313->78310 78313->78311 78313->78312 78315 369ca3 52 API calls 78314->78315 78316 369cdb 78315->78316 78317 36c407 46 API calls 78316->78317 78318 356107 78317->78318 78319 3563dc 78318->78319 78322 4a35bc RaiseException 78318->78322 78319->78298 78319->78299 78321 356120 78322->78321 80615 359adf 80616 359b1c 80615->80616 80617 359aec 80615->80617 80618 3615d3 52 API calls 80617->80618 80619 359af4 80618->80619 80623 36b83b 80619->80623 80621 359aff 80621->80616 80628 2e0ea0 80621->80628 80624 36b844 80623->80624 80625 36b858 80623->80625 80665 36b8b0 6 API calls 80624->80665 80625->80621 80627 36b84f 80627->80621 80666 35ef31 80628->80666 80631 2e0f0f 80632 2e0fa4 GetDesktopWindow GetDC 80631->80632 80633 2e0fbb GetDeviceCaps GetDeviceCaps ReleaseDC 80632->80633 80634 2e0fe5 80632->80634 80633->80634 80635 2d8570 160 API calls 80634->80635 80636 2e1010 80635->80636 80637 2e102c 80636->80637 80639 2d8570 160 API calls 80636->80639 80638 366f93 SetWindowPos 80637->80638 80640 2e1076 SetForegroundWindow 80638->80640 80641 2e101b 80639->80641 80642 366f1a 57 API calls 80640->80642 80805 4af935 52 API calls __snprintf_s 80641->80805 80644 2e1086 SetActiveWindow 80642->80644 80645 3615a9 53 API calls 80644->80645 80646 2e1095 80645->80646 80647 369ca3 52 API calls 80646->80647 80648 2e10c6 FindResourceW LoadResource SizeofResource LockResource 80647->80648 80649 2e2ad0 43 API calls 80648->80649 80650 2e111b 80649->80650 80651 3320d0 46 API calls 80650->80651 80652 2e1133 80651->80652 80653 2d8570 160 API calls 80652->80653 80654 2e1142 80653->80654 80691 2fc7b0 80654->80691 80665->80627 80667 35af94 52 API calls 80666->80667 80668 35ef4d 80667->80668 80806 35a45b 80668->80806 80670 35ef55 GetClientRect 80671 35ef78 80670->80671 80672 35ef6b 80670->80672 80822 3665e6 80671->80822 80673 366ff0 3 API calls 80672->80673 80673->80671 80675 35efbf 80688 35eff7 80675->80688 80826 374935 CopyRect 80675->80826 80677 35f057 80681 35f061 80677->80681 80682 35f06b 80677->80682 80678 35f04d 80831 35eb16 80678->80831 80680 35ef81 80680->80675 80843 360b1c 53 API calls 80680->80843 80844 35eba3 122 API calls 2 library calls 80681->80844 80690 35f017 80682->80690 80845 35ecb9 80682->80845 80685 49f076 _ValidateLocalCookies 5 API calls 80687 2e0ed4 SendMessageW SendMessageW 80685->80687 80686 35f069 80686->80690 80687->80631 80688->80677 80688->80678 80688->80690 80690->80685 80692 2dc400 43 API calls 80691->80692 80693 2fc815 80692->80693 80694 33a120 27 API calls 80693->80694 80695 2fc84e 80694->80695 80696 2dc400 43 API calls 80695->80696 80697 2fc87e 80696->80697 80698 2dbda0 41 API calls 80697->80698 80699 2fc8a7 80698->80699 80700 2dc400 43 API calls 80699->80700 80701 2fc8d7 80700->80701 80702 2dbda0 41 API calls 80701->80702 80703 2fc906 80702->80703 80704 2fc91d 80703->80704 80705 2dbe30 SimpleUString::operator= 43 API calls 80703->80705 80706 2dc400 43 API calls 80704->80706 80705->80704 80707 2fc94d 80706->80707 80708 2dbda0 41 API calls 80707->80708 80709 2fc97c 80708->80709 80710 2fca8f 80709->80710 80711 2dc400 43 API calls 80709->80711 80712 2dc400 43 API calls 80710->80712 80713 2fc9b9 80711->80713 80714 2fcac5 80712->80714 80715 2dc400 43 API calls 80713->80715 80716 2dbda0 41 API calls 80714->80716 80724 2fc9ed 80715->80724 80717 2fcaee 80716->80717 80719 2dc400 43 API calls 80717->80719 80718 2fca71 80720 2dbda0 41 API calls 80718->80720 80721 2fcb1e 80719->80721 80722 2fca80 80720->80722 80725 2dbda0 41 API calls 80721->80725 80723 2dbda0 41 API calls 80722->80723 80723->80710 80724->80718 81605 2f7b10 43 API calls _Yarn 80724->81605 80727 2fcb47 80725->80727 80728 2dc400 43 API calls 80727->80728 80729 2fcb77 80728->80729 80730 2dbda0 41 API calls 80729->80730 80731 2fcba0 80730->80731 80732 2dc400 43 API calls 80731->80732 80733 2fcbd0 80732->80733 80734 2dbda0 41 API calls 80733->80734 80735 2fcbf9 80734->80735 80736 2dc400 43 API calls 80735->80736 80737 2fcc29 80736->80737 80738 2dbda0 41 API calls 80737->80738 80739 2fcc4f 80738->80739 80740 2dc400 43 API calls 80739->80740 80741 2fcc7f 80740->80741 80931 33bb10 80741->80931 80744 2dbda0 41 API calls 80745 2fccaf 80744->80745 80944 2fd240 80745->80944 80805->80637 80807 35a477 80806->80807 80808 35a46f 80806->80808 80858 36153c 802 API calls 80807->80858 80857 3727cf 799 API calls 3 library calls 80808->80857 80811 35a475 80815 35a4be 80811->80815 80859 361fa3 531 API calls 80811->80859 80813 35a48b 80860 3644a2 46 API calls 2 library calls 80813->80860 80815->80670 80816 35a494 80816->80815 80817 3665e6 54 API calls 80816->80817 80818 35a4a4 80817->80818 80818->80815 80861 359b2b 52 API calls 80818->80861 80820 35a4af 80821 367044 ShowWindow 80820->80821 80821->80815 80823 3665f1 GetDlgItem 80822->80823 80825 366603 80822->80825 80824 3615a9 53 API calls 80823->80824 80824->80825 80825->80680 80862 3749bd 80826->80862 80829 49f076 _ValidateLocalCookies 5 API calls 80830 3749b9 80829->80830 80830->80688 80832 35eb22 __EH_prolog3 80831->80832 80833 369ca3 52 API calls 80832->80833 80834 35eb2a 80833->80834 80835 3555fe 19 API calls 80834->80835 80836 35eb35 80835->80836 80837 35eb46 GetModuleFileNameW 80836->80837 80838 35eb5b 80837->80838 80842 35eb83 std::locale::_Setgloballocale 80837->80842 80839 3574da 95 API calls 80838->80839 80840 35eb6d 80839->80840 80841 35ecb9 109 API calls 80840->80841 80841->80842 80842->80690 80843->80675 80844->80686 80846 35ecc5 __EH_prolog3 80845->80846 80847 2f3130 20 API calls 80846->80847 80848 35ecd2 80847->80848 80849 35ed0c 80848->80849 80927 37ed52 99 API calls 2 library calls 80848->80927 80917 37eaa4 80849->80917 80853 37eaa4 84 API calls 80854 35ed3a 80853->80854 80855 35ed69 VariantClear VariantClear VariantClear VariantClear 80854->80855 80856 35ed9a std::locale::_Setgloballocale 80855->80856 80856->80690 80857->80811 80858->80811 80859->80813 80860->80816 80861->80820 80863 3749ac 80862->80863 80864 3749cb 80862->80864 80863->80829 80868 3755aa 80864->80868 80866 3749d4 80866->80863 80876 3748b3 80866->80876 80872 3755b6 __EH_prolog3_catch 80868->80872 80869 3756a2 std::locale::_Setgloballocale 80869->80866 80870 375671 GetParent 80871 3615a9 53 API calls 80870->80871 80874 3755f4 80871->80874 80872->80874 80875 369ca3 52 API calls 80872->80875 80873 37568e GetWindowLongW 80873->80869 80873->80874 80874->80869 80874->80870 80874->80873 80875->80874 80881 374a08 80876->80881 80878 374924 80879 49f076 _ValidateLocalCookies 5 API calls 80878->80879 80880 374931 80879->80880 80880->80863 80882 374a14 __EH_prolog3_catch 80881->80882 80883 369ca3 52 API calls 80882->80883 80889 374a5f 80882->80889 80884 374a51 80883->80884 80885 374a5a 80884->80885 80886 374b78 80884->80886 80888 369ca3 52 API calls 80885->80888 80887 356107 RaiseException 80886->80887 80894 374b7d __EH_prolog3_GS 80887->80894 80888->80889 80890 3555c6 std::_Facet_Register 15 API calls 80889->80890 80891 374a9b std::locale::_Setgloballocale 80889->80891 80892 374b07 80890->80892 80891->80878 80914 381f68 RaiseException 80892->80914 80893 374baf GetStockObject 80896 374bd5 80893->80896 80897 374bbe GetStockObject 80893->80897 80894->80893 80895 374bd8 GetObjectW 80894->80895 80898 2e21e0 83 API calls 80895->80898 80896->80895 80897->80896 80913 374bcd 80897->80913 80900 374bfd 80898->80900 80904 36773e 59 API calls 80900->80904 80901 374b2a 80901->80891 80915 37f0f1 RaiseException 80901->80915 80902 367849 58 API calls 80903 374cbf 80902->80903 80906 49fb00 5 API calls 80903->80906 80907 374c4f GetDeviceCaps 80904->80907 80908 374cc4 80906->80908 80916 36bc61 80907->80916 80908->80878 80910 374c81 OleCreateFontIndirect 80911 374c98 80910->80911 80912 3679b9 54 API calls 80911->80912 80912->80913 80913->80902 80914->80901 80915->80891 80916->80910 80918 37eab3 __EH_prolog3_GS 80917->80918 80919 37eaec 80918->80919 80928 37e95a 83 API calls 2 library calls 80918->80928 80921 49fb00 5 API calls 80919->80921 80923 35ed27 80921->80923 80922 37ead2 80929 2e2a50 20 API calls 2 library calls 80922->80929 80923->80853 80925 37eade 80930 37eaf6 19 API calls 80925->80930 80927->80849 80928->80922 80929->80925 80930->80919 80932 33bb72 80931->80932 80936 33bdf4 80931->80936 81606 33a870 17 API calls _com_issue_error 80932->81606 80934 49f076 _ValidateLocalCookies 5 API calls 80935 2fcca0 80934->80935 80935->80744 80936->80934 80937 33be9b _com_issue_error 80939 3555c6 std::_Facet_Register 15 API calls 80943 33bb83 std::ios_base::_Ios_base_dtor 80939->80943 80940 2dbb40 43 API calls 80940->80943 80942 2dbda0 41 API calls 80942->80943 80943->80936 80943->80937 80943->80939 80943->80940 80943->80942 81607 4a15e0 GetErrorInfo 80943->81607 81608 2fe940 43 API calls 3 library calls 80943->81608 80945 2dc400 43 API calls 80944->80945 80946 2fd297 80945->80946 81609 2fd170 80946->81609 80949 2dc400 43 API calls 80950 2fd2d2 80949->80950 80951 2fd170 53 API calls 80950->80951 80952 2fd2e8 80951->80952 80953 2dc400 43 API calls 80952->80953 80954 2fd30d 80953->80954 80955 2fd170 53 API calls 80954->80955 80956 2fd323 80955->80956 80957 2dc400 43 API calls 80956->80957 80958 2fd348 80957->80958 80959 2fd170 53 API calls 80958->80959 80960 2fd35e 80959->80960 80961 2dc400 43 API calls 80960->80961 80962 2fd383 80961->80962 80963 2fd170 53 API calls 80962->80963 80964 2fd399 80963->80964 80965 2dc400 43 API calls 80964->80965 80966 2fd3be 80965->80966 81605->80724 81606->80943 81607->80943 81608->80943 81610 2fd1cb 81609->81610 81611 2fd1e7 81609->81611 81610->81611 81622 4ade41 51 API calls 81610->81622 81612 2fd1f6 81611->81612 81613 2fd203 81611->81613 81614 2dbb90 43 API calls 81612->81614 81623 2dc9e0 43 API calls 3 library calls 81613->81623 81617 2fd1fd 81614->81617 81618 2dbda0 41 API calls 81617->81618 81619 2fd21a 81618->81619 81620 49f076 _ValidateLocalCookies 5 API calls 81619->81620 81621 2fd232 81620->81621 81621->80949 81622->81610 81623->81617 78323 2dee50 78541 4a3d70 78323->78541 78326 2def57 78543 332220 78326->78543 78329 332220 82 API calls 78330 2def8f 78329->78330 78331 2dfe37 78330->78331 78333 2e01a0 43 API calls 78330->78333 78332 2d84d0 SimpleUString::operator= 43 API calls 78331->78332 78334 2dfe3c 78332->78334 78335 2defe1 78333->78335 78871 35beb3 93 API calls 78334->78871 78337 2dfee0 43 API calls 78335->78337 78338 2df015 78337->78338 78339 2dbda0 41 API calls 78338->78339 78340 2df077 78339->78340 78344 2dbda0 41 API calls 78340->78344 78341 2dfe4a 78342 35744b 78341->78342 78343 369ca3 52 API calls 78341->78343 78872 36ca8d FreeLibrary FreeLibrary 78342->78872 78343->78342 78345 2df0d5 78344->78345 78347 2dbda0 41 API calls 78345->78347 78360 2df0ed 78347->78360 78348 35745d 78350 35747d FreeLibrary 78348->78350 78351 35748a 78348->78351 78349 2df4c8 GetModuleHandleW 78352 2df4ee _memcpy_s 78349->78352 78353 2df4d7 GetProcAddress 78349->78353 78350->78351 78873 3563cd 78351->78873 78359 2df501 GetSystemWindowsDirectoryW SetDllDirectoryW 78352->78359 78353->78352 78356 2df4e7 78353->78356 78354 2df14b 78358 2dc400 43 API calls 78354->78358 78356->78352 78361 2df1dd 78358->78361 78362 2df7d8 78359->78362 78367 2df53e 78359->78367 78360->78349 78360->78354 78364 2dc400 43 API calls 78361->78364 78365 2df7e0 LoadLibraryW 78362->78365 78363 3563cd 46 API calls 78368 357498 78363->78368 78369 2df211 78364->78369 78365->78365 78370 2df7f0 6F5433E0 78365->78370 78366 2df565 78371 2dc400 43 API calls 78366->78371 78367->78362 78367->78366 78372 2dc400 43 API calls 78369->78372 78552 3577f8 78370->78552 78381 2df595 78371->78381 78374 2df245 78372->78374 78376 2dc400 43 API calls 78374->78376 78375 2df81e 78562 35be20 78375->78562 78378 2df279 78376->78378 78379 2dc400 43 API calls 78378->78379 78383 2df2ad 78379->78383 78380 2df823 78384 2df838 78380->78384 78385 2df827 78380->78385 78381->78331 78382 2df5d4 78381->78382 78382->78381 78387 2e01a0 43 API calls 78382->78387 78401 2df651 78382->78401 78388 2dc400 43 API calls 78383->78388 78582 35af94 78384->78582 78864 35919e 64 API calls 2 library calls 78385->78864 78391 2df609 LoadLibraryW 78387->78391 78392 2df2e1 78388->78392 78395 2dbda0 41 API calls 78391->78395 78396 2dc400 43 API calls 78392->78396 78393 2df831 78399 2dbda0 41 API calls 78393->78399 78394 3555c6 std::_Facet_Register 15 API calls 78397 2df846 78394->78397 78395->78382 78398 2df315 78396->78398 78400 2df86c 78397->78400 78592 35a78b 78397->78592 78402 2dc400 43 API calls 78398->78402 78403 2dfdf9 78399->78403 78598 358c46 78400->78598 78405 2dbda0 41 API calls 78401->78405 78406 2df349 78402->78406 78407 2dbda0 41 API calls 78403->78407 78408 2df660 78405->78408 78409 2dc400 43 API calls 78406->78409 78411 2dfe08 78407->78411 78408->78370 78412 2df37d 78409->78412 78414 2dbda0 41 API calls 78411->78414 78415 2dc400 43 API calls 78412->78415 78417 2dfe1a 78414->78417 78418 2df3b1 GetModuleFileNameW 78415->78418 78416 2dc400 43 API calls 78419 2df8b2 78416->78419 78420 49f076 _ValidateLocalCookies 5 API calls 78417->78420 78421 2df3cd PathRemoveFileSpecW 78418->78421 78427 2df409 78418->78427 78425 2dfee0 43 API calls 78419->78425 78422 2dfe33 78420->78422 78423 2df3de 78421->78423 78421->78427 78428 2dbe30 SimpleUString::operator= 43 API calls 78423->78428 78424 2dbe30 SimpleUString::operator= 43 API calls 78424->78427 78426 2df8dc CommandLineToArgvW 78425->78426 78429 2df975 78426->78429 78430 2df925 78426->78430 78427->78424 78431 339330 44 API calls 78427->78431 78438 2df48b 78427->78438 78428->78427 78607 2fbbc0 78429->78607 78432 49f1b7 6 API calls 78430->78432 78433 2df458 PathFileExistsW 78431->78433 78443 2df92f _memcpy_s 78432->78443 78433->78427 78435 2df665 PathIsDirectoryW 78433->78435 78439 2d8570 160 API calls 78435->78439 78447 2dbda0 41 API calls 78438->78447 78441 2df687 78439->78441 78444 2fb670 250 API calls 78441->78444 78443->78429 78446 2f9910 160 API calls 78443->78446 78448 2df68e 78444->78448 78452 2df95d 78446->78452 78453 2df4b3 78447->78453 78454 2d8570 160 API calls 78448->78454 78865 49f5de 44 API calls 78452->78865 78460 2dbda0 41 API calls 78453->78460 78478 2df693 78454->78478 78466 2df4c2 78460->78466 78464 2df967 78866 49f16d RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 78464->78866 78466->78349 78486 2df721 78478->78486 78863 2e0260 43 API calls 2 library calls 78478->78863 78503 2dbda0 41 API calls 78486->78503 78507 2df78b 78503->78507 78510 2dbda0 41 API calls 78507->78510 78513 2df79a 78510->78513 78518 2dbda0 41 API calls 78513->78518 78521 2df7c2 78518->78521 78525 2dbda0 41 API calls 78521->78525 78527 2df7d1 78525->78527 78527->78393 78542 2def39 GetVersionExW 78541->78542 78542->78326 78876 332650 78543->78876 78551 2def7f 78551->78329 78553 357804 __EH_prolog3 78552->78553 79054 3578b9 GetModuleFileNameW 78553->79054 78555 369ca3 52 API calls 78556 35783f 78555->78556 78557 3578a5 std::locale::_Setgloballocale 78556->78557 79061 2e21e0 78556->79061 78557->78375 78563 35be2c __EH_prolog3 78562->78563 79576 369cf7 78563->79576 78566 369ca3 52 API calls 78567 35be38 78566->78567 78568 35be47 OleInitialize 78567->78568 78574 35be3e std::locale::_Setgloballocale 78567->78574 78569 35be54 78568->78569 78570 35be5e 78568->78570 79582 35beb3 93 API calls 78569->79582 79583 3563fc 52 API calls 78570->79583 78573 35be6d 78573->78574 78575 3555c6 std::_Facet_Register 15 API calls 78573->78575 78574->78380 78576 35be82 78575->78576 78577 35be94 78576->78577 79584 37e523 52 API calls 78576->79584 79585 3563fc 52 API calls 78577->79585 78580 35bea2 79586 37e8a5 CoRegisterMessageFilter 78580->79586 78583 35afb4 78582->78583 78584 35af9f 78582->78584 78586 369ca3 52 API calls 78583->78586 79588 36c3ab 25 API calls 2 library calls 78584->79588 78588 2df83f 78586->78588 78587 35afae 78587->78583 78589 35afbf 78587->78589 78588->78394 78590 356107 RaiseException 78589->78590 78591 35afc4 78590->78591 78593 35a79d SHGetMalloc 78592->78593 78594 35a7b9 78592->78594 78593->78594 78595 35a7b5 78593->78595 78596 356107 RaiseException 78594->78596 78595->78400 78597 35a7be 78596->78597 78599 4a6d86 ___std_exception_copy 14 API calls 78598->78599 78600 358c54 78599->78600 79589 4b7a6a 78600->79589 78602 358c5c 78603 4a6d86 ___std_exception_copy 14 API calls 78602->78603 78604 358c67 78603->78604 78605 4b7a6a __Getctype 44 API calls 78604->78605 78606 2df882 78605->78606 78606->78416 79608 33c3b0 78607->79608 78863->78486 78864->78393 78865->78464 78866->78429 78871->78341 78872->78348 78874 369cf7 46 API calls 78873->78874 78875 3563d2 78874->78875 78875->78363 78875->78368 78902 304a90 78876->78902 78881 332730 79020 305110 78881->79020 78884 2e8bf0 43 API calls 78885 33285c 78884->78885 79024 2f86f0 78885->79024 78888 3327aa 78888->78884 78890 334000 79031 3047f0 78890->79031 78893 33411c 78894 2e8bf0 43 API calls 78893->78894 78896 33227c 78894->78896 78895 3051b0 80 API calls 78897 334082 78895->78897 78899 3029e0 78896->78899 78897->78893 79035 330170 43 API calls 3 library calls 78897->79035 79048 303d50 78899->79048 78901 302a36 std::ios_base::_Ios_base_dtor 78901->78551 78903 2e8cc0 47 API calls 78902->78903 78904 304af0 78903->78904 78914 304b80 78904->78914 78906 304b20 78909 304c30 78906->78909 78908 2e8bf0 43 API calls 78908->78906 78910 3555c6 std::_Facet_Register 15 API calls 78909->78910 78911 304c4b 78910->78911 78912 304c62 78911->78912 79019 4a1b56 46 API calls 5 library calls 78911->79019 78912->78881 78915 304bc2 78914->78915 78918 3051b0 78915->78918 78941 4a1973 78918->78941 78921 4a1973 std::_Lockit::_Lockit 7 API calls 78922 305227 78921->78922 78926 4a19cb std::_Lockit::~_Lockit 2 API calls 78922->78926 78923 3052a4 78947 4a19cb 78923->78947 78925 30524f 78925->78923 78929 3555c6 std::_Facet_Register 15 API calls 78925->78929 78926->78925 78927 3053cd 78928 49f076 _ValidateLocalCookies 5 API calls 78927->78928 78930 304b06 78928->78930 78933 3052b2 78929->78933 78930->78906 78930->78908 78931 305349 78932 30538f 78931->78932 78957 2e8580 78931->78957 78974 4a1b24 15 API calls std::_Facet_Register 78932->78974 78933->78931 78954 2e84c0 77 API calls 2 library calls 78933->78954 78937 3052ea 78955 4a1ecd 44 API calls __Getctype 78937->78955 78939 305333 78956 4a242a 41 API calls 2 library calls 78939->78956 78942 4a1989 78941->78942 78943 4a1982 78941->78943 78946 305205 78942->78946 78976 4a2af6 RtlEnterCriticalSection 78942->78976 78975 4bee30 6 API calls std::_Lockit::_Lockit 78943->78975 78946->78921 78946->78925 78948 4bee3e 78947->78948 78949 4a19d5 78947->78949 78978 4bee19 RtlLeaveCriticalSection 78948->78978 78950 4a19e8 78949->78950 78977 4a2b04 RtlLeaveCriticalSection 78949->78977 78950->78927 78953 4bee45 78953->78927 78954->78937 78955->78939 78956->78931 78979 4a1c9e 78957->78979 78960 2e85ca 78962 2e85e5 78960->78962 78964 4a6d86 ___std_exception_copy 14 API calls 78960->78964 78961 4a6d86 ___std_exception_copy 14 API calls 78961->78960 78963 2e8600 78962->78963 78965 4a6d86 ___std_exception_copy 14 API calls 78962->78965 78966 2e861b 78963->78966 78967 4a6d86 ___std_exception_copy 14 API calls 78963->78967 78964->78962 78965->78963 78968 2e8636 78966->78968 78969 4a6d86 ___std_exception_copy 14 API calls 78966->78969 78967->78966 78970 2e8651 78968->78970 78972 4a6d86 ___std_exception_copy 14 API calls 78968->78972 78969->78968 78971 4a19cb std::_Lockit::~_Lockit 2 API calls 78970->78971 78973 2e8669 78971->78973 78972->78970 78973->78932 78974->78923 78975->78946 78976->78946 78977->78950 78978->78953 78980 4a1caa 78979->78980 78982 2e85b6 78979->78982 78983 4bf09c 78980->78983 78982->78960 78982->78961 78988 4c2fee 78983->78988 79009 4c279e 5 API calls std::_Lockit::_Lockit 78988->79009 78990 4c2ff3 79010 4c27b8 5 API calls std::_Lockit::_Lockit 78990->79010 78992 4c2ff8 79011 4c27d2 5 API calls std::_Lockit::_Lockit 78992->79011 78994 4c2ffd 79012 4c27ec 5 API calls std::_Lockit::_Lockit 78994->79012 78996 4c3002 79013 4c2806 5 API calls std::_Lockit::_Lockit 78996->79013 78998 4c3007 79014 4c2820 5 API calls std::_Lockit::_Lockit 78998->79014 79000 4c300c 79015 4c283a 5 API calls std::_Lockit::_Lockit 79000->79015 79002 4c3011 79016 4c2854 5 API calls std::_Lockit::_Lockit 79002->79016 79004 4c3016 79017 4c2888 5 API calls std::_Lockit::_Lockit 79004->79017 79006 4c301b 79018 4c286e 5 API calls std::_Lockit::_Lockit 79006->79018 79008 4c3020 79008->79008 79009->78990 79010->78992 79011->78994 79012->78996 79013->78998 79014->79000 79015->79002 79016->79004 79017->79006 79018->79008 79019->78912 79022 30514c 79020->79022 79021 305167 79021->78888 79028 3341f0 78 API calls 4 library calls 79021->79028 79022->79021 79029 304ff0 43 API calls _ValidateLocalCookies 79022->79029 79025 2f8725 79024->79025 79026 2f8730 79025->79026 79030 2f8b20 43 API calls 79025->79030 79026->78890 79028->78888 79029->79021 79030->79026 79032 30482b 79031->79032 79036 304cd0 79032->79036 79034 304841 79034->78893 79034->78895 79035->78897 79037 304d15 79036->79037 79039 304d44 79036->79039 79038 2e8bf0 43 API calls 79037->79038 79042 304d2e 79038->79042 79043 304d50 79039->79043 79047 304ff0 43 API calls _ValidateLocalCookies 79039->79047 79041 304e6a 79041->79034 79042->79034 79043->79041 79044 3051b0 80 API calls 79043->79044 79045 304d94 79044->79045 79045->79041 79046 2e8bf0 43 API calls 79045->79046 79046->79041 79047->79043 79049 303d91 79048->79049 79050 303dd7 std::ios_base::_Ios_base_dtor 79048->79050 79049->79050 79053 4a70bd 41 API calls 2 library calls 79049->79053 79050->78901 79055 3578e7 79054->79055 79059 35791d 79054->79059 79056 3578eb PathFindExtensionW 79055->79056 79055->79059 79127 35718f 79056->79127 79058 49f076 _ValidateLocalCookies 5 API calls 79060 35782e 79058->79060 79059->79058 79060->78555 79060->78556 79062 2e2212 79061->79062 79063 2e221c 79062->79063 79064 2e236a 79062->79064 79068 2e2244 79063->79068 79072 2e232c 79063->79072 79371 2d7ea0 19 API calls 79064->79371 79066 2e2302 79069 2e2318 79066->79069 79075 2e2383 79066->79075 79372 356121 LocalAlloc RaiseException __EH_prolog3 Concurrency::cancel_current_task std::locale::_Setgloballocale 79066->79372 79347 36757f 52 API calls 79068->79347 79076 2e231f 79069->79076 79373 2d7ea0 19 API calls 79069->79373 79072->79072 79350 2e27e0 79072->79350 79074 2e224d 79074->79076 79077 2e225a FindResourceW 79074->79077 79078 356107 RaiseException 79075->79078 79086 3579f2 79076->79086 79077->79076 79079 2e2275 LoadResource 79077->79079 79078->79075 79079->79076 79080 2e2285 LockResource 79079->79080 79080->79076 79081 2e2296 SizeofResource 79080->79081 79082 2e22aa 79081->79082 79082->79076 79083 2e22f2 79082->79083 79348 2e2780 46 API calls 79082->79348 79349 4a710e 41 API calls 4 library calls 79083->79349 79087 357a01 79086->79087 79088 357a8c 79086->79088 79087->79088 79091 357a0c 79087->79091 79089 356107 RaiseException 79088->79089 79090 357a91 __EH_prolog3_GS 79089->79090 79377 3555fe 79090->79377 79097 357a49 79091->79097 79426 36b8b0 6 API calls 79091->79426 79095 357a45 79095->79097 79427 36b8b0 6 API calls 79095->79427 79096 3555fe 19 API calls 79098 357aba 79096->79098 79097->78557 79381 3572fe 79098->79381 79101 357b54 79102 2e27e0 46 API calls 79101->79102 79104 357b82 79102->79104 79103 357ac9 79103->79101 79105 3555fe 19 API calls 79103->79105 79110 357af8 79103->79110 79401 355a17 79104->79401 79106 357b0d 79105->79106 79428 3574da 79106->79428 79109 357b98 79112 355a17 46 API calls 79109->79112 79111 49fb00 5 API calls 79110->79111 79113 357d00 79111->79113 79114 357bae 79112->79114 79113->78557 79115 355a17 46 API calls 79114->79115 79116 357bbd 79115->79116 79117 355a17 46 API calls 79116->79117 79121 357bf2 79116->79121 79118 357be6 79117->79118 79120 357c90 79413 2f3130 79120->79413 79121->79120 79124 357c2e 79121->79124 79128 35719e __EH_prolog3_GS 79127->79128 79129 2e21e0 83 API calls 79128->79129 79130 3571b0 79129->79130 79131 2e21e0 83 API calls 79130->79131 79132 3571c0 _memcpy_s 79131->79132 79141 36d5e0 79132->79141 79135 357223 79138 357243 79135->79138 79174 357fef 79135->79174 79196 49fb00 79138->79196 79142 36d60e GetModuleHandleW 79141->79142 79143 36d639 RtlDecodePointer 79141->79143 79144 36d65e GetUserDefaultUILanguage 79142->79144 79145 36d61d GetProcAddress RtlEncodePointer 79142->79145 79146 36d642 79143->79146 79199 36da6b 41 API calls 3 library calls 79144->79199 79145->79146 79146->79144 79151 36d646 79146->79151 79148 36d685 79200 4a724d 79148->79200 79153 49f076 _ValidateLocalCookies 5 API calls 79151->79153 79154 357204 79153->79154 79154->79135 79170 357fb6 79154->79170 79155 36d6b3 79156 4a724d ___crtDownlevelLCIDToLocaleName 41 API calls 79155->79156 79157 36d6d7 GetSystemDefaultUILanguage 79156->79157 79210 36da6b 41 API calls 3 library calls 79157->79210 79159 36d705 79160 4a724d ___crtDownlevelLCIDToLocaleName 41 API calls 79159->79160 79161 36d729 79160->79161 79211 36da6b 41 API calls 3 library calls 79161->79211 79163 36d73c 79164 4a724d ___crtDownlevelLCIDToLocaleName 41 API calls 79163->79164 79165 36d760 79164->79165 79212 36da6b 41 API calls 3 library calls 79165->79212 79167 36d777 79168 4a724d ___crtDownlevelLCIDToLocaleName 41 API calls 79167->79168 79169 36d79d 79168->79169 79169->79151 79173 357fc2 79170->79173 79171 357fe7 79171->79135 79173->79171 79214 357eed 79173->79214 79175 4a722f __dosmaperr 14 API calls 79174->79175 79176 35800d 79175->79176 79177 4a722f __dosmaperr 14 API calls 79176->79177 79178 358014 79177->79178 79179 35601c __snprintf_s 53 API calls 79178->79179 79180 358037 79179->79180 79181 4a722f __dosmaperr 14 API calls 79180->79181 79182 358041 79181->79182 79183 358045 79182->79183 79184 358054 79182->79184 79185 4a722f __dosmaperr 14 API calls 79183->79185 79186 4a722f __dosmaperr 14 API calls 79184->79186 79187 35804a 79185->79187 79190 358051 79186->79190 79346 355b02 48 API calls _strftime 79187->79346 79189 35808a 79192 49f076 _ValidateLocalCookies 5 API calls 79189->79192 79190->79189 79191 35827d 16 API calls 79190->79191 79193 358077 79191->79193 79194 35809b 79192->79194 79193->79189 79195 35827d 16 API calls 79193->79195 79194->79138 79195->79189 79197 49f076 _ValidateLocalCookies 5 API calls 79196->79197 79198 49fb0a 79197->79198 79198->79198 79199->79148 79201 4a725b 79200->79201 79202 4a7269 79200->79202 79201->79202 79207 4a7283 79201->79207 79203 4a722f __dosmaperr 14 API calls 79202->79203 79204 4a7273 79203->79204 79213 4a70ad 41 API calls _memcpy_s 79204->79213 79206 36d69f 79209 36da6b 41 API calls 3 library calls 79206->79209 79207->79206 79208 4a722f __dosmaperr 14 API calls 79207->79208 79208->79204 79209->79155 79210->79159 79211->79163 79212->79167 79213->79206 79238 36d567 79214->79238 79217 4a722f __dosmaperr 14 API calls 79219 357f27 79217->79219 79218 49f076 _ValidateLocalCookies 5 API calls 79220 357fb4 79218->79220 79221 4a722f __dosmaperr 14 API calls 79219->79221 79220->79173 79222 357f2e 79221->79222 79248 35601c 79222->79248 79225 4a722f __dosmaperr 14 API calls 79226 357f5a 79225->79226 79227 357f6d 79226->79227 79228 357f5e 79226->79228 79230 4a722f __dosmaperr 14 API calls 79227->79230 79229 4a722f __dosmaperr 14 API calls 79228->79229 79231 357f63 79229->79231 79233 357f6a 79230->79233 79258 355b02 48 API calls _strftime 79231->79258 79237 357fa4 79233->79237 79251 35827d 79233->79251 79236 35827d 16 API calls 79236->79237 79237->79218 79239 36d574 GetModuleHandleW 79238->79239 79240 36d59f RtlDecodePointer 79238->79240 79241 36d583 GetProcAddress RtlEncodePointer 79239->79241 79244 36d5c4 79239->79244 79242 36d5a8 79240->79242 79241->79242 79243 36d5ac GetLocaleInfoEx 79242->79243 79242->79244 79247 357f16 79243->79247 79245 36d5d5 GetLocaleInfoW 79244->79245 79245->79247 79247->79217 79247->79237 79259 2ecd40 79248->79259 79252 358289 __fread_nolock 79251->79252 79256 3582ac 79252->79256 79284 358331 79252->79284 79253 3582b7 LoadLibraryExW 79293 3582f2 79253->79293 79256->79253 79257 357f91 79256->79257 79257->79236 79257->79237 79258->79233 79260 2ecd5a __snprintf_s 79259->79260 79263 4abf15 79260->79263 79264 4abf29 __snprintf_s 79263->79264 79269 4a7b11 79264->79269 79267 4a6de9 __snprintf_s 41 API calls 79268 2ecd64 79267->79268 79268->79225 79270 4a7b23 79269->79270 79272 4a7b46 79269->79272 79280 4a7030 41 API calls 2 library calls 79270->79280 79274 4a7b8e 79272->79274 79275 4a7bac 79272->79275 79279 4a7b56 79272->79279 79281 4a7d97 53 API calls 3 library calls 79274->79281 79282 4a7d97 53 API calls 3 library calls 79275->79282 79278 4a7b3b 79278->79267 79279->79278 79283 4a7030 41 API calls 2 library calls 79279->79283 79280->79278 79281->79279 79282->79279 79283->79278 79285 358350 79284->79285 79286 358340 OutputDebugStringA 79284->79286 79287 358366 79285->79287 79292 358358 79285->79292 79301 358450 79285->79301 79286->79285 79292->79256 79303 35845f 79301->79303 79346->79190 79347->79074 79348->79083 79349->79066 79355 2e284d 79350->79355 79368 2e27ef _Yarn 79350->79368 79352 2e2942 79353 2e280f 79353->79076 79354 2e288a 79357 2e289b 79354->79357 79358 2e28d7 79354->79358 79355->79354 79355->79368 79374 2e2780 46 API calls 79355->79374 79359 2e28a6 79357->79359 79360 2e28b3 79357->79360 79357->79368 79361 2e28c4 _memcpy_s 79358->79361 79362 2e28e1 79358->79362 79358->79368 79363 4a722f __dosmaperr 14 API calls 79359->79363 79360->79361 79364 2e28b7 79360->79364 79361->79368 79369 4a722f __dosmaperr 14 API calls 79361->79369 79365 4a722f __dosmaperr 14 API calls 79362->79365 79366 2e28ab 79363->79366 79367 4a722f __dosmaperr 14 API calls 79364->79367 79365->79366 79375 4a70ad 41 API calls _memcpy_s 79366->79375 79367->79366 79368->79353 79376 2d7ea0 19 API calls 79368->79376 79369->79366 79371->79066 79372->79069 79373->79075 79374->79354 79375->79368 79376->79352 79378 35562c 79377->79378 79431 2e2750 79378->79431 79383 357316 79381->79383 79382 357328 79382->79103 79383->79382 79384 35737a 79383->79384 79385 35734a 79383->79385 79451 2e2a50 19 API calls 2 library calls 79384->79451 79437 35603b 79385->79437 79388 35737f 79389 357426 79388->79389 79390 357391 GlobalFix 79388->79390 79389->79103 79390->79389 79391 3573a2 lstrcmpW 79390->79391 79391->79389 79392 3573b7 79391->79392 79392->79389 79393 3573d0 79392->79393 79394 3573d8 79392->79394 79452 36dcca GlobalFlags GlobalUnWire GlobalFree 79393->79452 79396 3573e7 GlobalAlloc 79394->79396 79397 3573f7 GlobalFix 79396->79397 79398 35741b 79396->79398 79399 35740e 79397->79399 79398->79389 79399->79398 79453 36dcca GlobalFlags GlobalUnWire GlobalFree 79399->79453 79402 355a9d 79401->79402 79405 355a3c ___crtLCMapStringW 79401->79405 79468 2d7ea0 19 API calls 79402->79468 79404 355aa7 79405->79402 79406 355a62 79405->79406 79456 2e26f0 79406->79456 79408 355a6f 79409 35603b _memcpy_s 41 API calls 79408->79409 79410 355a88 79409->79410 79463 2e26c0 79410->79463 79426->79095 79427->79097 79481 35751e 79428->79481 79432 2e276e 79431->79432 79433 2e275d 79431->79433 79436 2d7ea0 19 API calls 79432->79436 79433->79096 79435 2e2778 79436->79435 79438 35604a 79437->79438 79447 356046 _Yarn 79437->79447 79439 356064 _memcpy_s 79438->79439 79440 356051 79438->79440 79444 356092 79439->79444 79445 35609b 79439->79445 79439->79447 79441 4a722f __dosmaperr 14 API calls 79440->79441 79442 356056 79441->79442 79454 4a70ad 41 API calls _memcpy_s 79442->79454 79446 4a722f __dosmaperr 14 API calls 79444->79446 79445->79447 79449 4a722f __dosmaperr 14 API calls 79445->79449 79448 356097 79446->79448 79447->79382 79455 4a70ad 41 API calls _memcpy_s 79448->79455 79449->79448 79451->79388 79452->79394 79453->79398 79454->79447 79455->79447 79457 2e271f 79456->79457 79458 2e26fd 79456->79458 79470 2d7ea0 19 API calls 79457->79470 79459 2e2718 79458->79459 79469 2e2780 46 API calls 79458->79469 79459->79408 79462 2e2729 79462->79408 79464 2e26ca 79463->79464 79465 2e26d1 79464->79465 79471 2d7ea0 19 API calls 79464->79471 79465->79109 79467 2e26ea 79468->79404 79469->79459 79470->79462 79471->79467 79482 35752a __EH_prolog3 79481->79482 79483 357545 79482->79483 79497 357698 79482->79497 79513 2d7ea0 19 API calls 79483->79513 79487 35754c 79501 356c1b 79487->79501 79488 3575a3 79498 3576ab __snprintf_s 79497->79498 79514 4abfdb 79498->79514 79502 356c27 __EH_prolog3 79501->79502 79503 2e2750 19 API calls 79502->79503 79504 356c34 79503->79504 79534 2e2540 79504->79534 79513->79488 79515 4abfef __snprintf_s 79514->79515 79520 4a808e 79515->79520 79518 4a6de9 __snprintf_s 41 API calls 79519 35753d 79518->79519 79519->79483 79519->79487 79521 4a80ba 79520->79521 79522 4a80dd 79520->79522 79531 4a7030 41 API calls 2 library calls 79521->79531 79522->79521 79526 4a80e5 __snprintf_s 79522->79526 79524 4a80d2 79525 49f076 _ValidateLocalCookies 5 API calls 79524->79525 79527 4a820f 79525->79527 79532 4aa861 53 API calls 2 library calls 79526->79532 79527->79518 79530 4a8166 79533 4a9d83 14 API calls ___free_lconv_mon 79530->79533 79531->79524 79532->79530 79533->79524 79577 36c407 46 API calls 79576->79577 79578 356107 79577->79578 79579 35be31 79578->79579 79587 4a35bc RaiseException 79578->79587 79579->78566 79581 356120 79582->78574 79583->78573 79584->78577 79585->78580 79586->78574 79587->79581 79588->78587 79590 4b7a77 79589->79590 79595 4b7ab2 79589->79595 79591 4a72b1 ___std_exception_copy 15 API calls 79590->79591 79592 4b7a9a 79591->79592 79593 4a724d ___crtDownlevelLCIDToLocaleName 41 API calls 79592->79593 79592->79595 79594 4b7aab 79593->79594 79594->79595 79598 4a70da IsProcessorFeaturePresent 79594->79598 79595->78602 79597 4b7ac8 GetCommandLineA GetCommandLineW 79597->78602 79599 4a70e6 79598->79599 79602 4a6eb1 79599->79602 79603 4a6ecd _memcpy_s std::locale::_Setgloballocale 79602->79603 79604 4a6ef9 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 79603->79604 79607 4a6fca std::locale::_Setgloballocale 79604->79607 79605 49f076 _ValidateLocalCookies 5 API calls 79606 4a6fe8 GetCurrentProcess TerminateProcess 79605->79606 79606->79597 79607->79605 79616 33c3ff 79608->79616 79609 33c406 79610 49f076 _ValidateLocalCookies 5 API calls 79609->79610 79611 2fbc0b 79610->79611 79625 30ef50 79611->79625 79612 2dbb40 43 API calls 79612->79616 79614 2e75b0 43 API calls 79614->79616 79615 2dbda0 41 API calls 79615->79616 79616->79609 79616->79612 79616->79614 79616->79615 79618 2dbe30 SimpleUString::operator= 43 API calls 79616->79618 79619 33c725 79616->79619 79654 33c770 5 API calls 2 library calls 79616->79654 79655 2db800 43 API calls std::_Facet_Register 79616->79655 79618->79616 79620 2dbda0 41 API calls 79619->79620 79621 33c755 79620->79621 79622 2dbda0 41 API calls 79621->79622 79623 33c75d 79622->79623 79626 2dc400 43 API calls 79625->79626 79654->79616 79655->79616 80241 2e1c80 80242 2e1cb7 80241->80242 80243 2e1cc2 80241->80243 80244 367044 ShowWindow 80242->80244 80246 2e1cbd 80243->80246 80247 2dbb90 43 API calls 80243->80247 80244->80246 80245 49f076 _ValidateLocalCookies 5 API calls 80248 2e1dcb 80245->80248 80246->80245 80249 2e1cd4 80247->80249 80251 2dbda0 41 API calls 80249->80251 80253 2e1ce6 std::ios_base::_Ios_base_dtor 80249->80253 80251->80253 80271 366ff0 80253->80271 80254 3615a9 53 API calls 80255 2e1d10 GetWindowThreadProcessId GetCurrentThreadId 80254->80255 80256 2e1d2a AttachThreadInput BringWindowToTop 80255->80256 80257 2e1d71 BringWindowToTop 80255->80257 80258 367044 ShowWindow 80256->80258 80259 367044 ShowWindow 80257->80259 80260 2e1d48 SetForegroundWindow 80258->80260 80261 2e1d83 SetForegroundWindow 80259->80261 80280 366f1a 80260->80280 80263 366f1a 57 API calls 80261->80263 80264 2e1d93 SetActiveWindow 80263->80264 80266 3615a9 53 API calls 80264->80266 80268 2e1da2 80266->80268 80267 3615a9 53 API calls 80269 2e1d67 AttachThreadInput 80267->80269 80270 2dbda0 41 API calls 80268->80270 80269->80268 80270->80246 80272 36703e 80271->80272 80273 366ffc IsWindow 80271->80273 80276 356107 RaiseException 80272->80276 80274 36700e 80273->80274 80275 367009 80273->80275 80277 367018 SetWindowTextW 80274->80277 80279 2e1d04 GetForegroundWindow 80274->80279 80275->80272 80275->80274 80278 367043 80276->80278 80277->80279 80279->80254 80281 366f25 GetParent 80280->80281 80287 2e1d58 SetActiveWindow 80280->80287 80282 3615a9 53 API calls 80281->80282 80283 366f34 80282->80283 80284 366f6b SetFocus 80283->80284 80285 366f38 GetParent 80283->80285 80288 3615a9 53 API calls 80284->80288 80286 3615a9 53 API calls 80285->80286 80289 366f47 80286->80289 80287->80267 80288->80287 80289->80284 80290 366f52 GetParent 80289->80290 80291 3615a9 53 API calls 80290->80291 80292 366f61 80291->80292 80292->80284 80566 2e3cf0 80567 2e407e 80566->80567 80568 2e3d16 80566->80568 80571 49f076 _ValidateLocalCookies 5 API calls 80567->80571 80569 2e3fdf 80568->80569 80570 2e3d28 80568->80570 80574 2e400d 80569->80574 80575 2e3fe6 80569->80575 80572 2e3d2e 80570->80572 80573 2e3f7f 80570->80573 80576 2e408b 80571->80576 80577 2e3dbe 80572->80577 80585 2e3d39 80572->80585 80579 2e3f89 80573->80579 80580 2e3fb1 80573->80580 80581 2d8570 160 API calls 80574->80581 80575->80567 80578 2e3ff1 80575->80578 80582 2d8570 160 API calls 80577->80582 80586 49f076 _ValidateLocalCookies 5 API calls 80578->80586 80587 49f076 _ValidateLocalCookies 5 API calls 80579->80587 80594 2e3fd7 80580->80594 80613 33d500 122 API calls 80580->80613 80581->80594 80583 2e3dc3 80582->80583 80611 33d260 120 API calls 80583->80611 80584 2e3d9b 80592 49f076 _ValidateLocalCookies 5 API calls 80584->80592 80585->80567 80585->80584 80589 2e4007 80586->80589 80590 2e3fab 80587->80590 80588 2e3dd7 80595 2e3f63 80588->80595 80596 2e3e10 80588->80596 80602 2e3eb3 80588->80602 80591 2e4077 SetEvent 80591->80567 80593 2e3db8 80592->80593 80594->80567 80594->80591 80598 49f076 _ValidateLocalCookies 5 API calls 80595->80598 80597 2d8570 160 API calls 80596->80597 80599 2e3e15 80597->80599 80600 2e3f79 80598->80600 80614 2e3ad0 45 API calls 2 library calls 80599->80614 80601 2e3f17 80601->80594 80601->80595 80602->80601 80612 33d500 122 API calls 80602->80612 80604 2e3e5a 80605 3555c6 std::_Facet_Register 15 API calls 80604->80605 80606 2e3e65 80604->80606 80605->80606 80606->80595 80607 2e3e90 SetEvent 80606->80607 80608 2e3ea0 80607->80608 80609 49f076 _ValidateLocalCookies 5 API calls 80608->80609 80610 2e3ead 80609->80610 80611->80588 80612->80601 80613->80594 80614->80604 81642 3561cb 81643 356209 81642->81643 81645 3561d9 81642->81645 81644 3561f4 81644->81643 81651 4b7395 41 API calls 2 library calls 81644->81651 81645->81643 81645->81644 81648 35623e 81645->81648 81652 36758a 81648->81652 81650 35625c 81650->81644 81651->81643 81653 367596 81652->81653 81654 3675ec 81652->81654 81653->81654 81655 36759d 81653->81655 81656 356107 RaiseException 81654->81656 81658 369ca3 52 API calls 81655->81658 81657 3675f1 __EH_prolog3 81656->81657 81660 3675fe CreateSolidBrush 81657->81660 81659 3675a2 81658->81659 81676 2e03e0 FindResourceW 81659->81676 81662 36821f 52 API calls 81660->81662 81664 367622 81662->81664 81663 3675ae 81665 3675b6 81663->81665 81682 355ffd 41 API calls _memcpy_s 81663->81682 81666 367626 std::locale::_Setgloballocale 81664->81666 81683 3681a9 RaiseException Concurrency::cancel_current_task 81664->81683 81665->81650 81666->81650 81677 2e0409 LoadResource 81676->81677 81678 2e0405 81676->81678 81679 2e041f LockResource 81677->81679 81680 2e0416 81677->81680 81678->81663 81679->81680 81681 2e042c SizeofResource 81679->81681 81680->81663 81681->81680 81682->81665

                                                                                                                    Executed Functions

                                                                                                                    Function 002E4170 Relevance: 177.4, APIs: 51, Strings: 49, Instructions: 2352COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,?,?,?,CancelPort,0000000A,?,?,?,?), ref: 002E4667
                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 002E4677
                                                                                                                    • CloseHandle.KERNEL32(?,HTTPSend_03,0000000B,Error_NativeToUTF8,00000012), ref: 002E4822
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002E482B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateEventHandle
                                                                                                                    • String ID: &$,4$AAM$CancelPort$Certificate not matching.$Certificate: %s$CertificateNotMatching_01$Error_InvalidArguments$Error_NativeToUTF8$Failed in making http request, in HttpSend$Failed in multibyte to wide conversion, in HttpSend$Failed in quering WinHttpHeaders error:%d$Failed in setting proxycredentials in HttpSend error:%d$Failed in setting status callback in HttpSend$Failed to connect to server, in HttpSend$Failed to connect to server, in HttpSend with secure flag$Failed to delete file: '%s' LastError:%d$Failed to open a WinHttp session, in HttpSend$Failed to open http request, in HttpSend$FileUtils$GET$HTTPConnector::HTTPSend$HTTPConnector::HTTPSend :: After callback : error Type : %d, error code : %d$HTTPConnector::HTTPSend :: WaitForMultipleObjects returned after timeout$HTTPConnector::HTTPSend :: WaitForMultipleObjects returned with cancellation$HTTPConnector::HTTPSend :: WinHttpConnect failed : %d$HTTPConnector::HTTPSend :: WinHttpOpen failed : %d$HTTPConnector::HTTPSend :: WinHttpOpenRequest failed : %d$HTTPConnector::HTTPSend :: WinHttpSendRequest failed : %d$HTTPConnector::HTTPSend :: WinHttpSetCredentials failed : %d$HTTPConnector::HTTPSend :: WinHttpSetStatusCallback failed$HTTPConnectorError$HTTPSend$HTTPSend_01$HTTPSend_03$HttpConnector$WinHttpConnect_01$WinHttpOpenRequest_01$WinHttpOpen_01$WinHttpQueryHeaders_01$WinHttpQueryOption_01$WinHttpSendRequest_01$WinHttpSetCredentials_01$WinHttpSetOption$WinHttpSetStatusCallback_01$`avo$http://$https://$setting secure protocols to TLS1.2 always
                                                                                                                    • API String ID: 3369476804-4162533411
                                                                                                                    • Opcode ID: e2706c21e6023e9186760a6918ae52049ce90b536f4ca07e92e486cf4d7163a0
                                                                                                                    • Instruction ID: c9e37f35da52b9b5589d02a3b9a33b1a7c1d9d9da12b083226dc6ed9606a2ebd
                                                                                                                    • Opcode Fuzzy Hash: e2706c21e6023e9186760a6918ae52049ce90b536f4ca07e92e486cf4d7163a0
                                                                                                                    • Instruction Fuzzy Hash: 4C338970960269DBDB22DF24CC59BEDBBB4AF25304F5081D9E408A7292DB706F98CF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002DEE50 Relevance: 81.4, APIs: 22, Strings: 24, Instructions: 914libraryloadersynchronizationCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 776 2dee50-2def55 call 4a3d70 GetVersionExW 779 2def65-2def6b 776->779 780 2def57-2def63 776->780 781 2def71-2defa6 call 332220 * 2 779->781 780->781 786 2defac-2df112 call 2e01a0 call 2dfee0 call 2dbda0 * 3 781->786 787 2dfe37-357438 call 2d84d0 call 35beb3 781->787 815 2df4c8-2df4d5 GetModuleHandleW 786->815 816 2df118-2df121 786->816 798 357446-35744f call 369ca3 787->798 799 35743a-35743e 787->799 802 357458-357465 call 36ca8d 798->802 809 357451-357453 call 357e09 798->809 801 357440-357444 799->801 799->802 801->798 801->802 813 357467-35746f 802->813 814 357471-35747b 802->814 809->802 813->814 817 35747d-357484 FreeLibrary 814->817 818 35748a-357491 call 3563cd 814->818 819 2df4ee-2df538 call 4a3d70 GetSystemWindowsDirectoryW SetDllDirectoryW 815->819 820 2df4d7-2df4e5 GetProcAddress 815->820 822 2df14b-2df3cb call 2dc400 * 10 GetModuleFileNameW 816->822 823 2df123-2df12b 816->823 817->818 832 357493-357498 call 3563cd 818->832 833 35749b-35749f 818->833 835 2df53e-2df545 819->835 836 2df7d8-2df7de 819->836 820->819 825 2df4e7 820->825 905 2df3cd-2df3dc PathRemoveFileSpecW 822->905 906 2df409-2df417 822->906 827 2df130-2df137 823->827 825->819 827->815 831 2df13d-2df149 827->831 831->822 831->827 832->833 840 2df565-2df59b call 2dc400 835->840 841 2df547-2df549 835->841 839 2df7e0-2df7ee LoadLibraryW 836->839 839->839 844 2df7f0-2df825 6F5433E0 call 3577f8 call 35be20 839->844 853 2df5a0-2df5ad 840->853 845 2df550-2df557 841->845 863 2df838-2df855 call 35af94 call 3555c6 844->863 864 2df827-2df833 call 35919e 844->864 845->836 849 2df55d-2df563 845->849 849->840 849->845 856 2df5b0-2df5b9 853->856 856->856 860 2df5bb-2df5ce 856->860 860->787 861 2df5d4-2df64b call 2e01a0 LoadLibraryW call 2dbda0 860->861 861->853 883 2df651-2df660 call 2dbda0 861->883 881 2df857-2df867 call 35a78b 863->881 882 2df870 863->882 876 2dfdea-2dfe36 call 2dbda0 * 3 call 49f076 864->876 891 2df86c-2df86e 881->891 889 2df872-2df8be call 358c46 call 2dc400 882->889 883->844 907 2df8c0-2df8c9 889->907 891->889 905->906 910 2df3de-2df3e4 905->910 909 2df420-2df478 call 2dbe30 call 339330 PathFileExistsW 906->909 907->907 911 2df8cb-2df923 call 2dfee0 CommandLineToArgvW 907->911 926 2df47e-2df489 909->926 927 2df665-2df6ac PathIsDirectoryW call 2d8570 call 2fb670 call 2d8570 909->927 913 2df3e7-2df3f0 910->913 919 2df978-2df9a7 call 2fbbc0 911->919 920 2df925-2df939 call 49f1b7 911->920 913->913 917 2df3f2-2df404 call 2dbe30 913->917 917->906 929 2df9fc-2dfa03 919->929 930 2df9a9-2df9bd call 49f1b7 919->930 920->919 931 2df93b-2df958 call 4a3d70 call 2f9910 920->931 926->909 932 2df48b-2df4c2 call 49f28d call 2dbda0 * 2 926->932 972 2df6ae 927->972 973 2df6b0-2df71f call 2e0060 927->973 938 2dfa09-2dfa12 call 2d8570 929->938 939 2dfcf6-2dfd8c call 4a3d70 call 35c984 call 369ca3 * 2 LoadIconW call 359fce 929->939 930->929 946 2df9bf-2df9f9 call 4a3d70 call 2f9910 call 49f5de call 49f16d 930->946 956 2df95d-2df975 call 49f5de call 49f16d 931->956 932->815 952 2dfa18-2dfae2 call 338d00 call 2f42d0 call 339330 SHCreateDirectoryExW 938->952 953 2dfbc5-2dfbd1 call 2d8570 938->953 1003 2dfd91-2dfdc7 call 35cb03 939->1003 946->929 1000 2dfafb-2dfb04 GetLastError 952->1000 1001 2dfae4-2dfaee call 339b80 952->1001 978 2dfbd8-2dfbe4 call 2d8570 953->978 979 2dfbd3 call 2d8570 953->979 956->919 972->973 998 2df721-2df73e 973->998 999 2df740-2df74c call 2e0260 973->999 978->939 992 2dfbea-2dfc3e call 2d8570 call 2fb670 call 2d8570 call 33d230 call 2d8570 978->992 979->978 1045 2dfc5c-2dfc67 call 2d8570 call 30f1d0 992->1045 1046 2dfc40-2dfc59 call 2d8570 992->1046 1005 2df751-2df7d3 call 2dbda0 * 2 call 49f28d call 2dbda0 * 2 998->1005 999->1005 1008 2dfb9a-2dfbbf call 2dbda0 * 2 1000->1008 1009 2dfb0a-2dfb33 1000->1009 1014 2dfaf3-2dfaf6 1001->1014 1011 2dfdcc-2dfdce 1003->1011 1005->876 1008->953 1008->1011 1015 2dfb36-2dfb3f 1009->1015 1016 2dfdd9 1011->1016 1017 2dfdd0-2dfdd4 1011->1017 1014->1008 1015->1015 1021 2dfb41-2dfb94 call 2dc400 call 2d8570 call 2edb00 call 2dbda0 1015->1021 1022 2dfddb-2dfde5 call 2dbda0 1016->1022 1017->1016 1021->1008 1022->876 1057 2dfc6c-2dfc6e 1045->1057 1046->1045 1058 2dfc9b-2dfca2 1057->1058 1059 2dfc70-2dfc96 call 2d8570 1057->1059 1058->939 1061 2dfca4-2dfcb7 call 2d8570 1058->1061 1059->1022 1061->1016 1065 2dfcbd-2dfccb WaitForSingleObject 1061->1065 1067 2dfccd-2dfcd5 TerminateThread 1065->1067 1068 2dfcdb-2dfcf1 CloseHandle 1065->1068 1067->1068 1068->1016
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(0000011C,7D8B83E9), ref: 002DEF4D
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,imgutil.dll,0000000B,WinHTTP.dll,0000000B,dnsapi.dll,0000000A,WS2Help.dll,0000000B,WS2_32.dll,0000000A,schannel.dll,0000000C,rsaenh.dll), ref: 002DF3C3
                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(?), ref: 002DF3D4
                                                                                                                    • PathFileExistsW.SHLWAPI(?,?), ref: 002DF470
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,?,00531818,00000001), ref: 002DF4CD
                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 002DF4DD
                                                                                                                    • GetSystemWindowsDirectoryW.KERNEL32(?,00000104), ref: 002DF510
                                                                                                                    • SetDllDirectoryW.KERNEL32(0052EE6C), ref: 002DF51B
                                                                                                                    • LoadLibraryW.KERNEL32(?,?,?,?,00000000,00531560,0053155E,C:\Windows\System32\,00000014), ref: 002DF627
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002DF67A
                                                                                                                    • LoadLibraryW.KERNEL32(00531560), ref: 002DF7E6
                                                                                                                    • 6F5433E0.COMCTL32(?), ref: 002DF80B
                                                                                                                    • CommandLineToArgvW.SHELL32(?,?,?,?,test.exe ,00000009,Adobe Download Manager), ref: 002DF902
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 002DF970
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 002DF9F4
                                                                                                                      • Part of subcall function 0049F16D: RtlEnterCriticalSection.NTDLL(005767E0), ref: 0049F177
                                                                                                                      • Part of subcall function 0049F16D: RtlLeaveCriticalSection.NTDLL(005767E0), ref: 0049F1AA
                                                                                                                      • Part of subcall function 0049F16D: RtlWakeAllConditionVariable.NTDLL ref: 0049F221
                                                                                                                    • LoadIconW.USER32(?,0000006E), ref: 002DFD63
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                      • Part of subcall function 00338D00: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,?), ref: 00338D23
                                                                                                                      • Part of subcall function 00339330: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,?), ref: 00339393
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,?), ref: 002DFADA
                                                                                                                    • GetLastError.KERNEL32 ref: 002DFAFB
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002DFCC0
                                                                                                                    • TerminateThread.KERNEL32(?,000000FF), ref: 002DFCD5
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002DFCE1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$Directory$FileInit_thread_footerLoad$CriticalHandleLibraryModuleSection$AddressAppendArgvCloseCommandConditionCreateEnterErrorExistsF5433FolderIconLastLeaveLineNameObjectProcRemoveSingleSpecSpecialSystemTerminateThreadVariableVersionWaitWakeWindows
                                                                                                                    • String ID: present in current folder is blocking the installer. Remove the dll or change the location of the installer.$5.1$6.1$Adobe Download Manager$C:\Windows\System32\$Command Line : %s$Malicious '%s' found in the same folder$Quitting$Running in IE protected workflow$SamLib.dll$SetDefaultDllDirectories$Unable to initialize Elevation Manager. Quitting...$WS2Help.dll$WS2_32.dll$WinHTTP.dll$b-.$dnsapi.dll$dssenh.dll$imgutil.dll$kernel32.dll$ntmarta.dll$rsaenh.dll$schannel.dll$test.exe
                                                                                                                    • API String ID: 3338445307-1612191400
                                                                                                                    • Opcode ID: b8b52baecb62ccca7efc5ae6bd60c484f13f00d32aba5987162b0bf4e51351ce
                                                                                                                    • Instruction ID: f78af223d6eb7e9bdc47f22874111de53f9fe389c4f95eceda8f081f5a4a7ed7
                                                                                                                    • Opcode Fuzzy Hash: b8b52baecb62ccca7efc5ae6bd60c484f13f00d32aba5987162b0bf4e51351ce
                                                                                                                    • Instruction Fuzzy Hash: DB92DB70D10269DADB21DF24CD59BEDBBB4AF55304F1082EAE409A7292DBB05F88CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FD240 Relevance: 64.5, Strings: 51, Instructions: 725COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1282 2fd240-2fdde5 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 2dc400 call 2fd170 call 33d560 1476 2fde0b-2fde24 call 33d560 1282->1476 1477 2fdde7-2fdded 1282->1477 1481 2fde4a-2fde63 call 33d560 1476->1481 1482 2fde26-2fde2c 1476->1482 1478 2fddef 1477->1478 1479 2fddf1-2fddfa call 33d290 1477->1479 1478->1479 1483 2fddfd-2fde09 1479->1483 1488 2fde89-2fde99 1481->1488 1489 2fde65-2fde6b 1481->1489 1484 2fde2e 1482->1484 1485 2fde30-2fde39 call 33d290 1482->1485 1483->1476 1483->1477 1484->1485 1487 2fde3c-2fde48 1485->1487 1487->1481 1487->1482 1490 2fde6f-2fde78 call 33d290 1489->1490 1491 2fde6d 1489->1491 1492 2fde7b-2fde87 1490->1492 1491->1490 1492->1488 1492->1489
                                                                                                                    Strings
                                                                                                                    • dlmping.adobe.com, xrefs: 002FD718
                                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\, xrefs: 002FDC1E
                                                                                                                    • platformdl-stage.corp.adobe.com, xrefs: 002FD5F1
                                                                                                                    • admdownload.stage.adobe.com, xrefs: 002FD368
                                                                                                                    • get3.adobe.com, xrefs: 002FD804
                                                                                                                    • /, xrefs: 002FDDB2
                                                                                                                    • White listed User Registries are, xrefs: 002FDE4D
                                                                                                                    • SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 002FDBE3
                                                                                                                    • rdc-stage.adobe.io, xrefs: 002FDA29
                                                                                                                    • SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\, xrefs: 002FDD54
                                                                                                                    • adobetag.com, xrefs: 002FD87A
                                                                                                                    • White listed Machine Registries are, xrefs: 002FDE0E
                                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\, xrefs: 002FDBA2
                                                                                                                    • platformdl.adobe.com, xrefs: 002FD5B6
                                                                                                                    • rdc-dev.adobe.io, xrefs: 002FD9EB
                                                                                                                    • dlmping4.adobe.com, xrefs: 002FD7C9
                                                                                                                    • ardownload2-stg.corp.adobe.com, xrefs: 002FD27F
                                                                                                                    • ccmdls.adobe.com, xrefs: 002FD96F
                                                                                                                    • wwwimages.adobe.com, xrefs: 002FD66A
                                                                                                                    • get3.stage.adobe.com, xrefs: 002FD83F
                                                                                                                    • fpdownload2.adobe.com, xrefs: 002FD57B
                                                                                                                    • geo-dc.adobe.com, xrefs: 002FDAE3
                                                                                                                    • SOFTWARE\Microsoft\Windows NT\CurrentVersion\, xrefs: 002FDB64
                                                                                                                    • wwwimages2.adobe.com, xrefs: 002FD62C
                                                                                                                    • airdownload.adobe.com, xrefs: 002FD3DE
                                                                                                                    • promotion.adobe.com, xrefs: 002FD8B5
                                                                                                                    • stats.adobe.com, xrefs: 002FD8F3
                                                                                                                    • fpdownload2.macromedia.com, xrefs: 002FD516
                                                                                                                    • fpdownload.adobe.com, xrefs: 002FD540
                                                                                                                    • dlmping2.adobe.com, xrefs: 002FD753
                                                                                                                    • wwwimages.stage.adobe.com, xrefs: 002FD6A2
                                                                                                                    • admdownload.adobe.com, xrefs: 002FD3A3
                                                                                                                    • geo2.adobe.com, xrefs: 002FDAA5
                                                                                                                    • wwwimages2.stage.adobe.com, xrefs: 002FD6DD
                                                                                                                    • ardownload2.adobe.com, xrefs: 002FD454
                                                                                                                    • SOFTWARE\Adobe\Setup\Reader\, xrefs: 002FDC9A
                                                                                                                    • SOFTWARE\McAfee Safe Connect, xrefs: 002FDCD8
                                                                                                                    • sstats.adobe.com, xrefs: 002FD931
                                                                                                                    • download.macromedia.com, xrefs: 002FD48F
                                                                                                                    • dlmping3.adobe.com, xrefs: 002FD78E
                                                                                                                    • get.adobe.com, xrefs: 002FD2B7
                                                                                                                    • ardownload.adobe.com, xrefs: 002FD419
                                                                                                                    • stage-ffc-files.corp.adobe.com, xrefs: 002FD9AD
                                                                                                                    • aihdownload.adobe.com, xrefs: 002FD32D
                                                                                                                    • rdc.adobe.io, xrefs: 002FDA67
                                                                                                                    • SYSTEM\CurrentControlSet\Control\Session Manager\Environment\, xrefs: 002FDB21
                                                                                                                    • get2.adobe.com, xrefs: 002FD2F2
                                                                                                                    • SOFTWARE\Macromedia\, xrefs: 002FDC5C, 002FDD97
                                                                                                                    • White listed URLs are, xrefs: 002FDDD1
                                                                                                                    • SOFTWARE\Wow6432Node\Adobe\Setup\Reader\, xrefs: 002FDD16
                                                                                                                    • fpdownload.macromedia.com, xrefs: 002FD4CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /$SOFTWARE\Adobe\Setup\Reader\$SOFTWARE\Macromedia\$SOFTWARE\McAfee Safe Connect$SOFTWARE\Microsoft\Windows NT\CurrentVersion\$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\$SOFTWARE\Wow6432Node\Adobe\Setup\Reader\$SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\$SYSTEM\CurrentControlSet\Control\Session Manager\Environment\$White listed Machine Registries are$White listed URLs are$White listed User Registries are$admdownload.adobe.com$admdownload.stage.adobe.com$adobetag.com$aihdownload.adobe.com$airdownload.adobe.com$ardownload.adobe.com$ardownload2-stg.corp.adobe.com$ardownload2.adobe.com$ccmdls.adobe.com$dlmping.adobe.com$dlmping2.adobe.com$dlmping3.adobe.com$dlmping4.adobe.com$download.macromedia.com$fpdownload.adobe.com$fpdownload.macromedia.com$fpdownload2.adobe.com$fpdownload2.macromedia.com$geo-dc.adobe.com$geo2.adobe.com$get.adobe.com$get2.adobe.com$get3.adobe.com$get3.stage.adobe.com$platformdl-stage.corp.adobe.com$platformdl.adobe.com$promotion.adobe.com$rdc-dev.adobe.io$rdc-stage.adobe.io$rdc.adobe.io$sstats.adobe.com$stage-ffc-files.corp.adobe.com$stats.adobe.com$wwwimages.adobe.com$wwwimages.stage.adobe.com$wwwimages2.adobe.com$wwwimages2.stage.adobe.com
                                                                                                                    • API String ID: 0-3109437854
                                                                                                                    • Opcode ID: 81e1637e87239d761d8fb092f78a839e258fa419b6027a107f3fdc805c6da2c9
                                                                                                                    • Instruction ID: 8bd697e7f2537304f0cc5297c9dcb9fe14cf8b36fadb2c82bbcd07820d7eda1c
                                                                                                                    • Opcode Fuzzy Hash: 81e1637e87239d761d8fb092f78a839e258fa419b6027a107f3fdc805c6da2c9
                                                                                                                    • Instruction Fuzzy Hash: FC722DB0951709ABDB04DF60C9167AABB71BF15718F30838DE0142F2E2D7B19A96DBC1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F9910 Relevance: 53.7, APIs: 5, Strings: 25, Instructions: 1152COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1499 2f9910-2fa11c call 2dc400 call 33d160 call 2dc400 call 33c940 call 3555c6 call 2dc400 * 5 call 3555c6 call 2dc400 * 2 call 33c330 call 2dbe30 * 2 call 3555c6 1534 2fa11e-2fa135 call 4a3d70 call 31f5d0 1499->1534 1535 2fa137 1499->1535 1536 2fa139-2fa15d call 3555c6 1534->1536 1535->1536 1543 2fa15f-2fa176 call 4a3d70 call 3003a0 1536->1543 1544 2fa178 1536->1544 1546 2fa17a-2fa1a8 call 3555c6 1543->1546 1544->1546 1552 2fa1ae-2fa28c call 4a3d70 call 330ea0 call 3555c6 * 2 call 49f5f3 1546->1552 1553 2fa2c5 1546->1553 1585 2fa28e-2fa294 1552->1585 1586 2fa2b9-2fa2c3 1552->1586 1555 2fa2c7-2fa350 call 2dbe30 * 2 GetModuleFileNameW 1553->1555 1565 2fa382-2fa39f PathFindFileNameW 1555->1565 1566 2fa352-2fa35b 1555->1566 1569 2fa3a2-2fa3ab 1565->1569 1568 2fa360-2fa369 1566->1568 1568->1568 1571 2fa36b-2fa37d call 2dbe30 1568->1571 1569->1569 1572 2fa3ad-2fa43f call 2dbe30 call 2dbb90 call 2dc400 call 4ae854 call 4ae614 1569->1572 1571->1565 1593 2fa47a-2fa6f1 call 2dbda0 * 3 call 2e2ad0 GetModuleFileNameW call 4a7869 call 4a3d70 call 2eb790 call 2eb6f0 call 2eb300 call 2e9b60 call 4a79e0 call 2e9f30 call 4a3d70 call 2fe3f0 call 2fe900 1572->1593 1594 2fa441-2fa475 call 4adb7d call 2f71a0 1572->1594 1588 2fa297-2fa2a0 1585->1588 1586->1555 1588->1588 1589 2fa2a2-2fa2b4 call 2dbe30 1588->1589 1589->1586 1628 2fa708-2fa763 call 2fe800 1593->1628 1629 2fa6f3-2fa702 call 2f9840 1593->1629 1594->1593 1634 2fa801-2fa837 call 2dc400 1628->1634 1635 2fa769-2fa7ce call 2fe800 1628->1635 1629->1628 1629->1634 1640 2fa83d-2fa89d call 2fe800 1634->1640 1641 2faa2b-2faa33 1634->1641 1642 2fa7d5-2fa7dc 1635->1642 1643 2fa7d0-2fa7d3 1635->1643 1653 2fa937-2fa992 call 2fe800 1640->1653 1654 2fa8a3-2fa903 call 2fe800 1640->1654 1646 2faa55-2faa86 call 2dc370 1641->1646 1647 2faa35-2faa50 call 2dbe30 1641->1647 1645 2fa7e1-2fa7ee 1642->1645 1643->1645 1649 2fa7f3-2fa7fe call 3320d0 1645->1649 1650 2fa7f0 1645->1650 1657 2faa8c-2faab1 call 2dc370 1646->1657 1658 2fab84-2fabaf call 2dc370 1646->1658 1647->1646 1649->1634 1650->1649 1653->1641 1666 2fa998-2fa9f8 call 2fe800 1653->1666 1669 2fa90a-2fa911 1654->1669 1670 2fa905-2fa908 1654->1670 1657->1658 1672 2faab7-2faac6 GetModuleHandleW 1657->1672 1673 2fabb5-2fabda call 2dc370 1658->1673 1674 2faee4-2faf29 call 2dbe30 * 2 call 2dbda0 call 2fe330 1658->1674 1683 2fa9ff-2faa06 1666->1683 1684 2fa9fa-2fa9fd 1666->1684 1675 2fa916-2fa923 1669->1675 1670->1675 1677 2faac8-2faad1 GetModuleHandleW 1672->1677 1678 2faad7-2fab77 call 2dc400 * 2 call 331bd0 call 2dbda0 * 2 1672->1678 1673->1674 1692 2fabe0-2fac05 call 2dc370 1673->1692 1713 2faf2e-2faf72 call 2e2460 call 2dbda0 call 49f076 1674->1713 1680 2fa928-2fa934 call 3320d0 1675->1680 1681 2fa925 1675->1681 1677->1678 1685 2fab7e 1677->1685 1678->1685 1680->1653 1681->1680 1690 2faa0b-2faa18 1683->1690 1684->1690 1685->1658 1696 2faa1d-2faa28 call 3320d0 1690->1696 1697 2faa1a 1690->1697 1707 2fac0b-2fac73 call 2dc400 * 2 1692->1707 1708 2fada0-2fadc5 call 2dc370 1692->1708 1696->1641 1697->1696 1728 2fac75-2facb5 1707->1728 1708->1674 1718 2fadcb-2fae3b call 2dc400 * 2 1708->1718 1741 2fae40-2fae82 call 2dc370 1718->1741 1729 2faced-2fad12 call 2dbda0 * 2 1728->1729 1730 2facb7-2facbb 1728->1730 1754 2faeda-2faedf call 2dbe30 1729->1754 1730->1729 1733 2facbd-2facbf 1730->1733 1737 2fad4f-2fad52 1733->1737 1738 2facc5-2faccc 1733->1738 1737->1729 1743 2fad54-2fad81 call 2f7b10 1737->1743 1744 2facd2-2facd6 1738->1744 1750 2faeb5-2faed5 call 2dbda0 * 2 1741->1750 1751 2fae84-2faeb3 call 2f7b10 1741->1751 1743->1728 1744->1729 1748 2facd8-2facdb 1744->1748 1753 2face0-2face3 1748->1753 1750->1754 1751->1741 1757 2fad17-2fad19 1753->1757 1758 2face5-2faceb 1753->1758 1754->1674 1757->1729 1762 2fad1b-2fad1f 1757->1762 1758->1729 1758->1753 1764 2fad41-2fad4d 1762->1764 1765 2fad21-2fad29 1762->1765 1764->1737 1767 2fad30-2fad37 1765->1767 1768 2fad39-2fad3f 1767->1768 1769 2fad86-2fad9b 1767->1769 1768->1764 1768->1767 1769->1744
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0033C940: RtlInitializeCriticalSection.NTDLL(00577884), ref: 0033C9BC
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,0052EE6C,00000000,0052EC9C,00000002,?,?,00000000,00000000,0000000D), ref: 002FA34C
                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,?,00000000,00000000,0000000D), ref: 002FA397
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00532100,00000000,?,00000000,-00000002,?,?,00000000,00000000,0000000D), ref: 002FA533
                                                                                                                    • GetModuleHandleW.KERNEL32(tmmon.dll,?,?,?,?,00000000,00000038,?,?,?,?,?,?,?,?,005337DC), ref: 002FAAC2
                                                                                                                    • GetModuleHandleW.KERNEL32(tmmon64.dll,?,?,?,?,00000000,00000038,?,?,?,?,?,?,?,?,005337DC), ref: 002FAACD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Module$FileName$Handle$CriticalFindInitializePathSection
                                                                                                                    • String ID: 04S$5.1$6$ADM$ADM$ApplicationContext$_acr$_cra$_crd$dwW$en_US$en_US$false$install$live$mcvisid$packageListCS$readerdc$readerdc64$skuid$tmmon.dll$tmmon64.dll$trackingid$true$true
                                                                                                                    • API String ID: 1150115235-137263905
                                                                                                                    • Opcode ID: 6d55a28405030ac788e9ef55d48f44f0fa0b5aa15aa79e16862cd48ce05c7fd5
                                                                                                                    • Instruction ID: 15456a8047926cf56b81adbf94a54b7d83f597c4bb381f44d2e1248023f5a4fb
                                                                                                                    • Opcode Fuzzy Hash: 6d55a28405030ac788e9ef55d48f44f0fa0b5aa15aa79e16862cd48ce05c7fd5
                                                                                                                    • Instruction Fuzzy Hash: 35C28E70C1939CCAEB11CF24ED047A9BBB1BB69304F1082D9D54C67291EBB51AD8EF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FC7B0 Relevance: 39.1, APIs: 4, Strings: 18, Instructions: 601COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1770 2fc7b0-2fc90d call 2dc400 call 33c100 call 33a120 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33a4a0 call 2dbda0 1789 2fc90f-2fc918 call 2dbe30 1770->1789 1790 2fc91d-2fc983 call 2dc400 call 33a4a0 call 2dbda0 1770->1790 1789->1790 1798 2fc989-2fc9f1 call 2dc400 * 2 1790->1798 1799 2fca95-2fccc4 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33a4a0 call 2dbda0 call 2dc400 call 33bb10 call 2dbda0 1790->1799 1808 2fc9f3-2fca23 1798->1808 1866 2fccea-2fcd99 call 2fd240 call 33ca30 call 2dc400 call 2dc8c0 1799->1866 1867 2fccc6-2fcce2 call 2dce30 1799->1867 1810 2fca2d-2fca32 1808->1810 1811 2fca25-2fca27 1808->1811 1813 2fca34-2fca38 1810->1813 1814 2fca71-2fca8f call 2dbda0 * 2 1810->1814 1811->1810 1813->1814 1817 2fca3a-2fca3c 1813->1817 1814->1799 1821 2fce65-2fce68 1817->1821 1822 2fca42-2fca52 1817->1822 1821->1814 1825 2fce6e-2fce96 call 2f7b10 1821->1825 1826 2fca55-2fca59 1822->1826 1825->1808 1826->1814 1830 2fca5b-2fca5e 1826->1830 1831 2fca60-2fca63 1830->1831 1834 2fca69-2fca6f 1831->1834 1835 2fce28-2fce2a 1831->1835 1834->1814 1834->1831 1835->1814 1838 2fce30-2fce34 1835->1838 1840 2fce36-2fce3e 1838->1840 1841 2fce51-2fce63 1838->1841 1843 2fce40-2fce47 1840->1843 1841->1821 1845 2fce9b-2fceb0 1843->1845 1846 2fce49-2fce4f 1843->1846 1845->1826 1846->1841 1846->1843 1879 2fcd9f-2fcda6 1866->1879 1880 2fceb5 1866->1880 1867->1866 1873 2fcce4 1867->1873 1873->1866 1882 2fcdab-2fcdd3 call 2dce30 1879->1882 1883 2fcda8 1879->1883 1881 2fcebc-2fcede call 2dbda0 1880->1881 1888 2fcef2-2fcef7 1881->1888 1889 2fcee0-2fcee5 1881->1889 1882->1880 1890 2fcdd9-2fcde5 1882->1890 1883->1882 1891 2fcf0c-2fcf6f call 331e70 call 2dc370 call 2f3850 call 2d8570 1888->1891 1893 2fcef9-2fcf00 1888->1893 1889->1891 1892 2fcee7-2fcef0 1889->1892 1890->1880 1894 2fcdeb-2fcdf2 1890->1894 1911 2fcf73-2fcf77 1891->1911 1912 2fcf71 1891->1912 1897 2fcf04-2fcf07 call 2dbe30 1892->1897 1893->1897 1895 2fcdf6-2fcdfb 1894->1895 1896 2fcdf4 1894->1896 1899 2fce00-2fce09 1895->1899 1896->1895 1897->1891 1899->1899 1902 2fce0b-2fce23 call 2dbe30 1899->1902 1902->1881 1913 2fcf7b-2fcfe4 call 33d290 call 338d00 call 2f42d0 1911->1913 1914 2fcf79 1911->1914 1912->1911 1920 2fcfea-2fcfef 1913->1920 1921 2fd077-2fd07d 1913->1921 1914->1913 1920->1921 1922 2fcff5-2fd011 call 4a72b1 1920->1922 1923 2fd07f 1921->1923 1924 2fd081-2fd08d PathFileExistsW 1921->1924 1933 2fd013-2fd019 1922->1933 1934 2fd071 1922->1934 1923->1924 1926 2fd09f-2fd0a2 1924->1926 1927 2fd08f-2fd092 1924->1927 1931 2fd0a6-2fd0b3 SHCreateDirectoryExW 1926->1931 1932 2fd0a4 1926->1932 1929 2fd096-2fd09d PathIsDirectoryW 1927->1929 1930 2fd094 1927->1930 1935 2fd0d1-2fd167 call 2d8570 call 2dbe30 call 2d8620 call 31f970 call 2dbda0 * 4 call 33c100 call 2dbda0 call 49f076 1929->1935 1930->1929 1931->1935 1936 2fd0b5-2fd0ce call 33d100 1931->1936 1932->1931 1937 2fd01d-2fd049 call 4a724d PathAppendW 1933->1937 1938 2fd01b 1933->1938 1934->1921 1936->1935 1946 2fd050-2fd059 1937->1946 1938->1937 1946->1946 1948 2fd05b-2fd06e call 2dbe30 call 4a6d86 1946->1948 1948->1934
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0033A120: _com_issue_errorex.COMSUPP ref: 0033A196
                                                                                                                      • Part of subcall function 0033BB10: _com_issue_errorex.COMSUPP ref: 0033BC1F
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?), ref: 002FD03E
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 002FD082
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002FD097
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 002FD0AB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$Directory_com_issue_errorex$AppendCreateExistsFile
                                                                                                                    • String ID: /config/admUrl$/config/applicationName$/config/builtInName$/config/defaultRedirectURL$/config/isProd$/config/minOSVersion$/config/site$/config/type$/config/validCAs/validCA$2.0.0.759s$Actual OS locale:'%s', OS locale for this instance:'%s', ADM locale : %s$Adobe Download Manager$FileUtils$SHCreateDirectoryEx failed. Error: %d$false$flash$locale$true
                                                                                                                    • API String ID: 3357515059-1450616051
                                                                                                                    • Opcode ID: 4c71967a0f6f1f84478429ddb471b8b79a22cf0b6164e1aa5718154e6d7b9cb7
                                                                                                                    • Instruction ID: 81452c976c56ef9a63e535e047158461b4c47d3c19a40e55f1a6466eb8fca041
                                                                                                                    • Opcode Fuzzy Hash: 4c71967a0f6f1f84478429ddb471b8b79a22cf0b6164e1aa5718154e6d7b9cb7
                                                                                                                    • Instruction Fuzzy Hash: 11529830D1025DDBDB21DF60CD55BEEBBB5BF55304F2042AAE50967281EBB02A98CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00306F90 Relevance: 36.5, Strings: 28, Instructions: 1465COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: $$AcrobatDCCheckBox$DWLD_EXCE_TIME_DIFF$DlmPing. ping url empty for package : %s$Patch$Reader$ReaderSAPPCheckBox$Uninstall$_goca$_gocd$_mpn$abbr$act_o$cancelled$download$exitcode$false$initPing$install$msc$mss$pane$reader11CheckBox$readerDCCheckBox$true$validation_binary_fail_reason$validation_error_reason$workflow
                                                                                                                    • API String ID: 1385522511-2984113483
                                                                                                                    • Opcode ID: d5525dabe529f2bea538e496a72ad5b6847611d6e4982cdc6ae264d7e87d62a9
                                                                                                                    • Instruction ID: a3b3280c1fc8d14455db39854c32dcaa54b12bab5793119c7f5531b1a50f96d5
                                                                                                                    • Opcode Fuzzy Hash: d5525dabe529f2bea538e496a72ad5b6847611d6e4982cdc6ae264d7e87d62a9
                                                                                                                    • Instruction Fuzzy Hash: 26E2BA70D15259CBEB21DB60CC69BEEBBB1BF15304F1581DAE04967281EB706E88CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003213D0 Relevance: 34.2, APIs: 5, Strings: 14, Instructions: 940windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 2640 3213d0-3214e1 call 2d8570 call 2dbb90 call 2dc400 call 369ca3 call 2e9190 FindResourceW LoadResource SizeofResource LockResource call 2e2ad0 call 3320d0 2655 3214e3 2640->2655 2656 3214e5-3214f0 2640->2656 2655->2656 2657 3214f2-32150c call 2e75b0 2656->2657 2658 321547-321586 call 2dc400 2656->2658 2663 321538-321542 call 2dbda0 2657->2663 2664 32150e-321535 call 2dbda0 2657->2664 2665 321588-32158a 2658->2665 2666 32158d-321595 2658->2666 2663->2658 2664->2663 2665->2666 2667 321696-3216bc call 2dbe30 2666->2667 2668 32159b-32159f 2666->2668 2681 3216c3-3216cb 2667->2681 2682 3216be-3216c0 2667->2682 2671 3215a1-3215a3 2668->2671 2672 3215a5-3215ac 2668->2672 2675 321620-321625 2671->2675 2676 3215b0-3215b4 2672->2676 2678 3219ba-321a3e call 2e2950 call 2d8570 call 2dbb90 call 33c100 call 33a120 2675->2678 2679 32162b-32163e 2675->2679 2676->2667 2680 3215ba-3215bd 2676->2680 2758 321a44-321aa7 call 2dc400 call 33a4a0 call 2dbda0 2678->2758 2759 321b4d-321be0 call 2dc400 call 2d8620 call 312410 call 2dbda0 call 2d8570 call 33d230 call 3555c6 2678->2759 2685 321642-321678 call 4a3630 2679->2685 2686 321640 2679->2686 2687 3215c0-3215c3 2680->2687 2683 321701-32174a call 2dbb90 call 2dc400 2681->2683 2684 3216cd-3216d1 2681->2684 2682->2681 2725 32174c 2683->2725 2726 3217ad-3217c4 call 2dbda0 2683->2726 2689 3216d3-3216d5 2684->2689 2690 3216da-3216e0 2684->2690 2704 32167a 2685->2704 2705 32167c-321694 call 2dc370 2685->2705 2686->2685 2692 3215d2-3215d4 2687->2692 2693 3215c5-3215cb 2687->2693 2696 321945-32194a 2689->2696 2697 3216e3-3216e9 2690->2697 2692->2667 2700 3215da-3215e2 2692->2700 2693->2687 2699 3215cd 2693->2699 2696->2678 2710 32194c-32195f 2696->2710 2697->2683 2703 3216eb-3216ee 2697->2703 2699->2667 2706 321611-321619 2700->2706 2707 3215e4-3215eb 2700->2707 2714 3216f0-3216f3 2703->2714 2704->2705 2705->2667 2705->2675 2706->2667 2713 32161b-32161e 2706->2713 2716 3215f0-3215f7 2707->2716 2711 321963-321999 call 4a3630 2710->2711 2712 321961 2710->2712 2735 32199b 2711->2735 2736 32199d-3219b3 call 2dc370 2711->2736 2712->2711 2713->2675 2720 3218f4-3218f6 2714->2720 2721 3216f9-3216ff 2714->2721 2723 321606-32160f 2716->2723 2724 3215f9-3215ff 2716->2724 2720->2683 2730 3218fc-321904 2720->2730 2721->2683 2721->2714 2723->2676 2724->2706 2732 321601-321604 2724->2732 2733 321750-32176d 2725->2733 2747 3217c6-3217f1 call 2dbda0 2726->2747 2748 3217f8-321849 call 2dbda0 call 2dbb90 call 321170 2726->2748 2737 321906-32190d 2730->2737 2738 321934-32193c 2730->2738 2732->2716 2740 321788-3217ab call 330170 2733->2740 2741 32176f-321782 call 330170 2733->2741 2735->2736 2736->2696 2760 3219b5 2736->2760 2746 321910-321917 2737->2746 2738->2683 2749 321942 2738->2749 2740->2726 2740->2733 2741->2740 2754 321926-32192f 2746->2754 2755 321919-32191f 2746->2755 2747->2748 2777 32184b-32187c call 2dbda0 2748->2777 2778 32187f-32189e call 2dbda0 call 2d8570 2748->2778 2749->2696 2754->2697 2755->2738 2761 321921-321924 2755->2761 2787 321b26-321b35 call 2d8570 2758->2787 2788 321aa9-321b24 call 2dc400 call 2d8570 call 2dbb90 call 2f3250 call 2dbda0 2758->2788 2819 321be2-321bef call 2dbb90 2759->2819 2820 321bf1 2759->2820 2760->2683 2761->2746 2777->2778 2799 3218a0-3218ac call 2dbe30 2778->2799 2800 3218b1-3218f1 call 2dbda0 call 2e2460 call 2dbda0 call 49f076 2778->2800 2787->2759 2798 321b37-321b3d 2787->2798 2788->2759 2802 321b41-321b48 call 2dbe30 2798->2802 2803 321b3f 2798->2803 2799->2800 2802->2759 2803->2802 2821 321bf3-321c1f call 2d8570 PostMessageW call 2d8570 2819->2821 2820->2821 2833 321cb0-321d6a call 2dc400 * 3 call 2d8570 call 2dbe30 call 2f6c30 2821->2833 2834 321c25-321cab call 2dc400 * 2 call 2d8620 call 2e12e0 call 2dbda0 2821->2834 2860 321d8f-321d9b call 2d8570 2833->2860 2861 321d6c-321d7c call 2d8570 2833->2861 2855 3221ab-3221e5 call 2dbda0 call 33c100 call 2dbda0 call 49f076 2834->2855 2869 321da1-321eb7 call 2d8570 call 3555c6 * 2 call 2dc400 * 2 call 2dc8c0 2860->2869 2870 322035-322041 call 2d8570 2860->2870 2861->2860 2868 321d7e-321d8a call 2dbe30 2861->2868 2868->2860 2918 321ef4-321f0b call 2db800 2869->2918 2919 321eb9-321ec0 2869->2919 2880 322102-322147 call 2f42d0 call 2d8570 2870->2880 2881 322047-32204c call 340fd0 2870->2881 2895 32215a-322175 call 2d8570 call 322230 call 2d8570 call 322950 2880->2895 2896 322149-322155 call 2dbe30 2880->2896 2885 322051-322056 2881->2885 2885->2880 2888 32205c-32205f 2885->2888 2888->2880 2891 322065-322100 call 2dc400 call 2d8570 call 325810 call 2dbda0 call 2dc400 call 2d8620 call 312410 2888->2891 2926 322181 call 2dbda0 2891->2926 2921 32217a-32217e 2895->2921 2896->2895 2932 321f29-322030 call 2dbda0 * 2 call 2dc400 call 2d8570 call 325810 call 2dbda0 call 31aa50 call 2d8620 call 312410 call 2dbda0 call 2dc940 call 49f5f3 call 2dc940 call 49f5f3 2918->2932 2933 321f0d-321f24 call 2dbe30 2918->2933 2922 321ec2 2919->2922 2923 321ec5-321eed call 2dce30 2919->2923 2921->2926 2922->2923 2923->2918 2937 321eef-321ef2 2923->2937 2936 322186-3221a5 call 2dbda0 * 2 2926->2936 2932->2936 2933->2932 2936->2855 2937->2918 2937->2932
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • FindResourceW.KERNEL32(?,?,DICTIONARY,0052EE6C,00000000,-000002E4,7D8B83E9,?,?), ref: 0032147A
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 00321484
                                                                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 00321490
                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00321499
                                                                                                                      • Part of subcall function 003320D0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00577C78,000000FF,00000000,00000000,00000405,?,?,00000000,00000038,?), ref: 003320EB
                                                                                                                      • Part of subcall function 002D8620: __Init_thread_footer.LIBCMT ref: 002D8742
                                                                                                                    • PostMessageW.USER32(?,00000BCB,00000001,00000000), ref: 00321C0D
                                                                                                                      • Part of subcall function 002F6C30: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000101,00000004,00000004,?,00000016,?,00000004,FFFFFFFF), ref: 002F6C76
                                                                                                                      • Part of subcall function 002F6C30: RegQueryValueExW.ADVAPI32(00000000,?,00000000,00000000,00000000,?), ref: 002F6C9B
                                                                                                                      • Part of subcall function 002F6C30: RegCloseKey.ADVAPI32(?), ref: 002F6CA8
                                                                                                                    Strings
                                                                                                                    • AnotherInstanceRunning, xrefs: 00321DB6
                                                                                                                    • Another application instance is running. Please close it to continue with this installation., xrefs: 00321DB1
                                                                                                                    • initErrorMultipleInstanceRunning, xrefs: 00321E34
                                                                                                                    • type, xrefs: 00321E68
                                                                                                                    • Software\Adobe\AdobeIO, xrefs: 00321CB2
                                                                                                                    • testWorkflow, xrefs: 00321C4F
                                                                                                                    • Application Initialization Error: Unable to initialize GDE, xrefs: 00322074
                                                                                                                    • https://rdc.adobe.io/analytics/events, xrefs: 00321D3E
                                                                                                                    • Showing application window. Header string : %s, xrefs: 00321BC1
                                                                                                                    • //header, xrefs: 00321A53
                                                                                                                    • Application Initialization Error: Multiple Instances Running, xrefs: 00321F56
                                                                                                                    • analytics, xrefs: 00321CE6
                                                                                                                    • DICTIONARY, xrefs: 00321462
                                                                                                                    • {0}, xrefs: 00321AB8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$Init_thread_footer$ByteCharCloseFindLoadLockMessageMultiOpenPostQuerySizeofValueWide
                                                                                                                    • String ID: //header$Another application instance is running. Please close it to continue with this installation.$AnotherInstanceRunning$Application Initialization Error: Multiple Instances Running$Application Initialization Error: Unable to initialize GDE$DICTIONARY$Showing application window. Header string : %s$Software\Adobe\AdobeIO$analytics$https://rdc.adobe.io/analytics/events$initErrorMultipleInstanceRunning$testWorkflow$type${0}
                                                                                                                    • API String ID: 3510299072-3814240049
                                                                                                                    • Opcode ID: ceb18fbc84f43b3c971e91ab153ac7275aeead3547ee70ca2ecfd9af7606cd14
                                                                                                                    • Instruction ID: 7736f4947d8b66c49675df731dbf640fb62ecead5622468e113dbcbb5ae4e9ce
                                                                                                                    • Opcode Fuzzy Hash: ceb18fbc84f43b3c971e91ab153ac7275aeead3547ee70ca2ecfd9af7606cd14
                                                                                                                    • Instruction Fuzzy Hash: DD92CF30D10258DFDB21DFA4CD55BEEBBB1BF65304F248299E50567282EB706A88CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00322950 Relevance: 31.0, Strings: 24, Instructions: 1010COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 3110 322950-322a72 call 33d230 call 2d8570 call 2dc400 * 3 call 2f6c30 3122 322a74-322a82 3110->3122 3123 322a9e-322b02 call 2dbb90 call 2dbe30 3110->3123 3122->3123 3125 322a84-322a99 call 2dbe30 3122->3125 3130 322b06-322b29 call 2dc370 3123->3130 3131 322b04 3123->3131 3125->3123 3134 322b53-322b5b 3130->3134 3135 322b2b-322b31 3130->3135 3131->3130 3138 322b5f-322b7e call 2dc370 3134->3138 3139 322b5d 3134->3139 3136 322b33 3135->3136 3137 322b35-322b4e call 2dfee0 3135->3137 3136->3137 3146 322f45-322f65 call 2dfee0 3137->3146 3144 322d33-322d38 3138->3144 3145 322b84-322bf9 call 2dbb90 call 2dc400 * 2 3138->3145 3139->3138 3149 322d3a 3144->3149 3150 322d3c-322d56 call 2dc370 3144->3150 3177 322bfb-322c31 3145->3177 3155 323651-3236be call 2d84d0 call 2dc400 call 2d8620 3146->3155 3156 322f6b-322f71 3146->3156 3149->3150 3161 322f29-322f2c 3150->3161 3162 322d5c-322dd4 call 2dbb90 call 2dc400 * 2 3150->3162 3191 3236c0-3236d9 call 2dc8c0 3155->3191 3192 32372d-323825 call 2dbda0 call 2d8570 call 3555c6 * 2 call 2dc400 * 2 call 2dc8c0 3155->3192 3159 322f73 3156->3159 3160 322f75-323059 call 2e01a0 call 2dfee0 call 2dbda0 call 2dfee0 * 2 call 331ff0 call 2f3720 3156->3160 3159->3160 3264 323084-3232fb call 2e2460 call 3320d0 call 2dfee0 call 33d290 call 2e2eb0 call 2dbe30 * 4 call 3555c6 call 2dc400 call 2db950 call 2dbe30 call 2dbda0 call 2dc940 call 2e77a0 call 3555c6 call 2f4de0 3160->3264 3265 32305b-323081 call 2e2460 3160->3265 3167 322f30-322f3a call 2dfee0 3161->3167 3168 322f2e 3161->3168 3197 322dd6-322e18 3162->3197 3176 322f3f 3167->3176 3168->3167 3176->3146 3181 322c33-322c37 3177->3181 3182 322c6d-322cae call 2dbda0 * 2 call 2dfee0 call 2dbda0 3177->3182 3181->3182 3188 322c39-322c3b 3181->3188 3182->3176 3194 322c41-322c4e 3188->3194 3195 322ce4-322ce7 3188->3195 3191->3192 3216 3236db-3236e2 3191->3216 3292 323856-323867 call 2db800 3192->3292 3293 323827-32382e 3192->3293 3202 322c50-322c54 3194->3202 3195->3182 3198 322ce9-322d14 call 2f7b10 3195->3198 3205 322e1a-322e1e 3197->3205 3206 322e4d-322e9d call 2dbda0 * 2 call 2dfee0 call 2dbda0 3197->3206 3198->3177 3202->3182 3211 322c56-322c59 3202->3211 3205->3206 3214 322e20-322e22 3205->3214 3206->3176 3212 322c60-322c63 3211->3212 3220 322cb3-322cb5 3212->3220 3221 322c65-322c6b 3212->3221 3223 322ed3-322ed6 3214->3223 3224 322e28-322e2f 3214->3224 3225 3236e7-323703 call 2dce30 3216->3225 3226 3236e4 3216->3226 3220->3182 3236 322cb7-322cbb 3220->3236 3221->3182 3221->3212 3223->3206 3234 322edc-322f0a call 2f7b10 3223->3234 3231 322e35-322e39 3224->3231 3225->3192 3251 323705-323707 3225->3251 3226->3225 3231->3206 3239 322e3b-322e3e 3231->3239 3234->3197 3244 322cd6-322ce2 3236->3244 3245 322cbd-322cbf 3236->3245 3248 322e40-322e43 3239->3248 3244->3195 3252 322cc5-322ccc 3245->3252 3256 322ea2-322ea4 3248->3256 3257 322e45-322e4b 3248->3257 3251->3192 3259 323709-32372a call 313890 call 2dbda0 call 49f5f3 3251->3259 3260 322d19-322d2e 3252->3260 3261 322cce-322cd4 3252->3261 3256->3206 3263 322ea6-322eaa 3256->3263 3257->3206 3257->3248 3259->3192 3260->3202 3261->3244 3261->3252 3269 322ec5-322ed1 3263->3269 3270 322eac-322eae 3263->3270 3359 3232ff-323335 call 331ff0 call 2dbda0 call 2f4de0 3264->3359 3360 3232fd 3264->3360 3265->3264 3269->3223 3276 322eb4-322ebb 3270->3276 3282 322f0f-322f24 3276->3282 3283 322ebd-322ec3 3276->3283 3282->3231 3283->3269 3283->3276 3302 323869-323877 call 2dbe30 3292->3302 3303 32387c-32394a call 2dbda0 * 2 call 31aa50 call 2d8620 call 312410 call 2dbda0 call 2d8570 call 322950 call 2dc940 call 49f5f3 call 2dc940 call 49f5f3 call 49f076 3292->3303 3294 323833-32384f call 2dce30 3293->3294 3295 323830 3293->3295 3294->3292 3305 323851-323854 3294->3305 3295->3294 3302->3303 3305->3292 3305->3303 3367 323337 3359->3367 3368 323339-32336f call 331ff0 call 2dbda0 3359->3368 3360->3359 3367->3368 3373 323392-3233ab call 3320d0 3368->3373 3374 323371-323387 call 2d8570 call 33d260 3368->3374 3379 3233cb-3233f0 call 3320d0 3373->3379 3380 3233ad-3233c9 call 2d8570 3373->3380 3381 32338a-32338d 3374->3381 3388 3233f2-32340e call 2d8570 3379->3388 3389 323410 3379->3389 3384 323413-323433 call 2e6ee0 3380->3384 3381->3384 3390 323438-323440 3384->3390 3388->3384 3389->3384 3393 323446-323504 call 2dc400 call 325810 call 2dbda0 call 2dc400 call 2d8620 call 312410 call 2dbda0 3390->3393 3394 323509-323650 call 2e2460 * 2 call 2dc940 call 49f5f3 call 2dc940 call 49f5f3 call 2dbda0 call 2dc940 call 49f5f3 call 2dbda0 * 3 call 2e2460 call 2dbda0 * 5 call 49f076 3390->3394 3393->3394
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer$ByteCharCloseMultiOpenQueryValueWide
                                                                                                                    • String ID: &defaultInstallerName=$&os=$?installerName=$Application Initialization Error: SendHTTPRequestAsync$Complete ADM URL after encoding: %s$Connecting$Empty userName while setting proxy credentials for HTTP request$Error occurred while getting application xml: %d extended error: %d$Failed to convert string to nativestring for proxyuserName$Failed to convert string to nativestring proxyUserPassword$GET$Getting application xml from server.$HTTPConnectorError$Software\Adobe\AdobeIO$X-API-Key$_cta$_en$_mdr$acrobatdc$dc-rdc-adm-client$environment$key$noNetworkErrorApplicationXMLDownloadContinue$windows
                                                                                                                    • API String ID: 3601162075-2774408378
                                                                                                                    • Opcode ID: 8304357557f8e0f8c70fd0bb0eed44373adfaf9378bee6761113caee315f9c4d
                                                                                                                    • Instruction ID: f95d343b2b9ec0c3fcb61998871c2061b4cca01dd32664c748ac7d9304bb5c58
                                                                                                                    • Opcode Fuzzy Hash: 8304357557f8e0f8c70fd0bb0eed44373adfaf9378bee6761113caee315f9c4d
                                                                                                                    • Instruction Fuzzy Hash: 23A27670D10268EBDF21DFA4CC55BEEBBB1AF15304F248199E44977281EB746A88CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003207D0 Relevance: 30.4, APIs: 6, Strings: 11, Instructions: 608COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 3452 3207d0-3208e3 call 33d230 call 3555c6 * 2 call 2dc400 call 2d8570 call 2dc8c0 3464 320920-320931 call 2db800 3452->3464 3465 3208e5-3208ec 3452->3465 3471 320933-320939 3464->3471 3472 320948-3209df call 2dbda0 call 2dc400 * 2 call 2dc8c0 3464->3472 3467 3208f1-320919 call 2dce30 3465->3467 3468 3208ee 3465->3468 3467->3464 3477 32091b-32091e 3467->3477 3468->3467 3474 32093b 3471->3474 3475 32093d-320943 call 2dbe30 3471->3475 3486 3209e1-3209e8 3472->3486 3487 320a1c-320a33 call 2db800 3472->3487 3474->3475 3475->3472 3477->3464 3477->3472 3488 3209ea 3486->3488 3489 3209ed-320a15 call 2dce30 3486->3489 3494 320a51-320a7e call 2dbda0 * 2 call 2d8570 3487->3494 3495 320a35-320a4c call 2dbe30 3487->3495 3488->3489 3489->3487 3496 320a17-320a1a 3489->3496 3504 320a84-320b09 call 2dc400 * 2 call 2dc8c0 3494->3504 3505 320b99-320c1e call 2dc400 * 2 call 2dc8c0 3494->3505 3495->3494 3496->3487 3496->3494 3518 320b46-320b5d call 2db800 3504->3518 3519 320b0b-320b12 3504->3519 3520 320c20-320c27 3505->3520 3521 320c5b-320c72 call 2db800 3505->3521 3533 320b7b-320b94 call 2dbda0 3518->3533 3534 320b5f-320b76 call 2dbe30 3518->3534 3523 320b17-320b3f call 2dce30 3519->3523 3524 320b14 3519->3524 3525 320c29 3520->3525 3526 320c2c-320c54 call 2dce30 3520->3526 3535 320c90-320ca3 call 2dbda0 3521->3535 3536 320c74-320c8b call 2dbe30 3521->3536 3523->3518 3543 320b41-320b44 3523->3543 3524->3523 3525->3526 3526->3521 3538 320c56-320c59 3526->3538 3546 320ca9-320cc9 call 2dbda0 GetDesktopWindow GetDC 3533->3546 3534->3533 3535->3546 3536->3535 3538->3521 3538->3535 3543->3518 3543->3533 3549 320ccb-320cfc GetDeviceCaps * 2 ReleaseDC 3546->3549 3550 320d1f 3546->3550 3552 320d05-320d0a 3549->3552 3553 320cfe-320d03 3549->3553 3551 320d24-320d2d call 2d8570 3550->3551 3558 320d4a-320d9d wsprintfW 3551->3558 3559 320d2f-320d3b call 2d8570 3551->3559 3554 320d13-320d1d 3552->3554 3555 320d0c-320d11 3552->3555 3553->3551 3554->3550 3554->3551 3555->3551 3561 320da0-320da9 3558->3561 3565 320d3f-320d48 call 4af935 3559->3565 3566 320d3d 3559->3566 3561->3561 3562 320dab-320e10 call 2dbe30 call 2dc400 call 2dc8c0 3561->3562 3574 320e12-320e19 3562->3574 3575 320e4d-320e61 call 2db800 3562->3575 3565->3558 3566->3565 3576 320e1b 3574->3576 3577 320e1e-320e46 call 2dce30 3574->3577 3581 320e63-320e71 call 2dbe30 3575->3581 3582 320e76-320f06 call 2dbda0 call 2dbe30 call 2dc400 call 2dc8c0 3575->3582 3576->3577 3577->3575 3586 320e48-320e4b 3577->3586 3581->3582 3594 320f37-320f48 call 2db800 3582->3594 3595 320f08-320f0f 3582->3595 3586->3575 3586->3582 3601 320f4a-320f58 call 2dbe30 3594->3601 3602 320f5d-320fd6 call 2dbda0 call 3213d0 call 2dc400 call 2dc8c0 3594->3602 3597 320f11 3595->3597 3598 320f14-320f30 call 2dce30 3595->3598 3597->3598 3598->3594 3604 320f32-320f35 3598->3604 3601->3602 3614 320fd8-320fdf 3602->3614 3615 32100e 3602->3615 3604->3594 3604->3602 3616 320fe1 3614->3616 3617 320fe4-32100c call 2dce30 3614->3617 3618 321010-321012 3615->3618 3616->3617 3617->3615 3617->3618 3620 321043-321167 call 2dbda0 call 31aa50 call 2dc400 call 2d8620 call 2e12e0 call 2dbda0 * 5 call 2dc940 call 49f5f3 call 2dc940 call 49f5f3 call 49f076 3618->3620 3621 321014-32102b call 2db800 3618->3621 3621->3620 3627 32102d-32103e call 2dbe30 3621->3627 3627->3620
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • GetDesktopWindow.USER32 ref: 00320CAE
                                                                                                                    • GetDC.USER32(00000000), ref: 00320CBB
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00320CD4
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 00320CE0
                                                                                                                    • ReleaseDC.USER32(?,?), ref: 00320CEE
                                                                                                                    • wsprintfW.USER32 ref: 00320D8E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$DesktopInit_thread_footerReleaseWindowwsprintf
                                                                                                                    • String ID: Initializing application UI.$PROD$appEnvironment$applicationName$dpiRatio$initialize$localizationStringMap$platform$res:/SC/#168$scJsPath$win
                                                                                                                    • API String ID: 1227492679-3023342780
                                                                                                                    • Opcode ID: 152260fd1b902ac4179958946e915d37e77547b6daf31935993b8e866e703e80
                                                                                                                    • Instruction ID: 68c29a15022b4dfe6c549763c238d92bf6cefeeb3ee9685685c7ab65a9f8217a
                                                                                                                    • Opcode Fuzzy Hash: 152260fd1b902ac4179958946e915d37e77547b6daf31935993b8e866e703e80
                                                                                                                    • Instruction Fuzzy Hash: FF527B71D10268DBEF25DBA0CC54BEEBBB1BF14304F544299E049A7292EB706E88CF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0031F970 Relevance: 21.6, Strings: 17, Instructions: 315COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 3753 31f970-31f9d7 call 33d230 call 2dc400 call 2d8620 3759 31f9d9-31f9e5 call 313760 3753->3759 3760 31f9eb-31fa2e call 2dbda0 call 2dc400 call 2d8620 3753->3760 3759->3760 3769 31fa30-31fa3c call 313760 3760->3769 3770 31fa42-31fa85 call 2dbda0 call 2dc400 call 2d8620 3760->3770 3769->3770 3779 31fa87-31fa93 call 313760 3770->3779 3780 31fa99-31fadc call 2dbda0 call 2dc400 call 2d8620 3770->3780 3779->3780 3789 31faf0-31fb33 call 2dbda0 call 2dc400 call 2d8620 3780->3789 3790 31fade-31faea call 313760 3780->3790 3799 31fb35-31fb41 call 313760 3789->3799 3800 31fb47-31fb8a call 2dbda0 call 2dc400 call 2d8620 3789->3800 3790->3789 3799->3800 3809 31fb8c-31fb98 call 313760 3800->3809 3810 31fb9e-31fbe1 call 2dbda0 call 2dc400 call 2d8620 3800->3810 3809->3810 3819 31fbe3-31fbef call 313760 3810->3819 3820 31fbf5-31fc38 call 2dbda0 call 2dc400 call 2d8620 3810->3820 3819->3820 3829 31fc3a-31fc46 call 313760 3820->3829 3830 31fc4c-31fc8f call 2dbda0 call 2dc400 call 2d8620 3820->3830 3829->3830 3839 31fc91-31fc9d call 313760 3830->3839 3840 31fca3-31fce6 call 2dbda0 call 2dc400 call 2d8620 3830->3840 3839->3840 3849 31fce8-31fcf4 call 313760 3840->3849 3850 31fcfa-31fd3d call 2dbda0 call 2dc400 call 2d8620 3840->3850 3849->3850 3859 31fd51-31fd94 call 2dbda0 call 2dc400 call 2d8620 3850->3859 3860 31fd3f-31fd4b call 313760 3850->3860 3869 31fd96-31fda2 call 313760 3859->3869 3870 31fda8-31fea5 call 2dbda0 call 2dbb40 call 2d8620 call 312300 call 2dbda0 call 2dbb40 call 2d8620 call 312300 call 2dbda0 call 2dbb40 call 2d8620 call 312300 call 2dbda0 call 2dbb40 call 2d8620 call 312300 call 2dbda0 3859->3870 3860->3859 3869->3870
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: Initializing application.$LocalizedStringXML$OKButtonClicked$conflictingProcessRetryClicked$continueButtonClicked$documentReady$finishClicked$handleStopScreenNoClick$handleStopScreenYesClick$killConflictingProcess$launchAcrobatChkBoxClicked$launchReaderChkBoxClicked$launchReaderSAPPChkBoxClicked$progressChooseFolderButtonClicked$progressRetryButtonClicked$progressSkipButtonClicked$proxyErrorRetryClicked
                                                                                                                    • API String ID: 1385522511-2344549946
                                                                                                                    • Opcode ID: c2ec72732a71c4cbbb9bca159a24bb9ee9850a0b238e2945967b6bafbdef89a8
                                                                                                                    • Instruction ID: 36f5e6d519eb8065384819de1678876ec75a22cdeb813287653df71e9ab535aa
                                                                                                                    • Opcode Fuzzy Hash: c2ec72732a71c4cbbb9bca159a24bb9ee9850a0b238e2945967b6bafbdef89a8
                                                                                                                    • Instruction Fuzzy Hash: FDE11C70C5020CDEDB19EFA0D966BEDB7B0AF19314F618259E021372E1DB742A98CF95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00312410 Relevance: 20.5, Strings: 16, Instructions: 455COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: Adobe Acrobat$Adobe Acrobat Reader$Adobe Acrobat Reader APP$Showing screen: %s$cancelConfirmationScreen$conflictingProcessScreen$finishScreen$initErrorScreen$initScreen$lR$preCheckScreen$preferenceScreen$progressScreen$proxyScreen$screen$showScreen
                                                                                                                    • API String ID: 1385522511-126329790
                                                                                                                    • Opcode ID: 1714af5e8484fdeb8ec50c66abb14f226cccd0913f94615004d59b65c476a65a
                                                                                                                    • Instruction ID: cc95b59d5e958cde4748119c9786eaaefa3a98be6d32c8146fceff459dde3b98
                                                                                                                    • Opcode Fuzzy Hash: 1714af5e8484fdeb8ec50c66abb14f226cccd0913f94615004d59b65c476a65a
                                                                                                                    • Instruction Fuzzy Hash: B712CD31D00218DBDB25DFA4C855BEEBBB1BF18304F6581A9E40477292EB706E99CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003393E0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 160filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 0033941D
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 003395CC
                                                                                                                      • Part of subcall function 00339330: PathAppendW.SHLWAPI(00000000,?,?,?,?,?,?), ref: 00339393
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 003394AB
                                                                                                                    • lstrcmpW.KERNEL32(?,00531818), ref: 003394DC
                                                                                                                    • lstrcmpW.KERNEL32(?,0053DD64), ref: 003394F2
                                                                                                                    • FindNextFileW.KERNEL32(?,?), ref: 003395A1
                                                                                                                    • FindClose.KERNEL32(?), ref: 003395B5
                                                                                                                    Strings
                                                                                                                    • FileUtils, xrefs: 0033943A
                                                                                                                    • Directory to delete not present at location '%s', xrefs: 00339430
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$DirectoryFilePathlstrcmp$AppendCloseFirstNextRemove
                                                                                                                    • String ID: Directory to delete not present at location '%s'$FileUtils
                                                                                                                    • API String ID: 1870840554-2368301486
                                                                                                                    • Opcode ID: 82adffe2bb4928a1de49d35864e211ca4c39aa666c91b69fb4b538a3f4c4a663
                                                                                                                    • Instruction ID: a68e7f488981c6465d5cc9eefec07756fd087e4cf5dd4a1df106b826e2267fce
                                                                                                                    • Opcode Fuzzy Hash: 82adffe2bb4928a1de49d35864e211ca4c39aa666c91b69fb4b538a3f4c4a663
                                                                                                                    • Instruction Fuzzy Hash: 0B51A371910218DBDF12DFA4DC99BDDBBB8FF09314F44056AE805A3291EB70AE59CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036D567 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00357F16,#r5,00000003,?,00000004,#r5), ref: 0036D579
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0036D589
                                                                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 0036D592
                                                                                                                    • RtlDecodePointer.NTDLL(8AB6A2CF), ref: 0036D5A0
                                                                                                                    • GetLocaleInfoEx.KERNEL32(?,00357F16,#r5,00000003,?,00000004,#r5), ref: 0036D5C0
                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000004,?,00000003,?,00357F16,#r5,00000003,?,00000004,#r5), ref: 0036D5D7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLocalePointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                    • String ID: GetLocaleInfoEx$kernel32.dll
                                                                                                                    • API String ID: 3226634038-1547310189
                                                                                                                    • Opcode ID: 0cb9730066c53c1e81184d10c9a03a19ed2a5648802ab7f1f4cdc69a27ed724e
                                                                                                                    • Instruction ID: 85b6405856e23048fd8e596fd96eaf8792bb82ea79c5a4af0970f9e3404d2421
                                                                                                                    • Opcode Fuzzy Hash: 0cb9730066c53c1e81184d10c9a03a19ed2a5648802ab7f1f4cdc69a27ed724e
                                                                                                                    • Instruction Fuzzy Hash: AC018B31A01219BFCF025FA0EC088AA3F28AB493557048024FE0A92624CB318D20EBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00325120 Relevance: 11.6, Strings: 9, Instructions: 395COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: Application Initialization Error: Parsing$ApplicationXml$Error occurred while getting application xml: %d extended error: %d$Error occurred while parsing application xml$HTTPConnectorError$Invalid Sku Name$installerName$invalidSKU$type
                                                                                                                    • API String ID: 1385522511-137315162
                                                                                                                    • Opcode ID: a4cd99831266a95fd771e2b6f7243871e51e211bbe9b15853e0bc987e94a88ba
                                                                                                                    • Instruction ID: 087b640c8402fa5477f2688f77919c47e6f65df946ebb7ec8cc7c8e92dfc26c7
                                                                                                                    • Opcode Fuzzy Hash: a4cd99831266a95fd771e2b6f7243871e51e211bbe9b15853e0bc987e94a88ba
                                                                                                                    • Instruction Fuzzy Hash: 15028E70D10248DFDB05EFA4D955BEDBBB4BF19304F24826AE405BB291EB74AA44CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00323F00 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 300COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    • 5, xrefs: 00324FDF
                                                                                                                    • Error occurred while getting application xml: %d extended error: %d, xrefs: 00325170
                                                                                                                    • Application Initialization Error: CallBack_03_, xrefs: 00324F68
                                                                                                                    • HTTPConnectorError, xrefs: 00325175
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wsprintf
                                                                                                                    • String ID: 5$Application Initialization Error: CallBack_03_$Error occurred while getting application xml: %d extended error: %d$HTTPConnectorError
                                                                                                                    • API String ID: 2111968516-2664039161
                                                                                                                    • Opcode ID: 114a95398e8404458442f7c1e15ab8301fd913e0f382b2632f07d48d9afe2643
                                                                                                                    • Instruction ID: 2e20b6fc0c30613ab27090c60d06e3360f6884c3b466c013db8f24211f37481f
                                                                                                                    • Opcode Fuzzy Hash: 114a95398e8404458442f7c1e15ab8301fd913e0f382b2632f07d48d9afe2643
                                                                                                                    • Instruction Fuzzy Hash: 2E81B0319042989FCB11DF64CC91BEDBBB4FF1A310F14469AE405AB281DB746A94CFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0070DE50 Relevance: 7.7, APIs: 5, Instructions: 207librarymemoryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 0070DF92
                                                                                                                    • GetProcAddress.KERNEL32(?,006F5FF9), ref: 0070DFB0
                                                                                                                    • ExitProcess.KERNEL32(?,006F5FF9), ref: 0070DFC1
                                                                                                                    • VirtualProtect.KERNEL32(002D0000,00001000,00000004,?,00000000), ref: 0070E00F
                                                                                                                    • VirtualProtect.KERNEL32(002D0000,00001000), ref: 0070E024
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1996367037-0
                                                                                                                    • Opcode ID: d18fab308fb1ed4f53800a2dc015190224ec41744ebccb5befc2af52d25d2fc5
                                                                                                                    • Instruction ID: d9e5149f0152c98760472a348a85c013ebae6e9eeb6f1b818d65701e6de7941f
                                                                                                                    • Opcode Fuzzy Hash: d18fab308fb1ed4f53800a2dc015190224ec41744ebccb5befc2af52d25d2fc5
                                                                                                                    • Instruction Fuzzy Hash: CF51F572A50753CAD7309AF8CCC0664B7D4EB663247680738D5F2CB3C6E7A86C068764
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E12E0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 527windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00000BCE,00000000,00000000), ref: 002E17C5
                                                                                                                      • Part of subcall function 002E2BB0: Concurrency::cancel_current_task.LIBCPMT ref: 002E2D00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_taskMessageSend
                                                                                                                    • String ID: ", "$CloseButton$messageFromNative("
                                                                                                                    • API String ID: 2857186249-1103917013
                                                                                                                    • Opcode ID: d81ae49c544000dc7a081299535bb7238c2ea5ce46a0bd2358e4c41f9331e00b
                                                                                                                    • Instruction ID: 8a49c4910310876a34faed12a299098e3f8d9a7dee406070dddafd5b6477d3d2
                                                                                                                    • Opcode Fuzzy Hash: d81ae49c544000dc7a081299535bb7238c2ea5ce46a0bd2358e4c41f9331e00b
                                                                                                                    • Instruction Fuzzy Hash: 5C32B030D10288DFDB10CFA9C995BDEBBB5AF54304F64826DE415A7282EB706A59CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C51D9 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004C561E,00000000,00000000,00000000), ref: 004C54DD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationTimeZone
                                                                                                                    • String ID: &VL$W. Europe Standard Time$W. Europe Summer Time
                                                                                                                    • API String ID: 565725191-2490263050
                                                                                                                    • Opcode ID: 48da2871d1934a55d45cb7bcde0d885826d2957709dc8c691c5008e3ff251594
                                                                                                                    • Instruction ID: a6d843c0c27383c9a8a8c1e113f34628ff428667dd483433cae904bb752beba1
                                                                                                                    • Opcode Fuzzy Hash: 48da2871d1934a55d45cb7bcde0d885826d2957709dc8c691c5008e3ff251594
                                                                                                                    • Instruction Fuzzy Hash: A0C15779A00515ABCB10AF65EC02FBF7BA9EF14354F54406FF80497290E778AE80DB98
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E03E0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(?,?,00000006), ref: 002E03F8
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 002E040C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2619053042-0
                                                                                                                    • Opcode ID: 51be784087739aba9fed7952dc33cab2b1ed702f3ab0d2029393b8f7c2af6785
                                                                                                                    • Instruction ID: 63075b5511c690ddd32a7f3b58b78a8ccfc45f871fc67bf31959a604e0247080
                                                                                                                    • Opcode Fuzzy Hash: 51be784087739aba9fed7952dc33cab2b1ed702f3ab0d2029393b8f7c2af6785
                                                                                                                    • Instruction Fuzzy Hash: 4701F973B5023A5BDB201F6AAD8447BB39CEB843667414437FF49E7141D571DC6286B0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00358331 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358345
                                                                                                                    • GetLastError.KERNEL32(00360B0A,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 0035837C
                                                                                                                      • Part of subcall function 00358450: GetModuleFileNameW.KERNEL32(?,?,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358500
                                                                                                                      • Part of subcall function 00358450: SetLastError.KERNEL32(0000006F,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358514
                                                                                                                    Strings
                                                                                                                    • IsolationAware function called after IsolationAwareCleanup, xrefs: 00358340
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$DebugFileModuleNameOutputString
                                                                                                                    • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                    • API String ID: 3265401609-2690750368
                                                                                                                    • Opcode ID: 41360beb821cbd2dfa02606cf06fc1ae5b38755e565820ce1aa73f0eae4b52ca
                                                                                                                    • Instruction ID: 07379adf4eeac28171a58209b2b9c9274e443062585c59642e9df60d615fbef9
                                                                                                                    • Opcode Fuzzy Hash: 41360beb821cbd2dfa02606cf06fc1ae5b38755e565820ce1aa73f0eae4b52ca
                                                                                                                    • Instruction Fuzzy Hash: FEF0AF3D6052108B4B3B6FA9EC42D3E77A49A14F43B264426EE04F1530DE30CC9DAA91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003A5F39 Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 366stringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1070 3a5f39-3a5f96 call 49fb51 call 36773e GetDeviceCaps 1075 3a5f98-3a5fa7 1070->1075 1076 3a5fb1 1070->1076 1077 3a5fa9-3a5faf 1075->1077 1078 3a5fb3 1075->1078 1076->1078 1079 3a5fb5-3a5fbd 1077->1079 1078->1079 1080 3a5fbf-3a5fc3 1079->1080 1081 3a5fd3-3a5fdb 1079->1081 1080->1081 1084 3a5fc5-3a5fcd call 3683e2 DeleteObject 1080->1084 1082 3a5fdd-3a5fe1 1081->1082 1083 3a5ff1-3a5ff9 1081->1083 1082->1083 1085 3a5fe3-3a5feb call 3683e2 DeleteObject 1082->1085 1086 3a5ffb-3a5fff 1083->1086 1087 3a600f-3a6017 1083->1087 1084->1081 1085->1083 1086->1087 1091 3a6001-3a6009 call 3683e2 DeleteObject 1086->1091 1092 3a6019-3a601d 1087->1092 1093 3a602d-3a6035 1087->1093 1091->1087 1092->1093 1098 3a601f-3a6027 call 3683e2 DeleteObject 1092->1098 1094 3a604b-3a6053 1093->1094 1095 3a6037-3a603b 1093->1095 1100 3a6069-3a6071 1094->1100 1101 3a6055-3a6059 1094->1101 1095->1094 1099 3a603d-3a6045 call 3683e2 DeleteObject 1095->1099 1098->1093 1099->1094 1106 3a6073-3a6077 1100->1106 1107 3a6087-3a608f 1100->1107 1101->1100 1105 3a605b-3a6063 call 3683e2 DeleteObject 1101->1105 1105->1100 1106->1107 1113 3a6079-3a6081 call 3683e2 DeleteObject 1106->1113 1109 3a6091-3a6095 1107->1109 1110 3a60a5-3a60ad 1107->1110 1109->1110 1114 3a6097-3a609f call 3683e2 DeleteObject 1109->1114 1115 3a60af-3a60b3 1110->1115 1116 3a60c3-3a60cb 1110->1116 1113->1107 1114->1110 1115->1116 1120 3a60b5-3a60bd call 3683e2 DeleteObject 1115->1120 1121 3a60cd-3a60d1 1116->1121 1122 3a60e1-3a613c call 3a5bcb call 4a3d70 GetTextCharsetInfo 1116->1122 1120->1116 1121->1122 1126 3a60d3-3a60db call 3683e2 DeleteObject 1121->1126 1134 3a613e-3a6141 1122->1134 1135 3a6143-3a6147 1122->1135 1126->1122 1136 3a614a-3a6151 1134->1136 1135->1136 1137 3a6149 1135->1137 1138 3a6153 1136->1138 1139 3a6155-3a616d lstrcpyW 1136->1139 1137->1136 1138->1139 1140 3a61db-3a6225 CreateFontIndirectW call 36821f call 4b866b call 49fca0 1139->1140 1141 3a616f-3a6176 1139->1141 1154 3a622c-3a6332 CreateFontIndirectW call 36821f call 3a5bcb CreateFontIndirectW call 36821f CreateFontIndirectW call 36821f CreateFontIndirectW call 36821f GetSystemMetrics lstrcpyW CreateFontIndirectW call 36821f GetStockObject 1140->1154 1155 3a6227-3a6229 1140->1155 1141->1140 1143 3a6178-3a6192 EnumFontFamiliesW 1141->1143 1145 3a61a9-3a61c6 EnumFontFamiliesW 1143->1145 1146 3a6194-3a61a7 lstrcpyW 1143->1146 1148 3a61c8-3a61cd 1145->1148 1149 3a61cf 1145->1149 1146->1140 1151 3a61d4-3a61d5 lstrcpyW 1148->1151 1149->1151 1151->1140 1168 3a6338-3a6347 GetObjectW 1154->1168 1169 3a6402-3a640f call 3a6888 1154->1169 1155->1154 1168->1169 1170 3a634d-3a63fd lstrcpyW CreateFontIndirectW call 36821f CreateFontIndirectW call 36821f GetObjectW CreateFontIndirectW call 36821f CreateFontIndirectW call 36821f 1168->1170 1174 3a643a-3a643c 1169->1174 1170->1169 1177 3a643e-3a644e call 367849 1174->1177 1178 3a6411-3a6418 1174->1178 1186 3a6453-3a6463 call 3679b9 call 49fb00 1177->1186 1179 3a641a-3a6424 call 3615d3 1178->1179 1180 3a6464-3a6469 call 356107 1178->1180 1179->1174 1191 3a6426-3a6436 1179->1191 1191->1174
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003A5F43
                                                                                                                      • Part of subcall function 0036773E: __EH_prolog3.LIBCMT ref: 00367745
                                                                                                                      • Part of subcall function 0036773E: GetWindowDC.USER32(00000000,00000004,003A64D0,00000000), ref: 00367771
                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 003A5F63
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A5FCD
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A5FEB
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A6009
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A6027
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A6045
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A6063
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A6081
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A609F
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A60BD
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003A60DB
                                                                                                                    • GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 003A6113
                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 003A6163
                                                                                                                    • EnumFontFamiliesW.GDI32(?,00000000,003A5A67,Segoe UI), ref: 003A618A
                                                                                                                    • lstrcpyW.KERNEL32(?,Segoe UI), ref: 003A619D
                                                                                                                    • EnumFontFamiliesW.GDI32(?,00000000,003A5A67,Tahoma), ref: 003A61BB
                                                                                                                    • lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 003A61D5
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A61DF
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A6230
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A626F
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A629B
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A62BC
                                                                                                                    • GetSystemMetrics.USER32(00000048), ref: 003A62DB
                                                                                                                    • lstrcpyW.KERNEL32(?,Marlett), ref: 003A62EE
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A62F8
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 003A6324
                                                                                                                    • GetObjectW.GDI32(00000000,0000005C,?), ref: 003A633F
                                                                                                                    • lstrcpyW.KERNEL32(?,Arial), ref: 003A6380
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A638A
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A63A3
                                                                                                                    • GetObjectW.GDI32(00000000,0000005C,?), ref: 003A63C1
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A63CF
                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 003A63F0
                                                                                                                      • Part of subcall function 003A6888: __EH_prolog3_GS.LIBCMT ref: 003A688F
                                                                                                                      • Part of subcall function 003A6888: GetTextMetricsW.GDI32(?,?), ref: 003A68C4
                                                                                                                      • Part of subcall function 003A6888: GetTextMetricsW.GDI32(?,?), ref: 003A6905
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_$CapsCharsetDeviceH_prolog3InfoStockSystemWindow
                                                                                                                    • String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
                                                                                                                    • API String ID: 2837096512-1395034203
                                                                                                                    • Opcode ID: 83ff97bc23aa30ae21466da4083a3d6ef8205f3ee41f93a35e485aa6b555b0cd
                                                                                                                    • Instruction ID: b42bb7704749550914cb79aeed4d7f4ec8c08a69a5ef159d713c4f2f158f4563
                                                                                                                    • Opcode Fuzzy Hash: 83ff97bc23aa30ae21466da4083a3d6ef8205f3ee41f93a35e485aa6b555b0cd
                                                                                                                    • Instruction Fuzzy Hash: 58E17D709007099FDB129BB0CD4ABEEBBB8EF45301F148569E54AAB192DB749988CF14
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003A646A Relevance: 64.8, APIs: 43, Instructions: 298COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 1197 3a646a-3a6489 call 49fb1e GetSysColor 1200 3a649a 1197->1200 1201 3a648b-3a6495 GetSysColor 1197->1201 1203 3a649c-3a64ac GetSysColor 1200->1203 1201->1200 1202 3a6497-3a6498 1201->1202 1202->1203 1204 3a64ae-3a64b8 GetSysColor 1203->1204 1205 3a64bf 1203->1205 1204->1205 1206 3a64ba-3a64bd 1204->1206 1207 3a64c1-3a65f8 call 36773e GetDeviceCaps GetSysColor * 21 1205->1207 1206->1207 1210 3a65fa-3a6601 1207->1210 1211 3a6603-3a660f GetSysColor 1207->1211 1212 3a6615-3a662b GetSysColorBrush 1210->1212 1211->1212 1213 3a6882-3a6887 call 356107 1212->1213 1214 3a6631-3a663e GetSysColorBrush 1212->1214 1214->1213 1215 3a6644-3a6651 GetSysColorBrush 1214->1215 1215->1213 1217 3a6657-3a67a2 call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreateSolidBrush call 36821f call 36838f CreatePen call 36821f call 36838f CreatePen call 36821f call 36838f CreatePen call 36821f 1215->1217 1259 3a67b1-3a67b8 1217->1259 1260 3a67a4-3a67a8 1217->1260 1261 3a67ba-3a681c CreateSolidBrush call 36821f 1259->1261 1262 3a681e-3a682a call 3a574c 1259->1262 1260->1259 1263 3a67aa-3a67ac call 36838f 1260->1263 1269 3a6865-3a6881 call 3d8623 call 3679b9 call 49faec 1261->1269 1262->1213 1270 3a682c-3a6860 call 36821f CreatePatternBrush call 36821f call 367849 1262->1270 1263->1259 1270->1269
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A6471
                                                                                                                    • GetSysColor.USER32(00000016), ref: 003A647A
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 003A648D
                                                                                                                    • GetSysColor.USER32(00000015), ref: 003A64A4
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 003A64B0
                                                                                                                    • GetDeviceCaps.GDI32(00000014,0000000C), ref: 003A64D8
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 003A64E6
                                                                                                                    • GetSysColor.USER32(00000010), ref: 003A64F4
                                                                                                                    • GetSysColor.USER32(00000015), ref: 003A6502
                                                                                                                    • GetSysColor.USER32(00000016), ref: 003A6510
                                                                                                                    • GetSysColor.USER32(00000014), ref: 003A651E
                                                                                                                    • GetSysColor.USER32(00000012), ref: 003A652C
                                                                                                                    • GetSysColor.USER32(00000011), ref: 003A653A
                                                                                                                    • GetSysColor.USER32(00000006), ref: 003A6545
                                                                                                                    • GetSysColor.USER32(0000000D), ref: 003A6550
                                                                                                                    • GetSysColor.USER32(0000000E), ref: 003A655B
                                                                                                                    • GetSysColor.USER32(00000005), ref: 003A6566
                                                                                                                    • GetSysColor.USER32(00000008), ref: 003A6574
                                                                                                                    • GetSysColor.USER32(00000009), ref: 003A657F
                                                                                                                    • GetSysColor.USER32(00000007), ref: 003A658A
                                                                                                                    • GetSysColor.USER32(00000002), ref: 003A6595
                                                                                                                    • GetSysColor.USER32(00000003), ref: 003A65A0
                                                                                                                    • GetSysColor.USER32(0000001B), ref: 003A65AE
                                                                                                                    • GetSysColor.USER32(0000001C), ref: 003A65BC
                                                                                                                    • GetSysColor.USER32(0000000A), ref: 003A65CA
                                                                                                                    • GetSysColor.USER32(0000000B), ref: 003A65D8
                                                                                                                    • GetSysColor.USER32(00000013), ref: 003A65E6
                                                                                                                    • GetSysColor.USER32(0000001A), ref: 003A660F
                                                                                                                    • GetSysColorBrush.USER32(00000010), ref: 003A6620
                                                                                                                    • GetSysColorBrush.USER32(00000014), ref: 003A6633
                                                                                                                    • GetSysColorBrush.USER32(00000005), ref: 003A6646
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A6667
                                                                                                                    • CreateSolidBrush.GDI32(00000010), ref: 003A6685
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A66A3
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A66C4
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A66E2
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A6700
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A671E
                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 003A6744
                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 003A6768
                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 003A678C
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 003A680A
                                                                                                                    • CreatePatternBrush.GDI32(00000000), ref: 003A6848
                                                                                                                      • Part of subcall function 0036838F: DeleteObject.GDI32(00000000), ref: 0036839E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$BrushCreate$Solid$CapsDeleteDeviceH_prolog3ObjectPattern
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3754413814-0
                                                                                                                    • Opcode ID: af215fcc8cd14b67745b0791f5461fbbe3b6637b6372cf7a031c3ef6d6113683
                                                                                                                    • Instruction ID: 1b2c3208054809adf65cf027159cfd835a8aef066b25fd3303f008b07a185d0f
                                                                                                                    • Opcode Fuzzy Hash: af215fcc8cd14b67745b0791f5461fbbe3b6637b6372cf7a031c3ef6d6113683
                                                                                                                    • Instruction Fuzzy Hash: 45C1D170A00A02AFDB06AF709C197ADBB60BF08701F048629F649DB2D1DF74A564EB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E3230 Relevance: 36.3, APIs: 12, Strings: 12, Instructions: 303COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 2538 2e3230-2e3255 2539 2e35be-2e35f1 call 2d8570 call 49f076 2538->2539 2540 2e325b-2e326d 2538->2540 2544 2e326f-2e3297 call 2d8570 GetLastError 2540->2544 2545 2e329b-2e32a0 2540->2545 2544->2545 2546 2e32a6-2e32dd call 2d8570 call 4a3337 2545->2546 2547 2e33a7-2e3401 call 2d8570 call 33d260 MultiByteToWideChar 2545->2547 2567 2e32df-2e32e2 2546->2567 2568 2e32e4-2e32f7 call 4a3337 2546->2568 2561 2e354c-2e3558 2547->2561 2562 2e3407-2e3455 call 36b73e MultiByteToWideChar 2547->2562 2564 2e355d-2e3563 2561->2564 2565 2e355a-2e355b GlobalFree 2561->2565 2562->2561 2581 2e345b-2e3460 2562->2581 2570 2e3568-2e356e 2564->2570 2571 2e3565-2e3566 GlobalFree 2564->2571 2565->2564 2574 2e32fd-2e330f call 4a3337 2567->2574 2585 2e336b-2e3377 2568->2585 2586 2e32f9 2568->2586 2572 2e3573-2e3579 2570->2572 2573 2e3570-2e3571 GlobalFree 2570->2573 2571->2570 2576 2e357b-2e3581 call 35c7aa 2572->2576 2577 2e3584-2e358a 2572->2577 2573->2572 2588 2e3316 2574->2588 2589 2e3311-2e3314 2574->2589 2576->2577 2583 2e358f-2e3595 2577->2583 2584 2e358c-2e358d GlobalFree 2577->2584 2590 2e3494-2e3499 2581->2590 2591 2e3462-2e3492 call 2d8570 2581->2591 2593 2e359a-2e359c 2583->2593 2594 2e3597-2e3598 GlobalFree 2583->2594 2584->2583 2595 2e337c-2e3382 2585->2595 2596 2e3379-2e337a GlobalFree 2585->2596 2586->2574 2599 2e3318-2e3320 2588->2599 2589->2599 2601 2e349b-2e34a3 2590->2601 2602 2e34f1-2e34f7 2590->2602 2611 2e34ab-2e34c7 2591->2611 2603 2e3392-2e33a6 call 49f076 2593->2603 2604 2e35a2-2e35bd call 49f076 2593->2604 2594->2593 2597 2e3387-2e338d 2595->2597 2598 2e3384-2e3385 GlobalFree 2595->2598 2596->2595 2597->2603 2606 2e338f-2e3390 GlobalFree 2597->2606 2598->2597 2607 2e3322-2e332c 2599->2607 2608 2e3330-2e3333 2599->2608 2601->2611 2602->2561 2605 2e34f9-2e34fc 2602->2605 2612 2e3500-2e3509 2605->2612 2606->2603 2607->2607 2613 2e332e 2607->2613 2608->2585 2615 2e3335-2e3339 2608->2615 2611->2602 2624 2e34c9-2e34e7 call 2d8570 GetLastError call 33d290 2611->2624 2612->2612 2617 2e350b-2e3515 2612->2617 2613->2608 2615->2585 2619 2e333b-2e333d 2615->2619 2617->2561 2622 2e3517-2e3547 call 4a724d call 2d8570 2617->2622 2623 2e3340-2e3349 2619->2623 2622->2561 2623->2623 2627 2e334b-2e3355 2623->2627 2636 2e34ea-2e34ee 2624->2636 2627->2585 2630 2e3357-2e3366 call 4a724d 2627->2630 2630->2585 2636->2602
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32 ref: 002E3280
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E337A
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E3385
                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 002E33F5
                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 002E3437
                                                                                                                    • GetLastError.KERNEL32 ref: 002E34DA
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E355B
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E3566
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E3571
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E358D
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E3598
                                                                                                                    • GlobalFree.KERNEL32(?), ref: 002E3390
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    Strings
                                                                                                                    • GetIEProxyInfo - Failed to get proxy for the url, error:%d, xrefs: 002E34E1
                                                                                                                    • GetIEProxyInfo - No default proxy present on the user machine, xrefs: 002E33B7
                                                                                                                    • GetIEProxyInfo - Failed to get proxy setting for current user :%d, xrefs: 002E3287
                                                                                                                    • GetIEProxyInfo - invalid arguments, xrefs: 002E35CE
                                                                                                                    • ://, xrefs: 002E32FD
                                                                                                                    • `avo, xrefs: 002E35A3
                                                                                                                    • GetIEProxyInfo - proxy Url is %s, xrefs: 002E353B
                                                                                                                    • HTTPConnectorError, xrefs: 002E35D3
                                                                                                                    • https=, xrefs: 002E32C3
                                                                                                                    • WinHTTP AutoProxy, xrefs: 002E3442
                                                                                                                    • GetIEProxyInfo - autoconfig url on the machine is :%s, xrefs: 002E3476
                                                                                                                    • GetIEProxyInfo - proxy fetched is :%s, xrefs: 002E32BA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeGlobal$ByteCharErrorLastMultiWide$Init_thread_footer
                                                                                                                    • String ID: ://$GetIEProxyInfo - Failed to get proxy for the url, error:%d$GetIEProxyInfo - Failed to get proxy setting for current user :%d$GetIEProxyInfo - No default proxy present on the user machine$GetIEProxyInfo - autoconfig url on the machine is :%s$GetIEProxyInfo - invalid arguments$GetIEProxyInfo - proxy Url is %s$GetIEProxyInfo - proxy fetched is :%s$HTTPConnectorError$WinHTTP AutoProxy$`avo$https=
                                                                                                                    • API String ID: 1541574466-872444659
                                                                                                                    • Opcode ID: dac314cd339c9a926e575abc8e08851232ee51bdda8d395979facdeb594d0827
                                                                                                                    • Instruction ID: 6efdfaf6a6617e58d72822ff79f65e2b872cca43d7de1e4c1bdef2618d7aec17
                                                                                                                    • Opcode Fuzzy Hash: dac314cd339c9a926e575abc8e08851232ee51bdda8d395979facdeb594d0827
                                                                                                                    • Instruction Fuzzy Hash: E6A102316543429BCB24DF26CC09B6B7BE8AFC8705F48056DF84593251EB75DE11CBA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FB670 Relevance: 33.7, APIs: 12, Strings: 7, Instructions: 408COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 2974 2fb670-2fb6db GetTempPathW 2975 2fb6dd-2fb6f1 call 4a72b1 2974->2975 2976 2fb726-2fb759 call 2dc400 2974->2976 2975->2976 2983 2fb6f3-2fb6fd GetTempPathW 2975->2983 2981 2fb75b-2fb760 2976->2981 2982 2fb7d4-2fb7f3 call 2dbda0 2976->2982 2981->2982 2985 2fb762-2fb779 call 4a72b1 2981->2985 2993 2fba7d-2fba90 PathFileExistsW 2982->2993 2994 2fb7f9-2fb809 PathFileExistsW 2982->2994 2986 2fb6ff-2fb701 2983->2986 2987 2fb71d-2fb723 call 4a6d86 2983->2987 2985->2982 2999 2fb77b-2fb7af call 4a724d PathAppendW 2985->2999 2991 2fb704-2fb70d 2986->2991 2987->2976 2991->2991 2996 2fb70f-2fb718 call 2dbe30 2991->2996 3000 2fbabd-2fbad2 SHCreateDirectoryExW 2993->3000 3001 2fba92-2fba9d PathIsDirectoryW 2993->3001 2994->2993 2998 2fb80f-2fb824 PathIsDirectoryW 2994->2998 2996->2987 3004 2fb839-2fb850 GetFileAttributesW 2998->3004 3005 2fb826-2fb834 call 339600 2998->3005 3017 2fb7b2-2fb7bb 2999->3017 3002 2fbad4-2fbaed call 33d100 3000->3002 3003 2fbaf0-2fbb0b call 3555c6 3000->3003 3001->3003 3002->3003 3021 2fbb0d-2fbb1f call 4a3d70 call 33e0f0 3003->3021 3022 2fbb28 3003->3022 3010 2fb85d-2fb877 call 2dbb90 call 339240 3004->3010 3011 2fb852-2fb857 3004->3011 3005->2993 3035 2fb8aa-2fb909 call 2dbda0 call 2dbb90 * 2 call 2dc400 3010->3035 3036 2fb879 3010->3036 3011->3010 3016 2fbaab-2fbabb call 339b80 3011->3016 3032 2fba77 3016->3032 3017->3017 3023 2fb7bd-2fb7d1 call 2dbe30 call 4a6d86 3017->3023 3043 2fbb24-2fbb26 3021->3043 3026 2fbb2a-2fbbb5 call 3400c0 call 33fdf0 call 33d6d0 call 33d780 call 33d290 call 2dbda0 call 49f076 3022->3026 3023->2982 3032->2993 3063 2fb90b-2fb910 3035->3063 3064 2fb984-2fb9c0 call 2dbda0 call 2dc400 3035->3064 3040 2fb880-2fb891 GetFileAttributesW 3036->3040 3044 2fb89e-2fb8a8 call 339240 3040->3044 3045 2fb893-2fb898 3040->3045 3043->3026 3044->3035 3044->3040 3045->3044 3048 2fba9f-2fbaa6 call 2dbda0 3045->3048 3048->3016 3063->3064 3067 2fb912-2fb929 call 4a72b1 3063->3067 3077 2fba35-2fba71 call 2dbda0 call 339600 * 2 call 2dbda0 * 2 3064->3077 3078 2fb9c2-2fb9c7 3064->3078 3067->3064 3076 2fb92b-2fb95f call 4a724d PathAppendW 3067->3076 3085 2fb962-2fb96b 3076->3085 3077->3032 3078->3077 3081 2fb9c9-2fb9e0 call 4a72b1 3078->3081 3081->3077 3090 2fb9e2-2fba10 call 4a724d PathAppendW 3081->3090 3085->3085 3088 2fb96d-2fb981 call 2dbe30 call 4a6d86 3085->3088 3088->3064 3099 2fba13-2fba1c 3090->3099 3099->3099 3102 2fba1e-2fba32 call 2dbe30 call 4a6d86 3099->3102 3102->3077
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000000,00000000,7D8B83E9,?,00000000), ref: 002FB6D1
                                                                                                                    • GetTempPathW.KERNEL32(00000000,00000000), ref: 002FB6F5
                                                                                                                    • PathAppendW.SHLWAPI(00000000,0000000D,?,?,?,0000000D), ref: 002FB7A7
                                                                                                                    • PathFileExistsW.SHLWAPI(?,Adobe_ADMLogs,0000000D), ref: 002FB805
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002FB81B
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 002FB84B
                                                                                                                    • GetFileAttributesW.KERNEL32(?,?), ref: 002FB88C
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 002FB957
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 002FBA08
                                                                                                                    • PathFileExistsW.SHLWAPI(?,Adobe_ADMLogs,0000000D), ref: 002FBA89
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002FBA9B
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 002FBACA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$File$AppendDirectory$AttributesExistsTemp$Create
                                                                                                                    • String ID: *********************** ADM Workflow start. Version: %s **************************$2.0.0.759s$Adobe_ADM.log$Adobe_ADMLogs$Adobe_GDE.log$FileUtils$SHCreateDirectoryEx failed. Error: %d
                                                                                                                    • API String ID: 1104237607-2701745630
                                                                                                                    • Opcode ID: 0b41c278597051e171c43902937e12c33b0d468dcf391b236b47b614421e71c6
                                                                                                                    • Instruction ID: 0f7b2c90b9f7f32426b386ab5c84b8269435a9da0c2adeefce5fe37d12a2f36f
                                                                                                                    • Opcode Fuzzy Hash: 0b41c278597051e171c43902937e12c33b0d468dcf391b236b47b614421e71c6
                                                                                                                    • Instruction Fuzzy Hash: 61F1DC71910209DBDF15EFA0CC55BFEB7B8AF14304F580169E901B7281EB70AA59CFA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00360BE8 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 3658 360be8-360c0c call 366a15 3661 360c0e-360c1a 3658->3661 3662 360c1c-360c25 3658->3662 3663 360c62-360c9a GetWindowRect 3661->3663 3664 360c27-360c2f GetParent 3662->3664 3665 360c31-360c35 GetWindow 3662->3665 3667 360ca0-360ca2 3663->3667 3668 360d2c-360d53 GetParent GetClientRect * 2 3663->3668 3666 360c3b-360c3f 3664->3666 3665->3666 3666->3663 3669 360c41-360c5b SendMessageW 3666->3669 3670 360ca4-360cb7 GetWindowLongW 3667->3670 3671 360cc2-360ccb 3667->3671 3672 360d5a-360d9c 3668->3672 3669->3663 3673 360c5d-360c5f 3669->3673 3670->3671 3674 360cb9-360cc0 3670->3674 3675 360cfd-360d16 GetWindowRect MonitorFromWindow GetMonitorInfoW 3671->3675 3676 360ccd-360cd4 call 3563d6 3671->3676 3678 360da7-360daa 3672->3678 3679 360d9e-360da4 3672->3679 3673->3663 3674->3676 3677 360d1c-360d2a CopyRect 3675->3677 3684 360cd6 3676->3684 3685 360cd9-360cfb MonitorFromWindow GetMonitorInfoW CopyRect 3676->3685 3677->3672 3681 360daf-360db7 3678->3681 3682 360dac 3678->3682 3679->3678 3686 360dc2-360dc5 3681->3686 3687 360db9-360dbf 3681->3687 3682->3681 3684->3685 3685->3677 3688 360dc7 3686->3688 3689 360dca-360dd7 call 366f93 3686->3689 3687->3686 3688->3689 3691 360ddc-360dea call 49f076 3689->3691
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00366A15: GetWindowLongW.USER32(?,000000F0), ref: 00366A22
                                                                                                                    • GetParent.USER32(?), ref: 00360C29
                                                                                                                    • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 00360C4B
                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00360C78
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00360CA7
                                                                                                                    • MonitorFromWindow.USER32(00000000,00000001), ref: 00360CE0
                                                                                                                    • GetMonitorInfoW.USER32(00000000), ref: 00360CE7
                                                                                                                    • CopyRect.USER32(?,?), ref: 00360CF5
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00360D02
                                                                                                                    • MonitorFromWindow.USER32(00000000,00000002), ref: 00360D0F
                                                                                                                    • GetMonitorInfoW.USER32(00000000), ref: 00360D16
                                                                                                                    • CopyRect.USER32(?,?), ref: 00360D24
                                                                                                                    • GetParent.USER32(?), ref: 00360D2E
                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00360D3B
                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00360D46
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: RectWindow$Monitor$ClientCopyFromInfoLongParent$MessageSend
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 788132146-3887548279
                                                                                                                    • Opcode ID: 1a5073ab036b74ae9e34f06babe4d6003fe277383576c14c9222689ebc49931e
                                                                                                                    • Instruction ID: c3d4e4c46492f2a48429176d4b388b007daae6dd29945088b1569addc8922b7d
                                                                                                                    • Opcode Fuzzy Hash: 1a5073ab036b74ae9e34f06babe4d6003fe277383576c14c9222689ebc49931e
                                                                                                                    • Instruction Fuzzy Hash: 6E616B71900209AFCB05CFA8DD89BAEBBB9FF48314F154225E505FB254DB70A949DB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E0EA0 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 233windowCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0035EF31: GetClientRect.USER32(?,?), ref: 0035EF5C
                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 002E0EEA
                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,?), ref: 002E0EFC
                                                                                                                    • GetDesktopWindow.USER32 ref: 002E0FA4
                                                                                                                    • GetDC.USER32(00000000), ref: 002E0FAE
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 002E0FC4
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 002E0FCD
                                                                                                                    • ReleaseDC.USER32(?,?), ref: 002E0FD5
                                                                                                                    • SetForegroundWindow.USER32(?), ref: 002E1079
                                                                                                                    • SetActiveWindow.USER32(?,?,?,00000002), ref: 002E1089
                                                                                                                    • FindResourceW.KERNEL32(?,000000A1,CONFIG,00000000,?,?,00000002), ref: 002E10D7
                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00000002), ref: 002E10E1
                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00000002), ref: 002E10ED
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,00000002), ref: 002E10F6
                                                                                                                    • PostMessageW.USER32(?,00000BCB,00000000,00000000), ref: 002E1160
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$MessageWindow$CapsDeviceSend$ActiveClientDesktopFindForegroundLoadLockPostRectReleaseSizeof
                                                                                                                    • String ID: CONFIG
                                                                                                                    • API String ID: 3597144591-611510522
                                                                                                                    • Opcode ID: cec5c8ba5e1d40c82b409b6e3d5e65a01ddb14b75c43e34847c9689f560f69ec
                                                                                                                    • Instruction ID: 1836f6260303c58b3238a2c0418b1e5fbdd8e7b971a14e4a455fdff426dbd2bf
                                                                                                                    • Opcode Fuzzy Hash: cec5c8ba5e1d40c82b409b6e3d5e65a01ddb14b75c43e34847c9689f560f69ec
                                                                                                                    • Instruction Fuzzy Hash: 53810471E10205AFDB14DFA4CC49FAEBBB9FF88300F148229F505AB2A1DB74A955CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036C0D1 Relevance: 21.2, APIs: 14, Instructions: 197memoryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 3908 36c0d1-36c0f0 RtlEnterCriticalSection 3909 36c106-36c109 3908->3909 3910 36c0f2-36c0f6 3908->3910 3913 36c133-36c135 3909->3913 3914 36c10b-36c10e 3909->3914 3911 36c201-36c22c RtlLeaveCriticalSection call 356121 3910->3911 3912 36c0fc-36c100 3910->3912 3928 36c22e 3911->3928 3929 36c288-36c2c9 RtlEnterCriticalSection call 36c500 RtlLeaveCriticalSection LocalFree TlsSetValue 3911->3929 3912->3909 3917 36c1c4-36c1ca 3912->3917 3915 36c136-36c13f 3913->3915 3914->3911 3918 36c114-36c119 3914->3918 3919 36c156-36c163 GlobalHandle 3915->3919 3920 36c141-36c154 call 36723f GlobalAlloc 3915->3920 3923 36c1cf-36c1e8 RtlLeaveCriticalSection 3917->3923 3924 36c1cc 3917->3924 3922 36c11c-36c11f 3918->3922 3926 36c1e9-36c1ec 3919->3926 3927 36c169-36c185 GlobalUnWire call 36723f GlobalReAlloc 3919->3927 3939 36c18b-36c18d 3920->3939 3930 36c121-36c127 3922->3930 3931 36c129-36c12b 3922->3931 3924->3923 3926->3911 3932 36c1ee-36c1f8 GlobalHandle 3926->3932 3927->3939 3936 36c231-36c233 3928->3936 3959 36c2cf-36c2d3 3929->3959 3930->3922 3930->3931 3931->3917 3937 36c131 3931->3937 3932->3911 3938 36c1fa-36c1fb GlobalFix 3932->3938 3942 36c235-36c23c 3936->3942 3943 36c24e-36c259 3936->3943 3937->3915 3938->3911 3939->3926 3944 36c18f-36c19d GlobalFix 3939->3944 3942->3943 3945 36c23e-36c245 3942->3945 3946 36c274-36c277 3943->3946 3947 36c25b-36c271 3943->3947 3944->3911 3950 36c19f-36c1c2 call 4a3d70 3944->3950 3948 36c27b 3945->3948 3951 36c247-36c24c 3945->3951 3946->3948 3947->3946 3952 36c27e-36c282 3948->3952 3950->3917 3951->3952 3952->3936 3955 36c284-36c286 3952->3955 3955->3929 3955->3959
                                                                                                                    APIs
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00574C80), ref: 0036C0DF
                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,00574C64,00574C64,?,0036C44E,00000004,00369CB2,00356155,00367584,002E1FC2,00000001,?), ref: 0036C14E
                                                                                                                    • GlobalHandle.KERNEL32(00574C74), ref: 0036C158
                                                                                                                    • GlobalUnWire.KERNEL32(00000000), ref: 0036C16A
                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 0036C185
                                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 0036C190
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00574C80), ref: 0036C1DC
                                                                                                                    • GlobalHandle.KERNEL32(00574C74), ref: 0036C1F0
                                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 0036C1FB
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00574C80), ref: 0036C205
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00000000), ref: 0036C28E
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00000000), ref: 0036C2A1
                                                                                                                    • LocalFree.KERNEL32(?), ref: 0036C2AA
                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000000), ref: 0036C2C9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$CriticalSection$Leave$AllocEnterHandle$FreeLocalValueWire
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 490842090-0
                                                                                                                    • Opcode ID: 3c76d71e0deff56137a9d5f8ebb300f56fb23597c23a0e938205d1d0ff212c4e
                                                                                                                    • Instruction ID: bf9de3334d1dae4822f78419995290f4c2caf2402c553d99d6df5d1b64a3f4b6
                                                                                                                    • Opcode Fuzzy Hash: 3c76d71e0deff56137a9d5f8ebb300f56fb23597c23a0e938205d1d0ff212c4e
                                                                                                                    • Instruction Fuzzy Hash: 1761B031A00205EFCB15DFA8C899AA9BBB8FF45304F11C469ED41DB266DB30ED51CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E6EE0 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 297threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_000169D0,?,00000000,00000000), ref: 002E7117
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInit_thread_footerThread
                                                                                                                    • String ID: Error_CreateThread$Error_HTTP_INVALID_URL$Error_InvalidArguments$Failed in thread creation, in SendHTTPRequestAsync$HTTPConnectorError$Invalid arguments to SendHTTPRequest$URL is not whitelisted: '%s'$sendHTTPRequestAsync_01$sendHTTPRequestAsync_02$sendHTTPRequestAsync_03
                                                                                                                    • API String ID: 3512583935-3715464230
                                                                                                                    • Opcode ID: 2ba31e19d9d9ddae9b5d3c11c43e0d45f9612d85c8f761323556af7d67ac4687
                                                                                                                    • Instruction ID: cfe48056e566b799fba7dbe5bdcfd1929874972feba29b71f949b9a83fb1cc6f
                                                                                                                    • Opcode Fuzzy Hash: 2ba31e19d9d9ddae9b5d3c11c43e0d45f9612d85c8f761323556af7d67ac4687
                                                                                                                    • Instruction Fuzzy Hash: 16D1A23096034ADFCB20DFA4C855BDEBBB5BF15304FA0425EE445A7281DB70AAA5CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E3CF0 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 296COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 002E3E91
                                                                                                                    • SetEvent.KERNEL32(?), ref: 002E4078
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    Strings
                                                                                                                    • WINHTTP_CALLBACK_STATUS_REQUEST_ERROR..., xrefs: 002E401D
                                                                                                                    • HttpConnector, xrefs: 002E403A
                                                                                                                    • WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE : Successful header(s): %d, xrefs: 002E3F4E
                                                                                                                    • HTTPConnectorError, xrefs: 002E3E25
                                                                                                                    • WINHTTP_CALLBACK_STATUS_REQUEST_ERROR : error : %d, xrefs: 002E4035
                                                                                                                    • WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE : error : %d, xrefs: 002E3F17
                                                                                                                    • WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE..., xrefs: 002E3DCE
                                                                                                                    • HTTP Request Status code:407. The proxy requires authentication., xrefs: 002E3E20
                                                                                                                    • WINHTTP_CALLBACK_STATUS_READ_COMPLETE : complete, xrefs: 002E3FCF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Event$Init_thread_footer
                                                                                                                    • String ID: HTTP Request Status code:407. The proxy requires authentication.$HTTPConnectorError$HttpConnector$WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE : Successful header(s): %d$WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE : error : %d$WINHTTP_CALLBACK_STATUS_HEADERS_AVAILABLE...$WINHTTP_CALLBACK_STATUS_READ_COMPLETE : complete$WINHTTP_CALLBACK_STATUS_REQUEST_ERROR : error : %d$WINHTTP_CALLBACK_STATUS_REQUEST_ERROR...
                                                                                                                    • API String ID: 1146775995-3466066548
                                                                                                                    • Opcode ID: 57582d1247db62a98e088c3bc5c863cc573be71b5162493e7e64b25ebb3dd3d1
                                                                                                                    • Instruction ID: 2177b87044f1c5ced29a5025e74984d5556ca05b2477a9c243c1531b51e1b9ff
                                                                                                                    • Opcode Fuzzy Hash: 57582d1247db62a98e088c3bc5c863cc573be71b5162493e7e64b25ebb3dd3d1
                                                                                                                    • Instruction Fuzzy Hash: BDB14230A507469FCB24DF69DC89B7AB7B4FF40315F54016EE9029B291DB71AE24CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E1C80 Relevance: 16.6, APIs: 11, Instructions: 107threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32(?,?,7D8B83E9), ref: 002E1D04
                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 002E1D15
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002E1D1D
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 002E1D34
                                                                                                                    • BringWindowToTop.USER32(?), ref: 002E1D39
                                                                                                                    • SetForegroundWindow.USER32(?), ref: 002E1D4B
                                                                                                                    • SetActiveWindow.USER32(?), ref: 002E1D5B
                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 002E1D6D
                                                                                                                      • Part of subcall function 00367044: ShowWindow.USER32(?,?,?,?,00363F97,00000001,?,00000000,?,00000000), ref: 00367055
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Thread$AttachForegroundInput$ActiveBringCurrentProcessShow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1091635231-0
                                                                                                                    • Opcode ID: 2786681bf86d396f009086e40ea63dd1712dd34ebddd05aa5988d15a06b0a746
                                                                                                                    • Instruction ID: c4bf0bf76ea9c9ce4165a2848a70c55565d7681cfeee71e5e2508adfc34ad1a8
                                                                                                                    • Opcode Fuzzy Hash: 2786681bf86d396f009086e40ea63dd1712dd34ebddd05aa5988d15a06b0a746
                                                                                                                    • Instruction Fuzzy Hash: 6C312831A00204EFCF05AFB1DC05BADBBB9FF58310F044126F606A72A1DB359964EB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033FDF0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,7D8B83E9,75B05EE0,?), ref: 0033FE5B
                                                                                                                    • PathFileExistsW.SHLWAPI(?,.trace,?,?,?), ref: 0033FF22
                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?,.debug), ref: 0033FF85
                                                                                                                    • PathFileExistsW.SHLWAPI(?,adm.trace,?,?,.debug), ref: 0033FFFF
                                                                                                                      • Part of subcall function 003407B0: PathRemoveFileSpecW.SHLWAPI(?,?,?,?), ref: 003407EC
                                                                                                                      • Part of subcall function 003405D0: PathAppendW.SHLWAPI(?,?,?,00000000,0000004C), ref: 00340618
                                                                                                                    • PathFileExistsW.SHLWAPI(?,adm.debug,?,?,.debug), ref: 00340072
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$File$Exists$AppendRemoveSpecTemp
                                                                                                                    • String ID: .debug$.trace$adm.debug$adm.trace
                                                                                                                    • API String ID: 2866433873-2690191726
                                                                                                                    • Opcode ID: e693fd8f1fda8a8a7d3e9362d473eee05b29e2adb8d98c30b26a199ac21d39fb
                                                                                                                    • Instruction ID: 0fa08e46f376e2f647964be7869d7d556f1e73c393d0daedb5663a9b7dc439bd
                                                                                                                    • Opcode Fuzzy Hash: e693fd8f1fda8a8a7d3e9362d473eee05b29e2adb8d98c30b26a199ac21d39fb
                                                                                                                    • Instruction Fuzzy Hash: 36717E3092425CCACB26DB64CCA8BEDB7B4BF21304F4505DAD509A7291DB746F88CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00374A08 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 217comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00374A0F
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00374B8D
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00374BB1
                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 00374BC0
                                                                                                                    • GetObjectW.GDI32(0036900D,0000005C,?), ref: 00374BE1
                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 00374C5B
                                                                                                                    • OleCreateFontIndirect.OLEAUT32(00000020,0052366C), ref: 00374C8E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$Stock$CapsCreateDeviceFontH_prolog3_H_prolog3_catchIndirect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3843465532-3916222277
                                                                                                                    • Opcode ID: 36acdb737ba101fe64c2ee00e39b7a3d566c39f44bca3dabb067143fdee4c48b
                                                                                                                    • Instruction ID: ccceb9a2a040af3d4f6c991a35fb7a97fb39118366b8e7f8be119d4500c63878
                                                                                                                    • Opcode Fuzzy Hash: 36acdb737ba101fe64c2ee00e39b7a3d566c39f44bca3dabb067143fdee4c48b
                                                                                                                    • Instruction Fuzzy Hash: 9C917E74A0021ADFCF22DFA4C955AADBBB5FF48304F158069E909AB291DB34EE10DF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00358450 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 003583FE: QueryActCtxW.KERNEL32(?,0035849D,80000010,0056C34C,00000000,00000001,?,00000008,00000000,00558920,00000268,00358366,00000105,?,00366212,00000000), ref: 00358449
                                                                                                                    • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 003585E6
                                                                                                                      • Part of subcall function 003583AC: DeactivateActCtx.KERNEL32(?,00358210,004F7A78,00572F2C,DeactivateActCtx,00000000,?,00366285,00000000,00000000,0036623B,?,?,00000000), ref: 003583CD
                                                                                                                      • Part of subcall function 003583AC: GetProcAddress.KERNEL32(00000000,00366285), ref: 003583DA
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358500
                                                                                                                    • SetLastError.KERNEL32(0000006F,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358514
                                                                                                                    • GetLastError.KERNEL32(00000020), ref: 0035856B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$AddressDeactivateFileLibraryLoadModuleNameProcQuery
                                                                                                                    • String ID: $@$Comctl32.dll$GetModuleHandleExW
                                                                                                                    • API String ID: 1356011737-4183358198
                                                                                                                    • Opcode ID: f3702553f2a55c2241cd6e1ce7bbb6a6b27f7f66b77e5a886de162f643f1a57c
                                                                                                                    • Instruction ID: 07b414c96136a92de0b04e6f5ea1b67dcf6e9855702b429defcf1dda7f691f0e
                                                                                                                    • Opcode Fuzzy Hash: f3702553f2a55c2241cd6e1ce7bbb6a6b27f7f66b77e5a886de162f643f1a57c
                                                                                                                    • Instruction Fuzzy Hash: D941E8B09002149ADB329B68DC89FAD76B8EB45712F1106A6ED05F61E0EF748E8DCF15
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004CC94D Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004CC694: CreateFileW.KERNEL32(00000000,00000000,?,004CC9F6,?,?,00000000,?,004CC9F6,00000000,0000000C), ref: 004CC6B1
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0900), ref: 004CCA61
                                                                                                                    • __dosmaperr.LIBCMT ref: 004CCA68
                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 004CCA74
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,74DF0900), ref: 004CCA7E
                                                                                                                    • __dosmaperr.LIBCMT ref: 004CCA87
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004CCAA7
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004CCBF4
                                                                                                                    • GetLastError.KERNEL32 ref: 004CCC26
                                                                                                                    • __dosmaperr.LIBCMT ref: 004CCC2D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4237864984-0
                                                                                                                    • Opcode ID: c687b38761ebdb9ade864cb9382594671d6ccaecf60de292863af35e9df92a4a
                                                                                                                    • Instruction ID: 22038839ab1cc2e972bdfac090927cb9c37a29640565c05024f539a09bc89220
                                                                                                                    • Opcode Fuzzy Hash: c687b38761ebdb9ade864cb9382594671d6ccaecf60de292863af35e9df92a4a
                                                                                                                    • Instruction Fuzzy Hash: 87A16B369041089FCF18DF68EC85BAE7BA1EB06314F18015EF815AB392DB399C16DB59
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E290 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __fread_nolock.LIBCMT ref: 0033E2DD
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0033E30A
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 0033E33D
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000001,00000080,00000000), ref: 0033E365
                                                                                                                    • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 0033E39A
                                                                                                                    • WriteFile.KERNEL32(00000000,0000BBEF,00000003,?,00000000), ref: 0033E3C0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateWrite$CloseHandle__fread_nolock
                                                                                                                    • String ID: rb, ccs=UTF-8
                                                                                                                    • API String ID: 3303977354-1143172267
                                                                                                                    • Opcode ID: e20fff83ef0e4cf359b5818b8e63ed018bc7abedd684a619b39d8f2523b939d4
                                                                                                                    • Instruction ID: 2583017aa432ad210ff69637b5a9ef97de92c00a7732d9dac710ff002d01733c
                                                                                                                    • Opcode Fuzzy Hash: e20fff83ef0e4cf359b5818b8e63ed018bc7abedd684a619b39d8f2523b939d4
                                                                                                                    • Instruction Fuzzy Hash: 76411634A00204FBDF219F68DC89FEAB3B8BB05721F10026AF650E71C0D7706A51CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035ECB9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant$FreeH_prolog3String
                                                                                                                    • String ID: `<u
                                                                                                                    • API String ID: 3032559777-3367579956
                                                                                                                    • Opcode ID: 3f8278dec74bee121e1bcc3972bfd8777ebdede90eb18b6e177c7d7a75f0dd39
                                                                                                                    • Instruction ID: a93e8b45a9a489542047fd7af1b3c11699d59501df7b34d1be8d600fdc79c1dd
                                                                                                                    • Opcode Fuzzy Hash: 3f8278dec74bee121e1bcc3972bfd8777ebdede90eb18b6e177c7d7a75f0dd39
                                                                                                                    • Instruction Fuzzy Hash: 41316B7490021AAFDF11DFA0CD59FEE7BB8AF18305F004065F905AB251DA74AE19CF21
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036D8C3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33registrylibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00357D11,?,?), ref: 0036D8D5
                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterApplicationRestart), ref: 0036D8E5
                                                                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 0036D8EE
                                                                                                                    • RtlDecodePointer.NTDLL(C2B6A2C4), ref: 0036D8FC
                                                                                                                    • RegisterApplicationRestart.KERNEL32(?,?,00357D11,?,?), ref: 0036D916
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Pointer$AddressApplicationDecodeEncodeHandleModuleProcRegisterRestart
                                                                                                                    • String ID: RegisterApplicationRestart$kernel32.dll
                                                                                                                    • API String ID: 2334171955-1259503209
                                                                                                                    • Opcode ID: 65c79c1a2155f2e1ff837a23263b4d3ca4edddb7564dd20e9319fca49c950146
                                                                                                                    • Instruction ID: 4471a51deed6d29f142fd740557492fb446b00b98ccb1a04c0f9aeab0d4568b1
                                                                                                                    • Opcode Fuzzy Hash: 65c79c1a2155f2e1ff837a23263b4d3ca4edddb7564dd20e9319fca49c950146
                                                                                                                    • Instruction Fuzzy Hash: 6FF08235B42315AB8B121F64AC0C97A7F9CAB947563024031BD0AE7235DB309C60DEA8
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E3E0 Relevance: 12.2, APIs: 8, Instructions: 201COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,?,7D8B83E9), ref: 0033E463
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 0033E470
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,?), ref: 0033E4AB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$CreateDirectoryExistsFileTemp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2786188043-0
                                                                                                                    • Opcode ID: 33fad6c3055ca6b94291c43ff8270110be333a49b44e4049f825194f276d1a08
                                                                                                                    • Instruction ID: d8ca625e9ff7942edd0a0c15cc9d4987c88927e3090eca2d3ffddf371e1c7508
                                                                                                                    • Opcode Fuzzy Hash: 33fad6c3055ca6b94291c43ff8270110be333a49b44e4049f825194f276d1a08
                                                                                                                    • Instruction Fuzzy Hash: CB81AF70914218DFDB61DF64CC98BE9B7F8BF25304F5005A9E449A3291EB74AE88CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003409F0 Relevance: 12.2, APIs: 8, Instructions: 192fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,7D8B83E9,00000000), ref: 00340A45
                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?), ref: 00340A64
                                                                                                                    • FindCloseChangeNotification.KERNEL32(?), ref: 00340A8A
                                                                                                                    • CloseHandle.KERNEL32(00000001), ref: 00340ABC
                                                                                                                    • PathRemoveExtensionW.SHLWAPI(?,?,?), ref: 00340B1B
                                                                                                                      • Part of subcall function 00340670: PathAddExtensionW.SHLWAPI(?,?,?,?,?), ref: 003406B8
                                                                                                                      • Part of subcall function 003408E0: CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00340C6F,?,?,00000000,?), ref: 00340925
                                                                                                                      • Part of subcall function 003408E0: CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000004,00000080,00000000,?,C0000000,00000003,00000000,00000003,00000080,00000000,?,?), ref: 00340944
                                                                                                                      • Part of subcall function 003408E0: CloseHandle.KERNEL32(00000000,?,40000000,00000000,00000000,00000004,00000080,00000000,?,C0000000,00000003,00000000,00000003,00000080,00000000,?), ref: 0034094E
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000005,00000080,00000000,?,?,00000000,?,?,?,?), ref: 00340C8E
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00340C9B
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00340CCE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseFile$CreateHandle$ExtensionPath$ChangeFindNotificationRemoveSize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1112151327-0
                                                                                                                    • Opcode ID: f7de111667286f8ba2ed111c0b4d4f24ba4df983e9cfed08e5b7f16f54932383
                                                                                                                    • Instruction ID: 3208ecec148c0144105044491e3a69411ea5677786fd0881f3b4149ab9657b0d
                                                                                                                    • Opcode Fuzzy Hash: f7de111667286f8ba2ed111c0b4d4f24ba4df983e9cfed08e5b7f16f54932383
                                                                                                                    • Instruction Fuzzy Hash: D2816A30920218DBCB25DB24CC99BE9B3B8BF55304F1002DAE549AB291EB746F94CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003400C0 Relevance: 10.7, APIs: 7, Instructions: 200COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,7D8B83E9,75B05EE0), ref: 0034015E
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 003401C2
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,0000004C), ref: 0034020D
                                                                                                                    • PathIsFileSpecW.SHLWAPI(?,00000034), ref: 00340259
                                                                                                                    • CloseHandle.KERNEL32(?,00000034), ref: 003402DA
                                                                                                                    • PathFindFileNameW.SHLWAPI(0000004C), ref: 003402F9
                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 0034034E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$CloseDirectoryFileFind$ChangeCreateHandleNameNotificationSpecTemp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 94008183-0
                                                                                                                    • Opcode ID: 4c780e98fdd98ebc9d785e77a381ce92eb327eff88ac79f35de4f268cc548303
                                                                                                                    • Instruction ID: 936c91c52f4352fd4570d755daba4cbbeb51ff72e658e9705cb514aad0362a36
                                                                                                                    • Opcode Fuzzy Hash: 4c780e98fdd98ebc9d785e77a381ce92eb327eff88ac79f35de4f268cc548303
                                                                                                                    • Instruction Fuzzy Hash: 9881A034A102199FCF2ADF64CC98BE9B7B5FF54304F040199D9459B281DB746E99CF60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033A120 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0033BEB0: MultiByteToWideChar.KERNEL32(00000000,00000000,MSXML2.DOMDocument.3.0,00000017,00000000,00000000,7D8B83E9,00000000,?,?,?,?,004DDCA0,000000FF,?,0033A169), ref: 0033BEEC
                                                                                                                      • Part of subcall function 0033BEB0: MultiByteToWideChar.KERNEL32(00000000,00000000,MSXML2.DOMDocument.3.0,00000017,-00000008,00000000,?,?,?,?,004DDCA0,000000FF,?,0033A169,?,?), ref: 0033BF59
                                                                                                                      • Part of subcall function 0033BEB0: GetLastError.KERNEL32(?,?,?,004DDCA0,000000FF,?,0033A169,?,?), ref: 0033BF77
                                                                                                                    • _com_issue_errorex.COMSUPP ref: 0033A196
                                                                                                                      • Part of subcall function 004A15E0: GetErrorInfo.OLEAUT32(00000000,?), ref: 004A1646
                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 0033A23C
                                                                                                                    • _com_issue_error.COMSUPP ref: 0033A2FC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Error$ByteCharLastMultiWide$Info_com_issue_error_com_issue_errorex
                                                                                                                    • String ID: Failed in MSXML create instance error:%d$XMLParser$`<u
                                                                                                                    • API String ID: 597769415-3387166761
                                                                                                                    • Opcode ID: a833556eaf57c54a9c1370833e5ee1922fd8b41abe5a77c76cbed7ad49bbb5bd
                                                                                                                    • Instruction ID: 29483f7fcc95cca3655c93bfbf31e083b8ef3ea9aa7f5833132756b035cf0e81
                                                                                                                    • Opcode Fuzzy Hash: a833556eaf57c54a9c1370833e5ee1922fd8b41abe5a77c76cbed7ad49bbb5bd
                                                                                                                    • Instruction Fuzzy Hash: 5141C471A05608EFDB15DFA8C989BAEBBF8EF05304F104459E805EB381D7759E00CBA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E8FE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 130registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000000,http\shell\open\command,00000000,00020019,?,0052EE6C,00000000,7D8B83E9,00000004,?), ref: 002E906A
                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 002E908A
                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 002E90D3
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 002E9144
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                                    • String ID: Default browser : %s$http\shell\open\command
                                                                                                                    • API String ID: 1586453840-569077617
                                                                                                                    • Opcode ID: fca4a59577a0c1de0a7c3332fc6bff37c9a49216c6210f76605c9acb1585ca28
                                                                                                                    • Instruction ID: 9744556a4d4ec18dacefceb1d7501fce174cb721a66d72087f844dc154388727
                                                                                                                    • Opcode Fuzzy Hash: fca4a59577a0c1de0a7c3332fc6bff37c9a49216c6210f76605c9acb1585ca28
                                                                                                                    • Instruction Fuzzy Hash: 0141B471E50246ABDB11DF64DC06BAFBBB4FF44704F20422EF405AB281EB75AA54CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00363EA8 Relevance: 10.6, APIs: 7, Instructions: 125windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(?), ref: 00363ED5
                                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00363EF7
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?), ref: 00363F11
                                                                                                                    • SendMessageW.USER32(?,00000121,00000001,?), ref: 00363F37
                                                                                                                    • SendMessageW.USER32(?,0000036A,00000000,00000000), ref: 00363F4F
                                                                                                                    • UpdateWindow.USER32(?), ref: 00363F9A
                                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00363FDC
                                                                                                                      • Part of subcall function 00366A15: GetWindowLongW.USER32(?,000000F0), ref: 00366A22
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$PeekSendWindow$CallbackDispatcherLongParentUpdateUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3153985260-0
                                                                                                                    • Opcode ID: a2e81bd6a30c794fafb6f0bdf9666e4be85189f239cfe2d9b1f32732197c7d16
                                                                                                                    • Instruction ID: 60b9a3a13765d4e2598c8c9e1858440786006ea1e0569fecd39c1bc16a86115b
                                                                                                                    • Opcode Fuzzy Hash: a2e81bd6a30c794fafb6f0bdf9666e4be85189f239cfe2d9b1f32732197c7d16
                                                                                                                    • Instruction Fuzzy Hash: BD41D171E00214BBEB169F64C849B6EBBB8BF00715F15C158F901AB1D4DBB4DE54DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035FEB2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78libraryloaderthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0036C407: __EH_prolog3.LIBCMT ref: 0036C40E
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0035FEDA
                                                                                                                    • SetWindowsHookExW.USER32(00000005,00364936,00000000,00000000), ref: 0035FEEA
                                                                                                                    • GetProcAddress.KERNEL32(00000000,HtmlHelpW), ref: 0035FF4D
                                                                                                                    • FreeLibrary.KERNEL32(?,?,Function_00086155,?,00000000,?,0035A613,?,00000000,?,?,?,0035A050,00000024,002DFD91), ref: 0035FF5D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressCurrentFreeH_prolog3HookLibraryProcThreadWindows
                                                                                                                    • String ID: HtmlHelpW$hhctrl.ocx
                                                                                                                    • API String ID: 3379832378-3773518134
                                                                                                                    • Opcode ID: f477d1e56c504a1754a1da8106f686b87d675cbf450cd4f5243a2533fc57e3e8
                                                                                                                    • Instruction ID: 48da2821382f923b9eef3bf38c4bf62cbb4460a9eaabb47101855336eee6f8fa
                                                                                                                    • Opcode Fuzzy Hash: f477d1e56c504a1754a1da8106f686b87d675cbf450cd4f5243a2533fc57e3e8
                                                                                                                    • Instruction Fuzzy Hash: CA21CB35600B059FD7336FA1DC06F267B94EB41762F108435FD469A961DB70D854CAA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C3750 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5620b822ae3cb207af39624d7125ab62ca347de82c099bb5dec475c3fdee26ae
                                                                                                                    • Instruction ID: 8246abde5699a74660a3f1f83416a87f4be74cbf7699b11c0bc89f7ac7d3292a
                                                                                                                    • Opcode Fuzzy Hash: 5620b822ae3cb207af39624d7125ab62ca347de82c099bb5dec475c3fdee26ae
                                                                                                                    • Instruction Fuzzy Hash: 5AB149B8A04209AFDB10DF99DC40FAEBBB1AF99305F04815EF44467392C7799A41CF69
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002EB890 Relevance: 9.2, APIs: 6, Instructions: 155COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002EB8DD
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002EB8FF
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002EB927
                                                                                                                    • __Getctype.LIBCPMT ref: 002EBA07
                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002EBA49
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002EBA73
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1102183713-0
                                                                                                                    • Opcode ID: 3c8876a7fc8feca7ebd6654c26301c69ba591c12bd991fc6ca03823560562379
                                                                                                                    • Instruction ID: 8c5db619d5d8826f2cc56544ff584f982d76948633eb6b76840467ee8ef504e1
                                                                                                                    • Opcode Fuzzy Hash: 3c8876a7fc8feca7ebd6654c26301c69ba591c12bd991fc6ca03823560562379
                                                                                                                    • Instruction Fuzzy Hash: 7B61BBB0D10249CFDB12CF69D5407AEBBF8EB14314F24416ED885AB391EB74AE44CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00359FCE Relevance: 9.1, APIs: 6, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00359FD5
                                                                                                                    • FindResourceW.KERNEL32(?,00000000,00000005,00000024,002DFD91), ref: 0035A016
                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 0035A022
                                                                                                                    • LockResource.KERNEL32(?,00000024,002DFD91), ref: 0035A032
                                                                                                                    • GetDesktopWindow.USER32 ref: 0035A069
                                                                                                                    • SetActiveWindow.USER32(00000000,?,00000024,002DFD91), ref: 0035A17A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$Window$ActiveDesktopFindH_prolog3_catchLoadLock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 444376616-0
                                                                                                                    • Opcode ID: 924f0c06f22e1ef0be34cbacbaeb447b92940a126bdee7996c5317e44e1dd4e5
                                                                                                                    • Instruction ID: 3d4eb76f38927f692239f3477560b1d800692f9cec8f5522e194a1e13124d403
                                                                                                                    • Opcode Fuzzy Hash: 924f0c06f22e1ef0be34cbacbaeb447b92940a126bdee7996c5317e44e1dd4e5
                                                                                                                    • Instruction Fuzzy Hash: 3451A570A00A159FCF129F70CC45FADB7B4BF48312F054115ED06A72A1DB749D44EBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003579F2 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 271COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeH_prolog3_String
                                                                                                                    • String ID: %08lX-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X$RestartByRestartManager$`<u
                                                                                                                    • API String ID: 1868347590-4201609942
                                                                                                                    • Opcode ID: 83eabb38e0c48fa4eeed08e78857ffb2dbe578249569564736fe35e73633ae2c
                                                                                                                    • Instruction ID: 2f8cc62c7b39320e4f11a3f9acc49c2d44314c17b7641d7f10fa7667f8d8678f
                                                                                                                    • Opcode Fuzzy Hash: 83eabb38e0c48fa4eeed08e78857ffb2dbe578249569564736fe35e73633ae2c
                                                                                                                    • Instruction Fuzzy Hash: 03A1D6319041099FCF06EBA4DC95EFEB7B9AF98315F154069F901B72A2DB34AD05CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030F1D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,7D8B83E9,00000000), ref: 0030F285
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileInit_thread_footerModuleName
                                                                                                                    • String ID: Admin and not child process. No need for IPC$Failed to start listening to IPC Packets$InitElevationHandler$Not admin and child process. Error case.
                                                                                                                    • API String ID: 3404962059-3610088692
                                                                                                                    • Opcode ID: 9dea9cd9c04510c014f03843609838edc7d1a99de4ba8f62aef8e591759d9068
                                                                                                                    • Instruction ID: 3e9288effcc8748d7af0a33bb7bf128681f859ed70bdda51488a97b7afb69fb8
                                                                                                                    • Opcode Fuzzy Hash: 9dea9cd9c04510c014f03843609838edc7d1a99de4ba8f62aef8e591759d9068
                                                                                                                    • Instruction Fuzzy Hash: A051E4749513059BCF35AB24CC6ABFE7BA4AF11308F0406EAE805576C2EF355A55CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033F490 Relevance: 7.7, APIs: 5, Instructions: 247filesynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,7D8B83E9,?,?,?,004DE35D,000000FF), ref: 0033F52C
                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 0033F7F3
                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,?,?,?,?,?,00000000), ref: 0033F81C
                                                                                                                    • WriteFile.KERNEL32(?,0053F4A4,00000002,00000000,00000000,?,?,?,?,?,00000000), ref: 0033F83B
                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 0033F872
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Write$MutexObjectPointerReleaseSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3384908094-0
                                                                                                                    • Opcode ID: ba72f5f670bc92ef0ef3d5a1b5be83980f3c7d6653d0ddc9c628409d213eff3d
                                                                                                                    • Instruction ID: 0db282269d31a5b29146015f3a5bbca7010b40190e8061e3aebe3f59734eb768
                                                                                                                    • Opcode Fuzzy Hash: ba72f5f670bc92ef0ef3d5a1b5be83980f3c7d6653d0ddc9c628409d213eff3d
                                                                                                                    • Instruction Fuzzy Hash: 40C11534D142A8DFDB25CF24CD85BE9B7B5BF18304F4041EAE588A6291DBB46AD8CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033EEC0 Relevance: 7.7, APIs: 5, Instructions: 174filesynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,7D8B83E9,?,?,?,004DE21B,000000FF), ref: 0033EF5C
                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 0033F0D2
                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0033F0FB
                                                                                                                    • WriteFile.KERNEL32(?,0053F4A4,00000002,?,00000000), ref: 0033F11A
                                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 0033F151
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Write$MutexObjectPointerReleaseSingleWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3384908094-0
                                                                                                                    • Opcode ID: 5e4ac59ef62ebf823abd8895f7e54e7ac343902cf7bf93c30eb4158a7fa57d93
                                                                                                                    • Instruction ID: 556db520da161f7af6d561770a312a768f3b8854820291137bd69174d5eae764
                                                                                                                    • Opcode Fuzzy Hash: 5e4ac59ef62ebf823abd8895f7e54e7ac343902cf7bf93c30eb4158a7fa57d93
                                                                                                                    • Instruction Fuzzy Hash: 33711D75900359EFDF25DF64CC48B99B7B5FF08310F0181AAE918A72A2D774AA94CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C546B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004BF8F8: RtlFreeHeap.NTDLL(00000000,00000000,?,004C8309,?,00000000,?,?,004C85AA,?,00000007,?,?,004C8B05,?,?), ref: 004BF90E
                                                                                                                      • Part of subcall function 004BF8F8: GetLastError.KERNEL32(?,?,004C8309,?,00000000,?,?,004C85AA,?,00000007,?,?,004C8B05,?,?), ref: 004BF919
                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,004C561E,00000000,00000000,00000000), ref: 004C54DD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFreeHeapInformationLastTimeZone
                                                                                                                    • String ID: &VL$W. Europe Standard Time$W. Europe Summer Time
                                                                                                                    • API String ID: 3335090040-2490263050
                                                                                                                    • Opcode ID: 7971c9b24038a325a4157ad5072448e4c4c7a80f778c4e538852643fca109460
                                                                                                                    • Instruction ID: 8ae56c1f06aa09fa54bb9981952535e55f77d9a613c9e345608bb6e041610fa5
                                                                                                                    • Opcode Fuzzy Hash: 7971c9b24038a325a4157ad5072448e4c4c7a80f778c4e538852643fca109460
                                                                                                                    • Instruction Fuzzy Hash: A141D475900614ABCB10AF6AEC05F9E7B78EF45324B10416FF418A71A1EB38AD85DB98
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E1C00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Edit
                                                                                                                    • API String ID: 0-554135844
                                                                                                                    • Opcode ID: bf2dd61b8cbc5b9c4ce0c0c611176b6e9b6fc590bbab38d5a66801388d7c4fd6
                                                                                                                    • Instruction ID: 16aef78bcbe4f1b6d74e831165eb3ef848a132929a77131409ee90d8e3419667
                                                                                                                    • Opcode Fuzzy Hash: bf2dd61b8cbc5b9c4ce0c0c611176b6e9b6fc590bbab38d5a66801388d7c4fd6
                                                                                                                    • Instruction Fuzzy Hash: 8D11E431300709AADB321F24DC09F657BE8AF10342F198135FD05975B1CBB1D888F656
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035809D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,004F7DE0,00000000,00000001,00000000), ref: 003580E2
                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000004), ref: 00358103
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00358147
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                    • String ID: }O
                                                                                                                    • API String ID: 3677997916-2562969382
                                                                                                                    • Opcode ID: 2ca1a2155e2a63d9ad9ea0c0bd57c99364199761f49923a5c50786cf89df0c29
                                                                                                                    • Instruction ID: b99959b63b0ffd26fa32aa243664af7e848086c4f00387d235aefc8d6a1663e1
                                                                                                                    • Opcode Fuzzy Hash: 2ca1a2155e2a63d9ad9ea0c0bd57c99364199761f49923a5c50786cf89df0c29
                                                                                                                    • Instruction Fuzzy Hash: B4219F72A10605FFEB11CF91DC45BBEB7B8FB1031BF118459E915B6191EBB4AA48CB10
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00344550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,005343B0,00000000,?,003414F9,?,?,Adobe_ADMLogs,0000000D,005343B0,00000001,?,?,?,00340F19,?), ref: 0034455A
                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,003414F9,?,?,Adobe_ADMLogs,0000000D,005343B0,00000001,?,?,?,00340F19,?), ref: 00344572
                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,003414F9,?,?,Adobe_ADMLogs,0000000D,005343B0,00000001,?,?,?,00340F19,?), ref: 00344586
                                                                                                                    Strings
                                                                                                                    • failed to create dir. Error - %d, xrefs: 0034458D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$CreateDirectory
                                                                                                                    • String ID: failed to create dir. Error - %d
                                                                                                                    • API String ID: 1306683694-3765757136
                                                                                                                    • Opcode ID: 5c486b1d86169dfbff52db9ad0adc9d0deb607e18e8d8167ec9bfa1803d73353
                                                                                                                    • Instruction ID: ac05441f446e8fcd162754c5a25b5e0fba24002b16adf32c1d56e9af92d1411d
                                                                                                                    • Opcode Fuzzy Hash: 5c486b1d86169dfbff52db9ad0adc9d0deb607e18e8d8167ec9bfa1803d73353
                                                                                                                    • Instruction Fuzzy Hash: AEF0A735140204BBDF116FA8DC0ABBE7BD8EF87751F140071FA0DDA592C671A455C795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00359CDE Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00359CE5
                                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 00359DE7
                                                                                                                    • GlobalUnWire.KERNEL32(00000000), ref: 00359EDD
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00359EE4
                                                                                                                      • Part of subcall function 00372D70: GetStockObject.GDI32(00000011), ref: 00372D92
                                                                                                                      • Part of subcall function 00372D70: GetStockObject.GDI32(0000000D), ref: 00372D9E
                                                                                                                      • Part of subcall function 00372D70: GetObjectW.GDI32(00000000,0000005C,?), ref: 00372DAF
                                                                                                                      • Part of subcall function 00372D70: GetDC.USER32(00000000), ref: 00372DBE
                                                                                                                      • Part of subcall function 00372D70: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00372DD5
                                                                                                                      • Part of subcall function 00372D70: MulDiv.KERNEL32(?,00000048,00000000), ref: 00372DE1
                                                                                                                      • Part of subcall function 00372D70: ReleaseDC.USER32(00000000,00000000), ref: 00372DED
                                                                                                                      • Part of subcall function 00372A4F: GlobalFree.KERNEL32 ref: 00372A56
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Object$FreeStock$CapsDeviceH_prolog3_catchReleaseWire
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2902530950-0
                                                                                                                    • Opcode ID: c12bffd75d9353ceb704212b926721c36ee488aaba92ec2d54936f1dbe41b45f
                                                                                                                    • Instruction ID: 7436da33c56824f6133d3ef0ffe4495cca19ba36110855a6286c18b7391a6a9d
                                                                                                                    • Opcode Fuzzy Hash: c12bffd75d9353ceb704212b926721c36ee488aaba92ec2d54936f1dbe41b45f
                                                                                                                    • Instruction Fuzzy Hash: FB51803090021ADFCF12DFA4C946FAEBBB4AF58311F15406AEC01BB2A1DB749E15CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033D780 Relevance: 6.2, APIs: 4, Instructions: 157COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlEnterCriticalSection.NTDLL(?), ref: 0033D853
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 0033D85D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3168844106-0
                                                                                                                    • Opcode ID: b85886990fcf6329a3564a3a9de709a8cb7b6aea9d5c330075181a3114b1800d
                                                                                                                    • Instruction ID: 1f992f660f87c90e1d0c4b18787b3c47a48181cb76d77db7f735856ae69a30f8
                                                                                                                    • Opcode Fuzzy Hash: b85886990fcf6329a3564a3a9de709a8cb7b6aea9d5c330075181a3114b1800d
                                                                                                                    • Instruction Fuzzy Hash: CE51D072A00614AFCB16DF94E8C4BAEF7B9FF44310F144559E916AB681D730BD15CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033BEB0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,MSXML2.DOMDocument.3.0,00000017,00000000,00000000,7D8B83E9,00000000,?,?,?,?,004DDCA0,000000FF,?,0033A169), ref: 0033BEEC
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,MSXML2.DOMDocument.3.0,00000017,-00000008,00000000,?,?,?,?,004DDCA0,000000FF,?,0033A169,?,?), ref: 0033BF59
                                                                                                                    • GetLastError.KERNEL32(?,?,?,004DDCA0,000000FF,?,0033A169,?,?), ref: 0033BF77
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                    • String ID: MSXML2.DOMDocument.3.0
                                                                                                                    • API String ID: 1717984340-537116526
                                                                                                                    • Opcode ID: 23879a3d7c87a60e2375de7b32d870ba08cac5b4553172bcf09b5664d5085d3d
                                                                                                                    • Instruction ID: 9a454178e088073597b809b26e0218b4c4d615eb2e560f96322c8627358f77ce
                                                                                                                    • Opcode Fuzzy Hash: 23879a3d7c87a60e2375de7b32d870ba08cac5b4553172bcf09b5664d5085d3d
                                                                                                                    • Instruction Fuzzy Hash: CE313E32D442059BD7229B64CC46BAAF7A4EB40764F15013EFE05E73C0E7749D00CBA6
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036758A Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 003675F9
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00367614
                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036763D
                                                                                                                    • GetDC.USER32(00000000), ref: 00367669
                                                                                                                      • Part of subcall function 002E03E0: FindResourceW.KERNEL32(?,?,00000006), ref: 002E03F8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3$BrushCreateFindResourceSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3647720930-0
                                                                                                                    • Opcode ID: 1bb96eeeeaa3d78ca421e2b383161f60d209f05cecf12c10b436be54af6b9f64
                                                                                                                    • Instruction ID: 56c7930d2171423580b737c74ff3d13ed4aa366c2851070bb69d12861517bce7
                                                                                                                    • Opcode Fuzzy Hash: 1bb96eeeeaa3d78ca421e2b383161f60d209f05cecf12c10b436be54af6b9f64
                                                                                                                    • Instruction Fuzzy Hash: 203106B16006119FCB25EF69D805B6F77E8EF08715B50C52EF609CB206EB74E900CBA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003A5C74 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 003A5CD1
                                                                                                                    • VerSetConditionMask.NTDLL(00000000), ref: 003A5CD9
                                                                                                                    • VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 003A5CEA
                                                                                                                    • GetSystemMetrics.USER32(00001000), ref: 003A5CFB
                                                                                                                      • Part of subcall function 003A646A: __EH_prolog3.LIBCMT ref: 003A6471
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000016), ref: 003A647A
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000F), ref: 003A648D
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000015), ref: 003A64A4
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000F), ref: 003A64B0
                                                                                                                      • Part of subcall function 003A646A: GetDeviceCaps.GDI32(00000014,0000000C), ref: 003A64D8
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000F), ref: 003A64E6
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000010), ref: 003A64F4
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000015), ref: 003A6502
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000016), ref: 003A6510
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000014), ref: 003A651E
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000012), ref: 003A652C
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000011), ref: 003A653A
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000006), ref: 003A6545
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000D), ref: 003A6550
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000E), ref: 003A655B
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000005), ref: 003A6566
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000008), ref: 003A6574
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000009), ref: 003A657F
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000007), ref: 003A658A
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000002), ref: 003A6595
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(00000003), ref: 003A65A0
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000001B), ref: 003A65AE
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000001C), ref: 003A65BC
                                                                                                                      • Part of subcall function 003A646A: GetSysColor.USER32(0000000A), ref: 003A65CA
                                                                                                                      • Part of subcall function 003A5F39: __EH_prolog3_GS.LIBCMT ref: 003A5F43
                                                                                                                      • Part of subcall function 003A5F39: GetDeviceCaps.GDI32(?,00000058), ref: 003A5F63
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A5FCD
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A5FEB
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A6009
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A6027
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A6045
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A6063
                                                                                                                      • Part of subcall function 003A5F39: DeleteObject.GDI32(00000000), ref: 003A6081
                                                                                                                      • Part of subcall function 003A5D59: GetSystemMetrics.USER32(00000031), ref: 003A5D67
                                                                                                                      • Part of subcall function 003A5D59: GetSystemMetrics.USER32(00000032), ref: 003A5D75
                                                                                                                      • Part of subcall function 003A5D59: SetRectEmpty.USER32(005750FC), ref: 003A5D88
                                                                                                                      • Part of subcall function 003A5D59: EnumDisplayMonitors.USER32(00000000,00000000,003A5BF1,005750FC), ref: 003A5D98
                                                                                                                      • Part of subcall function 003A5D59: SystemParametersInfoW.USER32(00000030,00000000,005750FC,00000000), ref: 003A5DA7
                                                                                                                      • Part of subcall function 003A5D59: SystemParametersInfoW.USER32(00001002,00000000,00575120,00000000), ref: 003A5DD4
                                                                                                                      • Part of subcall function 003A5D59: SystemParametersInfoW.USER32(00001012,00000000,00575124,00000000), ref: 003A5DE8
                                                                                                                      • Part of subcall function 003A5D59: SystemParametersInfoW.USER32(0000100A,00000000,00575134,00000000), ref: 003A5E0E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 551326122-0
                                                                                                                    • Opcode ID: c8809e789e1611962f6a05b82c9f23b53e9b118ae4f35202a9eb336cd8866cb7
                                                                                                                    • Instruction ID: a1017ca100cd1021a87dff8e49fd5975638e5fd10fb98c064429cd116c30e0ea
                                                                                                                    • Opcode Fuzzy Hash: c8809e789e1611962f6a05b82c9f23b53e9b118ae4f35202a9eb336cd8866cb7
                                                                                                                    • Instruction Fuzzy Hash: 0111A7B1A00218ABD7159F71AC4AFEA76BCEB89704F00446EB645D6181DAB44A448B90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033A000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _com_issue_errorex.COMSUPP ref: 0033A05D
                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 0033A08A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString_com_issue_errorex
                                                                                                                    • String ID: `<u
                                                                                                                    • API String ID: 3379521860-3367579956
                                                                                                                    • Opcode ID: e8629e757973bc32ee9a621c81ca53dbda3d7a0a693118bce1fd7957e8a8d599
                                                                                                                    • Instruction ID: c6ad81d28d8819a166fd213510688c97cd777e242353c8f4d678629ed33c5dbf
                                                                                                                    • Opcode Fuzzy Hash: e8629e757973bc32ee9a621c81ca53dbda3d7a0a693118bce1fd7957e8a8d599
                                                                                                                    • Instruction Fuzzy Hash: 2021D4B1A00A14ABDB25DF25CC84B6BB7E8EF04724F01462EF865D7290E774E804CA95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00357EED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0036D567: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00357F16,#r5,00000003,?,00000004,#r5), ref: 0036D579
                                                                                                                      • Part of subcall function 0036D567: GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0036D589
                                                                                                                      • Part of subcall function 0036D567: RtlEncodePointer.NTDLL(00000000), ref: 0036D592
                                                                                                                      • Part of subcall function 0036D567: GetLocaleInfoEx.KERNEL32(?,00357F16,#r5,00000003,?,00000004,#r5), ref: 0036D5C0
                                                                                                                    • __snprintf_s.LIBCMT ref: 00357F4B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressEncodeHandleInfoLocaleModulePointerProc__snprintf_s
                                                                                                                    • String ID: #r5$#r5
                                                                                                                    • API String ID: 2832596985-317946052
                                                                                                                    • Opcode ID: 9692f6196bb8d2baba20b9f8991f7cadfb9990b0c8f77ef0f64454a7ec104470
                                                                                                                    • Instruction ID: 6ed72050571d1b6d6bf6550e8e51fb39e9af1dc8dff9845b7cf3791455d7b120
                                                                                                                    • Opcode Fuzzy Hash: 9692f6196bb8d2baba20b9f8991f7cadfb9990b0c8f77ef0f64454a7ec104470
                                                                                                                    • Instruction Fuzzy Hash: A0118B72D04118AEDF12BFA5DC46FA9736CAF15715F0004A5FE01AB0A1E6749A188BA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00357FEF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __snprintf_s
                                                                                                                    • String ID: Cr5$LOC
                                                                                                                    • API String ID: 3587532853-155198603
                                                                                                                    • Opcode ID: f4f0587e7aeb8d3143e80fc5532d027615b95f718c20f3abe0268e1e67643b67
                                                                                                                    • Instruction ID: db0b0c207371b715dd148a46af98e6fd772f316c175201a0393414e7e0087855
                                                                                                                    • Opcode Fuzzy Hash: f4f0587e7aeb8d3143e80fc5532d027615b95f718c20f3abe0268e1e67643b67
                                                                                                                    • Instruction Fuzzy Hash: 8B11C67290010CBACB227BE5DC46EE937A89B15325F0109A6FA01BF0E1ED74DD4C5B95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035EB16 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 0035EB1D
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00000000,00000208,00000008,0035F055,?,00000066), ref: 0035EB51
                                                                                                                      • Part of subcall function 0035ECB9: __EH_prolog3.LIBCMT ref: 0035ECC0
                                                                                                                      • Part of subcall function 0035ECB9: VariantClear.OLEAUT32(?), ref: 0035ED6D
                                                                                                                      • Part of subcall function 0035ECB9: VariantClear.OLEAUT32(?), ref: 0035ED77
                                                                                                                      • Part of subcall function 0035ECB9: VariantClear.OLEAUT32(?), ref: 0035ED81
                                                                                                                      • Part of subcall function 0035ECB9: VariantClear.OLEAUT32(?), ref: 0035ED8B
                                                                                                                      • Part of subcall function 0035ECB9: SysFreeString.OLEAUT32(002E0ED4), ref: 0035ED94
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearVariant$H_prolog3$FileFreeModuleNameString
                                                                                                                    • String ID: res://%Ts/%d
                                                                                                                    • API String ID: 2962255879-1604331681
                                                                                                                    • Opcode ID: 87defa7f6b1d27cf258864709291f82a03eaf0b1ff8b29e0da2002c60e495675
                                                                                                                    • Instruction ID: 949b1485e03441989da4429600290f88823c5e23198c75c13d91035f812eb47f
                                                                                                                    • Opcode Fuzzy Hash: 87defa7f6b1d27cf258864709291f82a03eaf0b1ff8b29e0da2002c60e495675
                                                                                                                    • Instruction Fuzzy Hash: C50184716012189FDB01EB608C56EBF7674EF40315F15442DF951AF152DB749E098B61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003578B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 003578DD
                                                                                                                    • PathFindExtensionW.SHLWAPI(?), ref: 003578F3
                                                                                                                      • Part of subcall function 0035718F: __EH_prolog3_GS.LIBCMT ref: 00357199
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExtensionFileFindH_prolog3_ModuleNamePath
                                                                                                                    • String ID: %Ts%Ts.dll
                                                                                                                    • API String ID: 3433622546-1896370695
                                                                                                                    • Opcode ID: 6d9827e34e76d8b576b7d0405c988b0f004369b49006331fcd45a98feaf7cc52
                                                                                                                    • Instruction ID: 1a661ee3804081ab1bfae8080dfd2a4280fa57b1f54ad33d72dfdaa5e9c30253
                                                                                                                    • Opcode Fuzzy Hash: 6d9827e34e76d8b576b7d0405c988b0f004369b49006331fcd45a98feaf7cc52
                                                                                                                    • Instruction Fuzzy Hash: 2F016231900119ABCB12EBA4EC45EEF77FCEF48301F0100B6E506D7051E774AA09CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033FD80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0033FDF0: GetTempPathW.KERNEL32(00000104,?,7D8B83E9,75B05EE0,?), ref: 0033FE5B
                                                                                                                      • Part of subcall function 0033FDF0: PathFileExistsW.SHLWAPI(?,.trace,?,?,?), ref: 0033FF22
                                                                                                                      • Part of subcall function 0033FDF0: PathFileExistsW.SHLWAPI(?,?,?,.debug), ref: 0033FF85
                                                                                                                    • RtlInitializeCriticalSection.NTDLL(00000074), ref: 0033FDDD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ExistsFile$CriticalInitializeSectionTemp
                                                                                                                    • String ID: | $OOBE.log
                                                                                                                    • API String ID: 2430562486-2809318793
                                                                                                                    • Opcode ID: 76645c3893045c4f5bcc1991877dbf56f7b3daaba516ef0dfda7a880d2fe4b7e
                                                                                                                    • Instruction ID: be04c09a7a81131fccb47889bb6c09dec8ed810cd2a35c8fe1927e19079af3cf
                                                                                                                    • Opcode Fuzzy Hash: 76645c3893045c4f5bcc1991877dbf56f7b3daaba516ef0dfda7a880d2fe4b7e
                                                                                                                    • Instruction Fuzzy Hash: 41F05E30190B109EE321DB64E82ABD67BE46F10705F41481DA1C2577D2CBF07808CB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00356618 Relevance: 4.5, APIs: 3, Instructions: 46windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000030,00000000,00000000,00000000), ref: 00356551
                                                                                                                    • TranslateMessage.USER32(00000030), ref: 00356570
                                                                                                                    • DispatchMessageW.USER32(00000030), ref: 00356577
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$CallbackDispatchDispatcherTranslateUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2960505505-0
                                                                                                                    • Opcode ID: 4a773b01f98816e6ca59f579994fe04c7291e476debb9bfff6f80fa77d1f660a
                                                                                                                    • Instruction ID: 8f3ca35512af7daeef330ef8f9e5e0b4d6d7af23a5b3a7ed1ef306c00af08031
                                                                                                                    • Opcode Fuzzy Hash: 4a773b01f98816e6ca59f579994fe04c7291e476debb9bfff6f80fa77d1f660a
                                                                                                                    • Instruction Fuzzy Hash: 27F0A4323014105B87136B34BD05DBF77ADFF823523464026FC01D7524EB249A4AABA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033E740 Relevance: 4.5, APIs: 3, Instructions: 43fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 0033E768
                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0033E78A
                                                                                                                    • WriteFile.KERNEL32(?,0053249C,00000004,00000000,00000000), ref: 0033E7A3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Write$Pointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2567243663-0
                                                                                                                    • Opcode ID: 646b8c3bfe4902d6031ac1ba5ee580438793fcae0cbe429b868a6a780d606fc1
                                                                                                                    • Instruction ID: f22823b41f2daa2763742001e27ca28e421a57908152f1ad8361f9c996001125
                                                                                                                    • Opcode Fuzzy Hash: 646b8c3bfe4902d6031ac1ba5ee580438793fcae0cbe429b868a6a780d606fc1
                                                                                                                    • Instruction Fuzzy Hash: 8A013176940218BBDB209F80CC46FAA7F6CEB04750F1141A5BE0477291D6B16E50DBE4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035718F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00357199
                                                                                                                      • Part of subcall function 002E21E0: FindResourceW.KERNEL32(00000000,002DFE4B,00000006,002DFE4A), ref: 002E2264
                                                                                                                      • Part of subcall function 002E21E0: LoadResource.KERNEL32(00000000,00000000), ref: 002E2277
                                                                                                                      • Part of subcall function 002E21E0: LockResource.KERNEL32(00000000), ref: 002E2286
                                                                                                                      • Part of subcall function 002E21E0: SizeofResource.KERNEL32(?,?), ref: 002E229C
                                                                                                                      • Part of subcall function 0036D5E0: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,00000108,0035791D,?,?), ref: 0036D613
                                                                                                                      • Part of subcall function 0036D5E0: GetProcAddress.KERNEL32(00000000,GetThreadPreferredUILanguages), ref: 0036D623
                                                                                                                      • Part of subcall function 0036D5E0: RtlEncodePointer.NTDLL(00000000), ref: 0036D62C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$AddressEncodeFindH_prolog3_HandleLoadLockModulePointerProcSizeof
                                                                                                                    • String ID: y
                                                                                                                    • API String ID: 3122441387-4225443349
                                                                                                                    • Opcode ID: 071fa1d30951ac97c2e1092f0bb3c46acdeca964821c553bee40f5d041237372
                                                                                                                    • Instruction ID: 61af31d8b2d939123774e528144ca30f31315bbf97b6e11af43c5bdc1f7fb549
                                                                                                                    • Opcode Fuzzy Hash: 071fa1d30951ac97c2e1092f0bb3c46acdeca964821c553bee40f5d041237372
                                                                                                                    • Instruction Fuzzy Hash: 98215E72C041289BDF22EB54DC42BDD7778AF24314F0042D5FA88A6191DBB45FC88F91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00338D00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,?), ref: 00338D23
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderPathSpecial
                                                                                                                    • String ID: \Adobe
                                                                                                                    • API String ID: 994120019-851535981
                                                                                                                    • Opcode ID: 76cb5512e5dfd50003a75981699215d73a9b366557dbca44845d6c8bb1063e3a
                                                                                                                    • Instruction ID: 042c63f85ba4b149c473f901d6d511756764adfe484ad3af11afb5e12c4e29c8
                                                                                                                    • Opcode Fuzzy Hash: 76cb5512e5dfd50003a75981699215d73a9b366557dbca44845d6c8bb1063e3a
                                                                                                                    • Instruction Fuzzy Hash: 2301D870A0020C6BCB10EF649C4ABEA73BCDF44744F4041EAE805D72C2FAB09E088A84
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036C407 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036C40E
                                                                                                                      • Part of subcall function 0036BEF5: TlsAlloc.KERNEL32(?,0036C43A,00000004,00369CB2,00356155,00367584,002E1FC2,00000001,?,?,?,?,?,00000001,?,?), ref: 0036BF14
                                                                                                                      • Part of subcall function 0036BEF5: RtlInitializeCriticalSection.NTDLL(00574C80), ref: 0036BF25
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                    • String ID: dLW
                                                                                                                    • API String ID: 2369468792-425492144
                                                                                                                    • Opcode ID: 8a2050e0ff0271ea3aa3635fa22ed18eb3298a469ce5294cecefb8ec47ff92d5
                                                                                                                    • Instruction ID: 840e98257ae4985fd30b1566abd40a4fc50d1b6c0527a699907f29b655f468a0
                                                                                                                    • Opcode Fuzzy Hash: 8a2050e0ff0271ea3aa3635fa22ed18eb3298a469ce5294cecefb8ec47ff92d5
                                                                                                                    • Instruction Fuzzy Hash: 3101B1706212029BDF13EF7AD82967D3A64AF50354B11D138A848CF296DF34CD80DB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003581A9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateActCtxWWorker.KERNEL32(?,00358560,00000020), ref: 003581E7
                                                                                                                      • Part of subcall function 003583AC: DeactivateActCtx.KERNEL32(?,00358210,004F7A78,00572F2C,DeactivateActCtx,00000000,?,00366285,00000000,00000000,0036623B,?,?,00000000), ref: 003583CD
                                                                                                                      • Part of subcall function 003583AC: GetProcAddress.KERNEL32(00000000,00366285), ref: 003583DA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressCreateDeactivateProcWorker
                                                                                                                    • String ID: CreateActCtxW
                                                                                                                    • API String ID: 1192707186-1163823230
                                                                                                                    • Opcode ID: 7c4637a223a56bc513d9a52f7e5fafffb41a70a56fc9e15e9b63324eb460fc5b
                                                                                                                    • Instruction ID: 30e10a4707f6c4bed886365addf834edceda98b6b8ac082d2eee50a0747f4d97
                                                                                                                    • Opcode Fuzzy Hash: 7c4637a223a56bc513d9a52f7e5fafffb41a70a56fc9e15e9b63324eb460fc5b
                                                                                                                    • Instruction Fuzzy Hash: 7FE02631A45A346706232B65AC02D2F3E249A51BB2B020212FD04772F1CE604E15ABCA
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E8580 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 002E85B1
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002E8664
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3286764726-0
                                                                                                                    • Opcode ID: 4458abcfe9b3b15a0e3da16406853fdaf4904a9663ac1f3e90d3c9b7dfcec76a
                                                                                                                    • Instruction ID: 5e7da86f4641ece3679c81049ed8457743aa78cabaee929c3890b42809a4e179
                                                                                                                    • Opcode Fuzzy Hash: 4458abcfe9b3b15a0e3da16406853fdaf4904a9663ac1f3e90d3c9b7dfcec76a
                                                                                                                    • Instruction Fuzzy Hash: A621E6F1E007819BEB21DF66C90974BB7ECAB12718F04455DE44997380EB79EA04CB96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C13C0 Relevance: 3.1, APIs: 2, Instructions: 63COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,?,00000000,?,004C13AF,004CCB40,?,00000000,00000000), ref: 004C1416
                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,004C13AF,004CCB40,?,00000000,00000000), ref: 004C1420
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1687624791-0
                                                                                                                    • Opcode ID: 7dbe679e63546cfc15c95a25d3858c1c2ae71e37350f6380ceae19c4288642bb
                                                                                                                    • Instruction ID: 8e7e0b8aca5618cb96be7af331558a0848d0a8605adfa1ac68195eb63432a0ab
                                                                                                                    • Opcode Fuzzy Hash: 7dbe679e63546cfc15c95a25d3858c1c2ae71e37350f6380ceae19c4288642bb
                                                                                                                    • Instruction Fuzzy Hash: A311593761811016D66826756885F7E27499B83738F28025FFC18962F3DE69D882826D
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00364D27 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00366A15: GetWindowLongW.USER32(?,000000F0), ref: 00366A22
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00364D68
                                                                                                                    • GetWindow.USER32(?,00000004), ref: 00364D85
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$LongRect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 463821813-0
                                                                                                                    • Opcode ID: cad711b30bf1055361a5868422145a57512cb6d9f35fe386f5b750081777882f
                                                                                                                    • Instruction ID: d4a4e48c815556490dc15043a42b884405fb79371a97e09984fe012f9abba7d6
                                                                                                                    • Opcode Fuzzy Hash: cad711b30bf1055361a5868422145a57512cb6d9f35fe386f5b750081777882f
                                                                                                                    • Instruction Fuzzy Hash: 81119070F002099BCF06EFA9C881ABEB7B9BF59354F51C569E806E7245DB70ED009B50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C3C15 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,?,00008000,004C120D,00008000,004C120D,?,?,?,004C3D1F,004C120D,74DF0900,00000000,004C120D,?), ref: 004C3C51
                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,?,004C3D1F,004C120D,74DF0900,00000000,004C120D,?,00000000,00008000,004C120D,?,?,004CC96A), ref: 004C3C5E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2976181284-0
                                                                                                                    • Opcode ID: 254c89b5b638bea4002a03d629fa670d696dc66a10b16c331a7ecd2d7cb34ae8
                                                                                                                    • Instruction ID: a94d5b844045a7407526870bb7bb469389388c6d1f7f71bdde1de6be9b509624
                                                                                                                    • Opcode Fuzzy Hash: 254c89b5b638bea4002a03d629fa670d696dc66a10b16c331a7ecd2d7cb34ae8
                                                                                                                    • Instruction Fuzzy Hash: 49018E37614208AFCB048F59DC09DAE3B29DB80324B24410EF811A72D1EA75DE51CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035BE20 Relevance: 3.0, APIs: 2, Instructions: 44comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3Initialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3221705332-0
                                                                                                                    • Opcode ID: fd11fe1ac35bb4fb75a47caf406bb07a482ca3e6f0268bfba04b9fc0ca06f986
                                                                                                                    • Instruction ID: 3bf6ba0aed7489de7e894a8ed7b5f3fcb3fefa8fe2c3af7e5eaf01315edd52f8
                                                                                                                    • Opcode Fuzzy Hash: fd11fe1ac35bb4fb75a47caf406bb07a482ca3e6f0268bfba04b9fc0ca06f986
                                                                                                                    • Instruction Fuzzy Hash: 7A01D470A007119BCB27BB74980BB9FB9A8BF40721F040236EA15CB1B2DB399509C795
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00366FF0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 848690642-0
                                                                                                                    • Opcode ID: addc53409d9d2aa3bb7a4c4d38411d8cc5e33be81a7d8aeefdc75a92ca1c5f84
                                                                                                                    • Instruction ID: 2385b4402a87d06ca798b6285293738b55b5d945d36f27a65a0e391fff7de6b8
                                                                                                                    • Opcode Fuzzy Hash: addc53409d9d2aa3bb7a4c4d38411d8cc5e33be81a7d8aeefdc75a92ca1c5f84
                                                                                                                    • Instruction Fuzzy Hash: E4F0E236204906AFCB125F21DC88929BB79FFA43697518136E50983A35DB729C64EBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004BF8F8 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,004C8309,?,00000000,?,?,004C85AA,?,00000007,?,?,004C8B05,?,?), ref: 004BF90E
                                                                                                                    • GetLastError.KERNEL32(?,?,004C8309,?,00000000,?,?,004C85AA,?,00000007,?,?,004C8B05,?,?), ref: 004BF919
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 485612231-0
                                                                                                                    • Opcode ID: 1d3b6edd7dc19552b840ee71685e12547f3ea2dd73be4db4531dbd68cb4a9972
                                                                                                                    • Instruction ID: be745a988bc197a1422a09c7c2cd31f329d3638762a2db6fcd3b6513ca57a9a5
                                                                                                                    • Opcode Fuzzy Hash: 1d3b6edd7dc19552b840ee71685e12547f3ea2dd73be4db4531dbd68cb4a9972
                                                                                                                    • Instruction Fuzzy Hash: 09E0CD32104214BBDB112FE5FC0C7953B59AB54359F004035F70CD6171D638D855CB9C
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0970A0F4 Relevance: 3.0, Instructions: 2977COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 84a7bc5419860c94a321f7706a20cb58aa85b8352ba73d3f9a956dfd8071777f
                                                                                                                    • Instruction ID: 08dfa15f6c500dc4611e0b9ba58fa71d75d9040518abb9183aea1cf420f4ede2
                                                                                                                    • Opcode Fuzzy Hash: 84a7bc5419860c94a321f7706a20cb58aa85b8352ba73d3f9a956dfd8071777f
                                                                                                                    • Instruction Fuzzy Hash: A833CD72E04304DFDB24CE64C8A2BAAB7E4AFC4758F19455DE84AAB3C1D7B49D40CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 097036D0 Relevance: 2.9, Instructions: 2936COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000003.2442659405.0000000009703000.00000004.00000800.00020000.00000000.sdmp, Offset: 09703000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_3_9703000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ed35c599786c922159c7d741964a553f1a3311c3d954c701492f41d90af68da6
                                                                                                                    • Instruction ID: 2ab585f815aa05e46f670d29da91fdb060284d80d81df594a26a5cf51e467261
                                                                                                                    • Opcode Fuzzy Hash: ed35c599786c922159c7d741964a553f1a3311c3d954c701492f41d90af68da6
                                                                                                                    • Instruction Fuzzy Hash: EB330F72E04304DBDB20CF65C8A2BAAB3E1ABC4758F14455DF946AB3C1E7B4AC41CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004AD5B0 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 5759b38852dd3b13d65e4348250d0163e0d2d7b4cb78ed43d894f85614cd4cc4
                                                                                                                    • Instruction ID: 10f9e2d6ec9158dc45f60f9f69014136be51202d765201754096ca55acc53d03
                                                                                                                    • Opcode Fuzzy Hash: 5759b38852dd3b13d65e4348250d0163e0d2d7b4cb78ed43d894f85614cd4cc4
                                                                                                                    • Instruction Fuzzy Hash: 8151D574E00108AFDF15CF58CC85AAA7BB1EFAA314F248159F80A9B352D335DE41CB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E2BB0 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002E2D00
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 118556049-0
                                                                                                                    • Opcode ID: 3379d8afca76cd0a44bcd3cfd33cea7392d95cabee6995a879a79856c43fa8f6
                                                                                                                    • Instruction ID: 78a1772f0deab1f58a6fdc14a2f0e4953ac6330794042c80b5766e2647e1545e
                                                                                                                    • Opcode Fuzzy Hash: 3379d8afca76cd0a44bcd3cfd33cea7392d95cabee6995a879a79856c43fa8f6
                                                                                                                    • Instruction Fuzzy Hash: BB412772A10155EBCB05DF6DCC80AAEB7AAFF49300F65026AF806D7301D730DE269B95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035EF31 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClientRect.USER32(?,?), ref: 0035EF5C
                                                                                                                      • Part of subcall function 00366FF0: IsWindow.USER32(?), ref: 00366FFF
                                                                                                                      • Part of subcall function 00366FF0: SetWindowTextW.USER32(?,?), ref: 0036701B
                                                                                                                      • Part of subcall function 0035EB16: __EH_prolog3.LIBCMT ref: 0035EB1D
                                                                                                                      • Part of subcall function 0035EB16: GetModuleFileNameW.KERNEL32(?,00000000,00000208,00000008,0035F055,?,00000066), ref: 0035EB51
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientFileH_prolog3ModuleNameRectText
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 563636132-0
                                                                                                                    • Opcode ID: 51c22e0b6e9aa97f9924a5a827e38bfad142b304a6576596045fb2adde27ac6b
                                                                                                                    • Instruction ID: 81fbf1e7c4f83eba2609d0ae6ab15377385cb407b07a4af577874a3bd8538934
                                                                                                                    • Opcode Fuzzy Hash: 51c22e0b6e9aa97f9924a5a827e38bfad142b304a6576596045fb2adde27ac6b
                                                                                                                    • Instruction Fuzzy Hash: C3419170300615AFDB0AEB30DC51F7E7769BF88305F040169E906DB2E2DF64AE199BA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035FA18 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 0035FA1F
                                                                                                                      • Part of subcall function 0036C407: __EH_prolog3.LIBCMT ref: 0036C40E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3H_prolog3_catch_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 863784098-0
                                                                                                                    • Opcode ID: 1b6075b545930da65fab12952c5d65c1bff848dacc71709810cf7f3a6f280378
                                                                                                                    • Instruction ID: b02f06e26e4cce011d3fcb2a8ab0cd385379206e0efb845996148e4aae8b8985
                                                                                                                    • Opcode Fuzzy Hash: 1b6075b545930da65fab12952c5d65c1bff848dacc71709810cf7f3a6f280378
                                                                                                                    • Instruction Fuzzy Hash: 47312475E0020EDFCF05DFA4C8919EEBBB5BF88315F14406AE901AB361C774A954CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033D030 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0006D0C0,00000000,00000000,00000000), ref: 0033D07A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2422867632-0
                                                                                                                    • Opcode ID: ba81ef55e941c919f2587171e4b9438f2584902858d6bbfa899cc785e5d1066c
                                                                                                                    • Instruction ID: c980babdc22e14a56d95fc195888ec95c4ec7a0bf786e0fcea49d09e8a4d0b4a
                                                                                                                    • Opcode Fuzzy Hash: ba81ef55e941c919f2587171e4b9438f2584902858d6bbfa899cc785e5d1066c
                                                                                                                    • Instruction Fuzzy Hash: 8811C672A82314ABD7358F65AC41B9AFBD8EF51F60F11416FEC489B340D5729816C7D0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00357750 Relevance: 1.6, APIs: 1, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,0000036A,00000000,00000000), ref: 00357771
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 410705778-0
                                                                                                                    • Opcode ID: 4927d3fd4732f30c9503fe467698a62badc9467ba6ddb728fd11add20bf3cd5d
                                                                                                                    • Instruction ID: f8aa86777fe0228dec107656febee1b8b8740652eee56739d3d938f0fcf5922c
                                                                                                                    • Opcode Fuzzy Hash: 4927d3fd4732f30c9503fe467698a62badc9467ba6ddb728fd11add20bf3cd5d
                                                                                                                    • Instruction Fuzzy Hash: A91181792041149FCB169F58E84487D7BB5FF9872171580BAED09C7361DB309C15DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033C000 Relevance: 1.6, APIs: 1, Instructions: 61comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 50675133e37f8eac57553d9995ca0c3f04b9c6f53978c9d1fb2cc0635739204d
                                                                                                                    • Instruction ID: bfb0d61b1539015bfdedb3baa29d4dc23e3dbf982aeda53f46f0cb1079bea2c7
                                                                                                                    • Opcode Fuzzy Hash: 50675133e37f8eac57553d9995ca0c3f04b9c6f53978c9d1fb2cc0635739204d
                                                                                                                    • Instruction Fuzzy Hash: 12113A71A44655EFD715CF58CC44F6ABBB8FB49B20F104269E811E7390DB71AC10CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C1251 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __wsopen_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3347428461-0
                                                                                                                    • Opcode ID: 67cc45aa37e2c2bb0d755e59ccb63087d6c710fa92bfbb301f60830ccb28b5c6
                                                                                                                    • Instruction ID: 207caf851fa2376838e5dbec2da1214c9a0ebee38d7b0ae075736cf8c5800afc
                                                                                                                    • Opcode Fuzzy Hash: 67cc45aa37e2c2bb0d755e59ccb63087d6c710fa92bfbb301f60830ccb28b5c6
                                                                                                                    • Instruction Fuzzy Hash: A2116D75A0420AAFCB05DF58E941E9B7BF8EF49304F14405AF808E7311D630ED11CB65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003577F8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: H_prolog3
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 431132790-0
                                                                                                                    • Opcode ID: 40717dcd828f6186c3ff6bd8d0927ae6cc6fc659e39bca601404f27b2075aada
                                                                                                                    • Instruction ID: 37f56af2ae3ac6646310f046b43b5cedb54a635ce1b6db145ec4bde56306d89d
                                                                                                                    • Opcode Fuzzy Hash: 40717dcd828f6186c3ff6bd8d0927ae6cc6fc659e39bca601404f27b2075aada
                                                                                                                    • Instruction Fuzzy Hash: DA114A347001208FCB05EB64C8A8B7C37A5AF98705F0940BAE906DB3A6CF746C09CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00374935 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CopyRect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1989077687-0
                                                                                                                    • Opcode ID: 56b9849680a5f8df3258436788235af13eab60b13e6d0b8b1d5486b805c0f3b7
                                                                                                                    • Instruction ID: 2efa751fddf5a6d0ef9bcc3b83d45a3043a721aa5da7ad42f43ff0bacf748178
                                                                                                                    • Opcode Fuzzy Hash: 56b9849680a5f8df3258436788235af13eab60b13e6d0b8b1d5486b805c0f3b7
                                                                                                                    • Instruction Fuzzy Hash: 74118D76A0020DAF8F05CFA9D9858EEBBF9FB4C314B10412AE919E3210D734A915DFA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00364653 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 975332729-0
                                                                                                                    • Opcode ID: 9460771140e216bd04c7ea94ca5c002ecc80ac9b22e725b57bb9b4ca8b469395
                                                                                                                    • Instruction ID: ae9fafb518c59ddd0c0cdd5e2c13f27badb914250f3d5f4daf67ddbbcdc19db4
                                                                                                                    • Opcode Fuzzy Hash: 9460771140e216bd04c7ea94ca5c002ecc80ac9b22e725b57bb9b4ca8b469395
                                                                                                                    • Instruction Fuzzy Hash: C0F0E936700106AB8B029B65DC4497EB76DEFE7765716C036EC0AC7304DBB0EC0196A0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035A6D1 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateDialogIndirectParamW.USER32(?,00000000,?,00000000,00359ADF), ref: 0035A71E
                                                                                                                      • Part of subcall function 00358331: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358345
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDebugDialogIndirectOutputParamString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3066322445-0
                                                                                                                    • Opcode ID: 79ef00c7397ae6b41d8b943c375072627b146d657f139082f055ecab29519af5
                                                                                                                    • Instruction ID: edf3fd1b79d27c09041f9ce90a75390d55f7dd54e32dde46b82090e83fe8651a
                                                                                                                    • Opcode Fuzzy Hash: 79ef00c7397ae6b41d8b943c375072627b146d657f139082f055ecab29519af5
                                                                                                                    • Instruction Fuzzy Hash: 6A0169329007099FDF229FE5DC05BAD7BB0FB18366F01852AE911A11A0C779C958FF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035827D Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(?,?,00000000,00558900,00000010,00360AA8,?,00000000,00000800,?,00000000), ref: 003582C4
                                                                                                                      • Part of subcall function 00358331: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,00000105,?,00366212,00000000,00559478,00000010,00360B0A,?,?,?,00000000), ref: 00358345
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DebugLibraryLoadOutputString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 137895185-0
                                                                                                                    • Opcode ID: 1372bf12aa5e682891b74a273685fe089f35062bc2dadae5e0d5cf203341a945
                                                                                                                    • Instruction ID: e6267cc1f6b1c0c2aba378e400db362c129c5d0e1ae79ee5b205b4a971ba4dde
                                                                                                                    • Opcode Fuzzy Hash: 1372bf12aa5e682891b74a273685fe089f35062bc2dadae5e0d5cf203341a945
                                                                                                                    • Instruction Fuzzy Hash: EA018C72A00609DFDF229FA8D805BAD7BB4FB14367F01882AE811A12A0DB788548DF11
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004BFFC4 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 004BFFF6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 74a50977b6a4c917182f23d8cc028b0df6bc73595f99b00f24d742667e836904
                                                                                                                    • Instruction ID: 94bbb5f8d16ca4b66bf06c159242f6210e68d64a36f33c3619320bde975f8442
                                                                                                                    • Opcode Fuzzy Hash: 74a50977b6a4c917182f23d8cc028b0df6bc73595f99b00f24d742667e836904
                                                                                                                    • Instruction Fuzzy Hash: 61E0E539204224A6D6702663BC05FBB3748AF527A8F02012BBD0D966C2CA28CC0196BD
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00366B01 Relevance: 1.5, APIs: 1, Instructions: 27windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDialogMessageW.USER32(?,?), ref: 00366B39
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DialogMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 547518314-0
                                                                                                                    • Opcode ID: b015f9aa9e9f11629d8874a28069243108bbf5db841274394e8a1241ab1df1d6
                                                                                                                    • Instruction ID: 49c7eb2eeeee9019b025fc6482d82946703ab406f74f4c4583626633aa27dc70
                                                                                                                    • Opcode Fuzzy Hash: b015f9aa9e9f11629d8874a28069243108bbf5db841274394e8a1241ab1df1d6
                                                                                                                    • Instruction Fuzzy Hash: BEE06D3A201114AFCB025F4AE884CAABB69FF9C3607018061F90897266C7B19920EA90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00367044 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(?,?,?,?,00363F97,00000001,?,00000000,?,00000000), ref: 00367055
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268545403-0
                                                                                                                    • Opcode ID: aecd3698f6aa8e37aeb1d3d96d6aca5ff6795a5b5c321107ed3c6f6dd4828e8f
                                                                                                                    • Instruction ID: 6e3f05c3dc420d72a5d3ba67758d35dae70d4b78eb7599e6e3603fd9a384ea1b
                                                                                                                    • Opcode Fuzzy Hash: aecd3698f6aa8e37aeb1d3d96d6aca5ff6795a5b5c321107ed3c6f6dd4828e8f
                                                                                                                    • Instruction Fuzzy Hash: 81E04F36300114ABCA025F45D808DA97F7AEFD53A5B118066E94987271D7329822EB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F3130 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 002F3147
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2525500382-0
                                                                                                                    • Opcode ID: e61c2b1da5a5925548b3cb264c44248cf59a32282603606f015bd6f6ab07c784
                                                                                                                    • Instruction ID: fc6f405b3b75037292739f907c35af56001a4164243b9aaa3bc60640b976fd95
                                                                                                                    • Opcode Fuzzy Hash: e61c2b1da5a5925548b3cb264c44248cf59a32282603606f015bd6f6ab07c784
                                                                                                                    • Instruction Fuzzy Hash: 27D0127521421F5BC7249EA89804566B7DC9B246A4B100436A748D7600F570D8608B95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035A78B Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SHGetMalloc.SHELL32(00000004), ref: 0035A7AB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Malloc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2696272793-0
                                                                                                                    • Opcode ID: 59bb935c8cf06d0e80ca7b17b8b1fda30cdf07ed762ca2b62fc186044fcb7a31
                                                                                                                    • Instruction ID: 61eeaee69ae40cffcc5e4f6fddcc985b61664e496c13a1a878b760b9747593d5
                                                                                                                    • Opcode Fuzzy Hash: 59bb935c8cf06d0e80ca7b17b8b1fda30cdf07ed762ca2b62fc186044fcb7a31
                                                                                                                    • Instruction Fuzzy Hash: 21E05B706147258FC720DF55F84975176F89B04766F10441EE954C3162E778A4CC9B44
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004CC694 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,004CC9F6,?,?,00000000,?,004CC9F6,00000000,0000000C), ref: 004CC6B1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: b742909afb6853ba1357d20970c9376506afb7b05028f0d9d64977bafe32a03f
                                                                                                                    • Instruction ID: 9b1d245d5ecf4a98061b0858b70b298506779a75c43097ffc4be99c83aa09fec
                                                                                                                    • Opcode Fuzzy Hash: b742909afb6853ba1357d20970c9376506afb7b05028f0d9d64977bafe32a03f
                                                                                                                    • Instruction Fuzzy Hash: 89D06C3200010DBBDF028F84DD06EDA3BAAFB88714F014010BA5866021C732E872EB94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003A5BCB Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoW.USER32(00000029,?,?,00000000), ref: 003A5BE7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoParametersSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3098949447-0
                                                                                                                    • Opcode ID: 6613adaabca34b377bca01cd1a0ee5feb17f19b3c574aea9e94ccacf1c9a8ec7
                                                                                                                    • Instruction ID: 6157f9159fbe8c2617d3c40fa0bc37c22d7ba84d42de4294ded356aede94ff7c
                                                                                                                    • Opcode Fuzzy Hash: 6613adaabca34b377bca01cd1a0ee5feb17f19b3c574aea9e94ccacf1c9a8ec7
                                                                                                                    • Instruction Fuzzy Hash: 0AD01270184608EFE7015F40DC09FE237A8EB15716F444074F60C4E1A0C7B66891DFB4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036838F Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0036839E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DeleteObject
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1531683806-0
                                                                                                                    • Opcode ID: 5d9aac39031d268eba7a702c198b2f5ab22c280b1cca2a097b317f6ed9829fb4
                                                                                                                    • Instruction ID: e9c35e35c4f9b4995dd709b3db993c597f88fb95070b81567c4c60b93cfbd4bf
                                                                                                                    • Opcode Fuzzy Hash: 5d9aac39031d268eba7a702c198b2f5ab22c280b1cca2a097b317f6ed9829fb4
                                                                                                                    • Instruction Fuzzy Hash: 92B09268811201AFDE4167308A4C72626545B88706F70CAA4B000C510AEE3A8442C500
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E7350 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 002E750A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 7ab252533ac212f112773a71b4e7547cda7a9dd0b978fd8a863c9fc6cc221584
                                                                                                                    • Instruction ID: 6fce1d42b97ad2168df6e1fb3f548a023a2d639fe69575657c7cfcd8011ad4af
                                                                                                                    • Opcode Fuzzy Hash: 7ab252533ac212f112773a71b4e7547cda7a9dd0b978fd8a863c9fc6cc221584
                                                                                                                    • Instruction Fuzzy Hash: EA519BB090074AEFEB10DFA4C859B9ABBF5FF04308F10821DE419AB291E775A558CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0807D000 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905876870.0000000008060000.00000010.00000800.00020000.00000000.sdmp, Offset: 08060000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_8060000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: !
                                                                                                                    • API String ID: 0-3030040504
                                                                                                                    • Opcode ID: c09fb3df672a6701aff3331158c5ed6c896c17f30013da9461343f622f4a9bb6
                                                                                                                    • Instruction ID: 079e6b590464f386582c33325ebef5e5bec9122cf645b505ecce68590f2a64f7
                                                                                                                    • Opcode Fuzzy Hash: c09fb3df672a6701aff3331158c5ed6c896c17f30013da9461343f622f4a9bb6
                                                                                                                    • Instruction Fuzzy Hash: 17510330D04704EFDB20CF59C981BAAB7F6FF45325F04424DE95AAB284D7B5A882CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00312330 Relevance: 1.3, APIs: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0031235D
                                                                                                                      • Part of subcall function 002D8620: __Init_thread_footer.LIBCMT ref: 002D8742
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footerInitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1027553183-0
                                                                                                                    • Opcode ID: 2821706a3e1a320c0d8c9385b78962f2e25b60072db32aa5436b38dee8eb7b41
                                                                                                                    • Instruction ID: 45ed2b61af2a3e3c94f34f124e88a5e1634ef8238ed8856c8be7ec7484efa59d
                                                                                                                    • Opcode Fuzzy Hash: 2821706a3e1a320c0d8c9385b78962f2e25b60072db32aa5436b38dee8eb7b41
                                                                                                                    • Instruction Fuzzy Hash: 2B21B131A10604ABCB15DF54C841B9FB7B9FF44710F014A2AE81597681D734B964CBE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003221F0 Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 003221F5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Initialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2538663250-0
                                                                                                                    • Opcode ID: 4f3113811415061243fe53572171097809f0a724e878dc1fd340a3a00470feb3
                                                                                                                    • Instruction ID: f204786184ffda6b1a2a2934f74d9f7c793023a16f1482da5d354b1933ee0c18
                                                                                                                    • Opcode Fuzzy Hash: 4f3113811415061243fe53572171097809f0a724e878dc1fd340a3a00470feb3
                                                                                                                    • Instruction Fuzzy Hash: D9E0127150070DDFDF01AF68EC056A93BB1FF84310F104169F9088A251DB32E871CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09708A56 Relevance: 1.2, Instructions: 1173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 22637b698fb369da249dc690f4c4ab4e11b734b5bdaefb46f7f118b7f3a1e473
                                                                                                                    • Instruction ID: b92de768db1dde4b6e3d734f1c6d39b68dd94df617d9a8f2b124fc4f9537c6a4
                                                                                                                    • Opcode Fuzzy Hash: 22637b698fb369da249dc690f4c4ab4e11b734b5bdaefb46f7f118b7f3a1e473
                                                                                                                    • Instruction Fuzzy Hash: 4D615976E00215DBDB14CF59C4A1BAEB7E5EB89350F008169EA55AB3C2D374EC41CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0970A6C2 Relevance: 1.1, Instructions: 1110COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 421113f948fb183dc83e072e574e7bf1f8559351fe62e58fd95d218875db5db8
                                                                                                                    • Instruction ID: 306f749c9c5550491d2b92beaa1bae1824c246e1d752457db1842c88cc2dfe5c
                                                                                                                    • Opcode Fuzzy Hash: 421113f948fb183dc83e072e574e7bf1f8559351fe62e58fd95d218875db5db8
                                                                                                                    • Instruction Fuzzy Hash: 27A29972E04314CFDB28CF68C8A5BA9B7F1BBC8354F158199E849AB391D770AD41CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0807E000 Relevance: .7, Instructions: 740COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905876870.0000000008060000.00000010.00000800.00020000.00000000.sdmp, Offset: 08060000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_8060000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 0d894a4763dbfc5903ee9e2b0d9616006dcd1f5aec1c27ee9e6f129a2516629b
                                                                                                                    • Instruction ID: ea409c297b8b7e0e999e7c4eed51bafdafe4d756afada2e713603451e2f60bd3
                                                                                                                    • Opcode Fuzzy Hash: 0d894a4763dbfc5903ee9e2b0d9616006dcd1f5aec1c27ee9e6f129a2516629b
                                                                                                                    • Instruction Fuzzy Hash: 99420971F02254DFEB20CB58C8C1ABDB7E6EB45B16F1841DCE8056B385D7B4AC4287A9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09709000 Relevance: .7, Instructions: 683COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3e74a178a1222c74ed2b7a53e97316c66d793e5875fa338a228559ff24edea30
                                                                                                                    • Instruction ID: e5ea9648ca3b5019202a3457b7a1095c93d658dc9f9ca38c49f2e344b3b36408
                                                                                                                    • Opcode Fuzzy Hash: 3e74a178a1222c74ed2b7a53e97316c66d793e5875fa338a228559ff24edea30
                                                                                                                    • Instruction Fuzzy Hash: 3042AF72E04205DFDB10CF95C8E1AAEB7F1ABC8354F148459EA56AB3C2D375AC41CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0970A502 Relevance: .6, Instructions: 650COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 53fb9de90026b36e5266d81945dfeb47de7b206b44c08211562baa39ff751d3b
                                                                                                                    • Instruction ID: e61b6449ceb6638b5107c68ab83cb24b8e262fd72ae4e0495f2c70e758427c7c
                                                                                                                    • Opcode Fuzzy Hash: 53fb9de90026b36e5266d81945dfeb47de7b206b44c08211562baa39ff751d3b
                                                                                                                    • Instruction Fuzzy Hash: B4428C72E04314CBDB28CF68C8A5BA9B7E1BBC8314F25859DE859AB391D771DD41CB80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09703C62 Relevance: .6, Instructions: 632COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000003.2442659405.0000000009703000.00000004.00000800.00020000.00000000.sdmp, Offset: 09703000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_3_9703000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 08657ae680cb621e0bff1f55bbc2806c36cf3b867180a2f9093d65ac6c70cded
                                                                                                                    • Instruction ID: b3661eebc182638cabd62d18be30fb19dcdadfbe939d1e823815272353f4617f
                                                                                                                    • Opcode Fuzzy Hash: 08657ae680cb621e0bff1f55bbc2806c36cf3b867180a2f9093d65ac6c70cded
                                                                                                                    • Instruction Fuzzy Hash: 5232BF72E04214CBDB24CF18C8A1BAAB7F1AFC8714F25865DE959AB391D771EC41CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0970F9A8 Relevance: .3, Instructions: 343COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907130948.0000000009707000.00000010.00000800.00020000.00000000.sdmp, Offset: 09707000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9707000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ed40b347aad3e24bb958edff1afa49104970d5324ceb399c51fd72610362c3d0
                                                                                                                    • Instruction ID: 028fc0591ffbe679ea3defbf0137a1dd77258b2160699bf897bf464099eb355a
                                                                                                                    • Opcode Fuzzy Hash: ed40b347aad3e24bb958edff1afa49104970d5324ceb399c51fd72610362c3d0
                                                                                                                    • Instruction Fuzzy Hash: E5C1B072A00204DFDB34CF24C8A2B7AB7E5AFC9754F148599E846AB381D775EC42CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 097036E4 Relevance: .2, Instructions: 155COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000003.2442659405.0000000009703000.00000004.00000800.00020000.00000000.sdmp, Offset: 09703000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_3_9703000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 37fcd924510778f56b69662106ddfba4d01056639d32b9b020d25b3ba78fc6cf
                                                                                                                    • Instruction ID: 06d87bf4c9d1646d0d7086100ed0b7dd6166f676cfad8b2750f486a32fd982ea
                                                                                                                    • Opcode Fuzzy Hash: 37fcd924510778f56b69662106ddfba4d01056639d32b9b020d25b3ba78fc6cf
                                                                                                                    • Instruction Fuzzy Hash: 11617672E04218DBDB20CF09C9A1BACF7F6BFC4314F158589E999A7391D770A991CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09700C8E Relevance: .2, Instructions: 152COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907072015.0000000009700000.00000010.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9700000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 6879fdcf67a9e82911406b33a99ce9159483679bdc8cdb0ce134763aefc33248
                                                                                                                    • Instruction ID: de1fea00b0ee6bc508b3d449fdbb197c84b08a5de5daad9154ffa8b5d810a9aa
                                                                                                                    • Opcode Fuzzy Hash: 6879fdcf67a9e82911406b33a99ce9159483679bdc8cdb0ce134763aefc33248
                                                                                                                    • Instruction Fuzzy Hash: 5C41D533B41304DBDB24AA2588E6B7677D5AFC5BA5F040169F906AB3C1D7B89C40C6A1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0806E800 Relevance: .1, Instructions: 122COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905876870.0000000008060000.00000010.00000800.00020000.00000000.sdmp, Offset: 08060000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_8060000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: f56debecb1fe799acb286100ce72d838e98979483f2fe759028d2806830bac29
                                                                                                                    • Instruction ID: 9171fa9d1a7988462df437717ac13f5f666f5f4b2d1fe5b9ea26ea8111675f2f
                                                                                                                    • Opcode Fuzzy Hash: f56debecb1fe799acb286100ce72d838e98979483f2fe759028d2806830bac29
                                                                                                                    • Instruction Fuzzy Hash: 1241BB79904305DFDB14CF55C881AAAF7E6FF89321F24825DE999A7340D330A961CBE1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0806E600 Relevance: .1, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905876870.0000000008060000.00000010.00000800.00020000.00000000.sdmp, Offset: 08060000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_8060000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1613f9c9d6af6ae9c6d24de3fc8c045d3aed32642f279f2af641e6a7e6fb8dac
                                                                                                                    • Instruction ID: 4022e2b359e5f280146e62dd85be6199ac605c6d19e1acf3a1feba3ec5c8bfbd
                                                                                                                    • Opcode Fuzzy Hash: 1613f9c9d6af6ae9c6d24de3fc8c045d3aed32642f279f2af641e6a7e6fb8dac
                                                                                                                    • Instruction Fuzzy Hash: 4141F574A08308DFD720CF59D980B99BBE1FB05339F24424CE554AB3C1D7B56862CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0807F800 Relevance: .1, Instructions: 86COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905876870.0000000008060000.00000010.00000800.00020000.00000000.sdmp, Offset: 08060000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_8060000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 13f4de8a58556985ddcaec18ae0dd1d4510d3ed7910f396d25af455cbdbeb3f9
                                                                                                                    • Instruction ID: c9eb68044ebcab12694ae67ed8efb3d03c2071d1703def470d8b4e105bf78901
                                                                                                                    • Opcode Fuzzy Hash: 13f4de8a58556985ddcaec18ae0dd1d4510d3ed7910f396d25af455cbdbeb3f9
                                                                                                                    • Instruction Fuzzy Hash: 9B214571E4530AAFDB50CF698881FADB3A9EF48715F05019EE904E7350DBB4AC40C6E9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09700974 Relevance: .1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907072015.0000000009700000.00000010.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9700000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3fe8afe699bc98f24e58641c0a125d790f2f0a101bbbe42941d364bd64b43996
                                                                                                                    • Instruction ID: 744205dde665afec43a19f2ac0e9a80be900e6a6ec08590754c71dbead24efdd
                                                                                                                    • Opcode Fuzzy Hash: 3fe8afe699bc98f24e58641c0a125d790f2f0a101bbbe42941d364bd64b43996
                                                                                                                    • Instruction Fuzzy Hash: A011E672E08209DFE714CE54D8A2BBEF3A1FFC4334F14861EE84593280E7758851CA92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09700518 Relevance: .0, Instructions: 21COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907072015.0000000009700000.00000010.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9700000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: cf93d79cf489c402166ccd0fb44c501a0a49622b50c7277e7fd28ec50f973aaf
                                                                                                                    • Instruction ID: e7a177217dbacb630192563096a6776e23aae82df7343d3fe61622741457d553
                                                                                                                    • Opcode Fuzzy Hash: cf93d79cf489c402166ccd0fb44c501a0a49622b50c7277e7fd28ec50f973aaf
                                                                                                                    • Instruction Fuzzy Hash: 0AE0ED76E04204EBDB109F94C891B89B7B5AF84764F05445DE591A7240D3B4A654DB82
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 09700627 Relevance: .0, Instructions: 15COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907072015.0000000009700000.00000010.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9700000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2e1d923fb108dfea0424675d37c65b5ac7212278196c2bb59bc6ab80c3358e03
                                                                                                                    • Instruction ID: fd642262586c2c38849c64087d155446f307a63121224ea790d3b88ff59ce652
                                                                                                                    • Opcode Fuzzy Hash: 2e1d923fb108dfea0424675d37c65b5ac7212278196c2bb59bc6ab80c3358e03
                                                                                                                    • Instruction Fuzzy Hash: 69D01736904291DFDB41CF5889A0AC9FBF4FE86620B948094E0989B2A1C330A912CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 097025CA Relevance: .0, Instructions: 14COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2907101105.0000000009702000.00000010.00000800.00020000.00000000.sdmp, Offset: 09702000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_9702000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8413ab7cc4aa3f6e2721c9f08a2a28f0d9e08e07c10296d6a1b6a74a215c74a0
                                                                                                                    • Instruction ID: 1eafee780f74213644d121739c407e1144b06c7d759b3b2be3679f4c0bfd83b6
                                                                                                                    • Opcode Fuzzy Hash: 8413ab7cc4aa3f6e2721c9f08a2a28f0d9e08e07c10296d6a1b6a74a215c74a0
                                                                                                                    • Instruction Fuzzy Hash: DBD0223370C1880FC300CB8DBCC00C6FB80EED603070902EBDC8CC7211E51188228782
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0BFF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0BF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0FE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE07CF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE03BF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE079F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F87 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F7F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE077F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F6F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0B67 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE075F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F57 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0757 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0B57 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F47 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F27 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F1F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F17 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0F0F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE02FF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE02C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE02BF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE02B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0EA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E97 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E8F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0287 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A87 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A7F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E7F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A6F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E6F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0257 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A3F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A37 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E2F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0A2F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0E1F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01FF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE09F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE05F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE05EF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01EF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0DDF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01DF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE09DF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE09D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE01D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE05D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0DAF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0597 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE058F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0D87 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE057F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0D7F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE017F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0177 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0577 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0D5F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0147 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE053F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE052F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0D27 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE051F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0D0F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE04F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE04EF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE04E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE04DF Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE04D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE08A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0897 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE048F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE088F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0487 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0887 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0477 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE046F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0467 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0857 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE044F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE084F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0847 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE043F Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 07FE0817 Relevance: .0, Instructions: 4COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2905596306.0000000007FE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 07FE0000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_7fe0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction ID: 8cc1afaf4c04b65418c32775470f937d2f58bef37107e68d5df2dd3fafa769e3
                                                                                                                    • Opcode Fuzzy Hash: 7881a9f9acea30cb5f7ef1f92e3979d3a979e84609bfc97840d270d2cae7f467
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Non-executed Functions

                                                                                                                    Function 0031B360 Relevance: 64.3, APIs: 1, Strings: 35, Instructions: 1294COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                    • String ID: $Download action not specified for package: '%s'$Install action not specified for package: '%s'$No wait for Installation for package: '%s'$PackageInitError$T$Title not specified for package'$actions$conflictingProcess$download$downloadUrl$downloadZipUrl$dpiRatio$false$icons$install$isPrimary$isPriority$name$parameters$patchName$ping$preCheck$preInstallCode$preferencesPane$sequenceNumber$siteCatalystCode$size$skipInstall$text$title$true$url$version$waitForComplete
                                                                                                                    • API String ID: 626452242-3679869553
                                                                                                                    • Opcode ID: 3cb97ce7f1beff42fffc2c1a085102ead3de589988ca75d406bb40f6f2a65354
                                                                                                                    • Instruction ID: f3c4858cc39cb57736e71482e2cf22bda063271c7e104a8dc5a310e4561a4b74
                                                                                                                    • Opcode Fuzzy Hash: 3cb97ce7f1beff42fffc2c1a085102ead3de589988ca75d406bb40f6f2a65354
                                                                                                                    • Instruction Fuzzy Hash: D3C2BB70D10258CBDF16DBA0C8447EEFBB6AF58304F1541A9E109B7291EB746E85CF92
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030F3E0 Relevance: 47.9, APIs: 14, Strings: 13, Instructions: 635libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0030F4E1
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 0030F590
                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0030F5A8
                                                                                                                    • LoadLibraryW.KERNEL32(NTDLL.DLL), ref: 0030F5B9
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0030F5C6
                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 0030F5E1
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0030F5EC
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0030F5F3
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0030F62B
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0030F632
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?,?,?,?,0000000D), ref: 0030F881
                                                                                                                    • PathFileExistsW.SHLWAPI(?,pathValid.txt,0000000D), ref: 0030F8D9
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 0030F8F8
                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 0030F9D0
                                                                                                                      • Part of subcall function 002F6090: PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 002F616E
                                                                                                                      • Part of subcall function 002F6090: PathFileExistsW.SHLWAPI(?,pathValid.txt,0000000D,7D8B83E9,?,?), ref: 002F61BA
                                                                                                                      • Part of subcall function 002F6090: PathIsDirectoryW.SHLWAPI(?), ref: 002F61D4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$CloseFileHandleLibrary$AppendDirectoryExistsFreeProcess$AddressCurrentInit_thread_footerLoadModuleNameOpenProcVersion
                                                                                                                    • String ID: 6.0$ElevationManagerError$NTDLL.DLL$NtQueryInformationProcess$Parent process path is different. Current path: '%s'. Parent path: '%s'.$Parent process signature validation failed.$Unable to obtain the parent process id.$Unable to obtain the parent process info.$Validating parent process$adobe inc$adobe systems inc$adobe systems incorporated$pathValid.txt
                                                                                                                    • API String ID: 2124924842-54784906
                                                                                                                    • Opcode ID: d86684b370b193e23606b81f9402c9af1f13f9297c19f935ee762dd4c559fd9a
                                                                                                                    • Instruction ID: 57c33e543f979de8d0ced6d35d087341e0f6141b68d0511bf0fdd24012dbf678
                                                                                                                    • Opcode Fuzzy Hash: d86684b370b193e23606b81f9402c9af1f13f9297c19f935ee762dd4c559fd9a
                                                                                                                    • Instruction Fuzzy Hash: 7D526670D412698BDB61DB24CC99BEDB7B0AF65304F1042E9E409A7291EB746F89CF80
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002DB040 Relevance: 32.0, APIs: 3, Strings: 15, Instructions: 513COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,7D8B83E9), ref: 002DB0ED
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(00000000,?,?,?,7D8B83E9), ref: 002DB43A
                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 002DB71E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DiskFreeSpace$DrivesLogical
                                                                                                                    • String ID: <500MB$>1.5GB&<2GB$>1GB&<1.5GB$>2GB&<2.5GB$>3.5GB&<5GB$>500MB&1GB$>500MB&<3.5GB$Free Space in directory :%s: %llu $act_o$chosen_drive_free_space$def_drive_free_space$mem_status$no_enough_download_mem$no_enough_install_mem$no_enough_install_mem_single_drive
                                                                                                                    • API String ID: 2459482588-4110180424
                                                                                                                    • Opcode ID: b78abac2f7d846b35023cc1170922aad2216b7e415e4610afdc46ffe0385fd3d
                                                                                                                    • Instruction ID: a1bea8be914808f7084bf5102fc469beed228905905ecfda2c4b023c698f6016
                                                                                                                    • Opcode Fuzzy Hash: b78abac2f7d846b35023cc1170922aad2216b7e415e4610afdc46ffe0385fd3d
                                                                                                                    • Instruction Fuzzy Hash: 13229B30E60209DBDB15DFA0C865BEDBBB1AF54324F25821AE510773C1EBB46A95CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0032B5B0 Relevance: 24.9, APIs: 2, Strings: 12, Instructions: 416stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • lstrlenW.KERNEL32(?), ref: 0032B6B8
                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?), ref: 0032BA05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExistsFileInit_thread_footerPathlstrlen
                                                                                                                    • String ID: !I$AcroRd32.exe$AdobeAcrobatReader$AdobeAcrobatReaderAPP$AdobeReader$InstallLocation$Reader\AcroRd32.exe$VersionString$WorkflowManager.launchReader for Reader Product Path is :%s$WorkflowManager::launchReader Application end$WorkflowManager::launchReaderApplication begin${A6EADE66-0000-0000-484E-7E8A45000000}
                                                                                                                    • API String ID: 2100421720-3578024078
                                                                                                                    • Opcode ID: 24fc723b27a4e2cede0462c72dbf7ae7bba8e44818b803a710b34fc0f1d10c46
                                                                                                                    • Instruction ID: f851b8ecf75e774243ae0c0b84bfc39ae24e055a5bc6169b4105da789cdbc8d9
                                                                                                                    • Opcode Fuzzy Hash: 24fc723b27a4e2cede0462c72dbf7ae7bba8e44818b803a710b34fc0f1d10c46
                                                                                                                    • Instruction Fuzzy Hash: 8A027C71D002289BDB25DB24DC85BEAB7B8BB54304F1582D9E589A7290EF709FC5CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00302200 Relevance: 23.2, APIs: 6, Strings: 7, Instructions: 481registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00000001,?,7D8B83E9), ref: 0030230C
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?), ref: 0030233D
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 0030234D
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?), ref: 003023F0
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 003023FE
                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003029D1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseQueryValue$Concurrency::cancel_current_taskOpen
                                                                                                                    • String ID: 0E0$@(O$ConflictingProcessActionError$Invalid conflictingProcessDataType '%d' specified in application xml for package: %s$JX0$machine$user
                                                                                                                    • API String ID: 3712699509-3539409990
                                                                                                                    • Opcode ID: 4b960a09a4f89b15c17e29e596805f7504a2d7beb5a2ac1fef37c9eec0d857aa
                                                                                                                    • Instruction ID: baba721536b5cc5a8a57929e926da6a154762130486bbc58173221e0c2f3dad7
                                                                                                                    • Opcode Fuzzy Hash: 4b960a09a4f89b15c17e29e596805f7504a2d7beb5a2ac1fef37c9eec0d857aa
                                                                                                                    • Instruction Fuzzy Hash: 9B22AD709016289FCB25DF24CC69BEEBBB4AF15309F5041D9E509A7281EB746F84CF94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00314090 Relevance: 22.0, Strings: 17, Instructions: 795COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: '$InstallActionInitError$ProgressWaitLimit not specified for package '%s'$ProgressWaitTime not specified for package '%s'$actions$arguments$code$error$install$progressWaitLimit$progressWaitTime$returnCodes$success$text$type$uiMessage$warning
                                                                                                                    • API String ID: 0-2163134898
                                                                                                                    • Opcode ID: 95e0a9a960205456b1b2c61a773547c66db461a695468588531ade118758f361
                                                                                                                    • Instruction ID: 68111fc75ed6283a8c05b2da9f5e03e1605060193c2d47d1c163687859a39a55
                                                                                                                    • Opcode Fuzzy Hash: 95e0a9a960205456b1b2c61a773547c66db461a695468588531ade118758f361
                                                                                                                    • Instruction Fuzzy Hash: CC8288B1D00259CBDF15CF94C9847EEBBB5BF58304F254299D109BB281EB70AAC9CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002ED000 Relevance: 19.8, APIs: 6, Strings: 5, Instructions: 547COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • OpenProcess.KERNEL32 ref: 002ED05C
                                                                                                                    • wsprintfW.USER32 ref: 002ED1F8
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002ED272
                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,?), ref: 002ED4AB
                                                                                                                    • CloseHandle.KERNEL32(?,00000000,-00000002), ref: 002ED4E7
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?), ref: 002ED68F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandlePath$AppendFileFindNameOpenProcesswsprintf
                                                                                                                    • String ID: Adobe\Acrobat\ActiveX\AcroPDF.dll$FileDescription$Process $\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                                    • API String ID: 833066182-237570103
                                                                                                                    • Opcode ID: a7a79ea7d052571fe5f76a2622be029480c67c86d19037e7696323d108805d97
                                                                                                                    • Instruction ID: d4e52f722aefae3598a16b78c14f3d70b670b57205a65b8be526aeeffd02d573
                                                                                                                    • Opcode Fuzzy Hash: a7a79ea7d052571fe5f76a2622be029480c67c86d19037e7696323d108805d97
                                                                                                                    • Instruction Fuzzy Hash: 62329A74C102A89BDB20DF64CC45BEEB7B8AF54304F5842DAE449A7281EBB56ED4CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F2500 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 294COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002F2980: RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000101,00000037,?,?,00000037), ref: 002F29C2
                                                                                                                      • Part of subcall function 002F2980: RegQueryValueExW.ADVAPI32(00000037,7D8B83E9,00000000,00000000,?,00000004,?,?,00000037), ref: 002F29E3
                                                                                                                      • Part of subcall function 002F2980: RegCloseKey.ADVAPI32(00000037,?,?,00000037), ref: 002F29F0
                                                                                                                    • wsprintfW.USER32 ref: 002F260F
                                                                                                                      • Part of subcall function 002D8620: __Init_thread_footer.LIBCMT ref: 002D8742
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseInit_thread_footerOpenQueryValuewsprintf
                                                                                                                    • String ID: ADM_STATUS_DOTNET_PRECHECK_ERROR$Generic_ExitCode_PreInstalled$NetFramework_Not_Installed$Release$Software\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full$act_o$adm_status_code$adm_status_name$isInstalled$pre_installed
                                                                                                                    • API String ID: 2991573583-3508562451
                                                                                                                    • Opcode ID: fcff39c901bfa23edbafdc37133235db1edecda7e1646d185fe86853d41e0680
                                                                                                                    • Instruction ID: b489c5723145d74eb61df3f58512fc28b5602b9203630783607a91d4eb770366
                                                                                                                    • Opcode Fuzzy Hash: fcff39c901bfa23edbafdc37133235db1edecda7e1646d185fe86853d41e0680
                                                                                                                    • Instruction Fuzzy Hash: AED1B030D6034CDAEB11DFA0C855BEEBBB4AF15304F64429DE1457B282EBB46A98CF51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0031E1C0 Relevance: 18.1, Strings: 14, Instructions: 562COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: +$AcrobatProDC$Precheck registry for package '%s' is not in whitelisted list.$PrecheckActionInitError$Reader$ReaderAPP$comparisonOperator$downloadBytes$machine$preInstallCode$productName$registryVersionKey$requiredBytes$version
                                                                                                                    • API String ID: 0-4153930787
                                                                                                                    • Opcode ID: 403e7564fbb27e75c344a07a032f88e1704e9aa322c71e16cfe004b493021844
                                                                                                                    • Instruction ID: 885323f3b3b9075fbd67dd60393ca82ad27c330b84b438510b8e56d814f70b84
                                                                                                                    • Opcode Fuzzy Hash: 403e7564fbb27e75c344a07a032f88e1704e9aa322c71e16cfe004b493021844
                                                                                                                    • Instruction Fuzzy Hash: D832BBB1D00209DBEB05CF94C9447EEB7B5FF58304F258259E515BB281EB32AE85CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002EF430 Relevance: 18.0, APIs: 5, Strings: 5, Instructions: 471registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000001,?,7D8B83E9), ref: 002EF475
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?), ref: 002EF49D
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002EF4AA
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?), ref: 002EF4EB
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002EF4F6
                                                                                                                      • Part of subcall function 002D8620: __Init_thread_footer.LIBCMT ref: 002D8742
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseQueryValue$Init_thread_footerOpen
                                                                                                                    • String ID: AdobeFlashPlayer$Generic_ExitCode_Higher_PreInstalled$Generic_ExitCode_PreInstalled$act_o$pre_installed
                                                                                                                    • API String ID: 4068527745-1641001615
                                                                                                                    • Opcode ID: 446e1bda96786fe006f0d01367a043acd9083220ed911b388a40d5bf3c9621c0
                                                                                                                    • Instruction ID: 16c4584b7484cc86e6aa356eaab95b4e3fe6b4542a3182dc075f38ebb945d7a6
                                                                                                                    • Opcode Fuzzy Hash: 446e1bda96786fe006f0d01367a043acd9083220ed911b388a40d5bf3c9621c0
                                                                                                                    • Instruction Fuzzy Hash: 0512E430D60389EFDB14DFA4C955BEDBBB1BF15304F918269E4016B282E7B0AD95CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0032C300 Relevance: 17.0, APIs: 1, Strings: 10, Instructions: 455stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • lstrlenW.KERNEL32(?), ref: 0032C3F8
                                                                                                                    Strings
                                                                                                                    • Acrobat\Acrobat.exe, xrefs: 0032C56B
                                                                                                                    • WorkflowManager::launchReaderSAPPApplication begin, xrefs: 0032C343
                                                                                                                    • !I, xrefs: 0032C3DD
                                                                                                                    • InstallLocation, xrefs: 0032C538
                                                                                                                    • WorkflowManager.launchReaderSAPP for ReaderSingleAPP Product Path is :%s, xrefs: 0032C58E
                                                                                                                    • AdobeAcrobatReaderAPP, xrefs: 0032C69C
                                                                                                                    • /prcz_a, xrefs: 0032C710
                                                                                                                    • WorkflowManager::launchReaderSAPP Application end, xrefs: 0032CAEB
                                                                                                                    • VersionString, xrefs: 0032C414
                                                                                                                    • {AC76BA86-0000-0000-7760-7E8A45000000}, xrefs: 0032C384
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footerlstrlen
                                                                                                                    • String ID: !I$/prcz_a$Acrobat\Acrobat.exe$AdobeAcrobatReaderAPP$InstallLocation$VersionString$WorkflowManager.launchReaderSAPP for ReaderSingleAPP Product Path is :%s$WorkflowManager::launchReaderSAPP Application end$WorkflowManager::launchReaderSAPPApplication begin${AC76BA86-0000-0000-7760-7E8A45000000}
                                                                                                                    • API String ID: 4034772305-1997275171
                                                                                                                    • Opcode ID: 35be208efa62fc1bd8bd881eaa80a3db70cb3823165815eda8acc9e7cc9195bd
                                                                                                                    • Instruction ID: 0d0c80c946b938e77bb5735f4058f49f9f1323bd98c93452f953c46dabf538bd
                                                                                                                    • Opcode Fuzzy Hash: 35be208efa62fc1bd8bd881eaa80a3db70cb3823165815eda8acc9e7cc9195bd
                                                                                                                    • Instruction Fuzzy Hash: BC2258B1C102289ADB25DF24DC55BEEB7B5BF94304F1082D9E409A7181EB766BE4CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003100C0 Relevance: 16.8, Strings: 13, Instructions: 552COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _com_issue_errorex
                                                                                                                    • String ID: -au 1$/launchParams/arguments/argument$/launchParams/launchPath$/launchParams/launchProcessGuid$/launchParams/waitForCompletion$<launchParams/>$Error code : %d, returnCode : %d$InstallError$errorCode$false$launchProcessGuid$returnCode${PrefArgs}
                                                                                                                    • API String ID: 79918163-2476825172
                                                                                                                    • Opcode ID: c42fc4fac1014576d095a46fde7df4beeccde5ac6f8b8ea390a351e89e4baf79
                                                                                                                    • Instruction ID: dd23807d49ab47eff9f85ccaafb5153a33184d7856d93df6a36372279d58ec43
                                                                                                                    • Opcode Fuzzy Hash: c42fc4fac1014576d095a46fde7df4beeccde5ac6f8b8ea390a351e89e4baf79
                                                                                                                    • Instruction Fuzzy Hash: F9424A70C1525CDADB15DFA4C955BEEBBB4AF29304F208199E049B7281DBB42F88CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003404D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocalTime.KERNEL32(?,?), ref: 003404F2
                                                                                                                    • GetTimeFormatW.KERNEL32(00000400,00000008,?,hh'-'mm'-'ss,?,00000100), ref: 00340516
                                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000000,?,M-d-yyyy,?,00000100), ref: 0034053A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FormatTime$DateLocal
                                                                                                                    • String ID: %s %s$M-d-yyyy$hh'-'mm'-'ss
                                                                                                                    • API String ID: 367962810-1111048991
                                                                                                                    • Opcode ID: 852bfddf48c4a30229daaf1a99421455605620f83e2462f043f5c19ae94b223f
                                                                                                                    • Instruction ID: 1a3cbe10107d1b2fcfa99c1f3481e16589059e68cf6d7807c0da68c79137c08a
                                                                                                                    • Opcode Fuzzy Hash: 852bfddf48c4a30229daaf1a99421455605620f83e2462f043f5c19ae94b223f
                                                                                                                    • Instruction Fuzzy Hash: 55212BB25443086FC620DF54DC46FEB73DCEBC8715F00096AFA85C71D1EA70A9198B96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002EE1E0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 226COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: wsprintf
                                                                                                                    • String ID: <registryParams/>$registryPath$registryType$registryValue
                                                                                                                    • API String ID: 2111968516-2000735354
                                                                                                                    • Opcode ID: 3f49b420bfc47d10701b3e47420fbb809554ca593f3a2cc391d4e6741edf0fe8
                                                                                                                    • Instruction ID: 8ee2b4fae9c35289941310405e4db7e494ec0acd3d8f0c343dda12c81575fb83
                                                                                                                    • Opcode Fuzzy Hash: 3f49b420bfc47d10701b3e47420fbb809554ca593f3a2cc391d4e6741edf0fe8
                                                                                                                    • Instruction Fuzzy Hash: 43A16C70C1535CDAEB11DFA4C959BDEFBB4AF15304F248299E404AB282EB742A49CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C9387 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004BFC70: GetLastError.KERNEL32(?,00000008,004B7369), ref: 004BFC74
                                                                                                                      • Part of subcall function 004BFC70: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004BFD16
                                                                                                                    • GetACP.KERNEL32(?,?,?,?,?,?,004BB93A,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 004C9448
                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004BB93A,?,?,?,00000055,?,-00000050,?,?), ref: 004C9473
                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004C95D6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                    • String ID: utf8
                                                                                                                    • API String ID: 607553120-905460609
                                                                                                                    • Opcode ID: 19d4ff759315dfb0b23a04975a7ea5b90dcb9a2fc50d86ab37a8ba7d2cf2111f
                                                                                                                    • Instruction ID: a8189e06589f3f234984e21e449f826a202f71782d7a32bc40b110766a2b4c7c
                                                                                                                    • Opcode Fuzzy Hash: 19d4ff759315dfb0b23a04975a7ea5b90dcb9a2fc50d86ab37a8ba7d2cf2111f
                                                                                                                    • Instruction Fuzzy Hash: 6171F43A604602BADB69AB75CC4AFBB73A8EF44704F14402FF505D6281EB78ED41876C
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004B5150 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 3b9b306b418df6198821e2372ddfeaebe62b3d3d4911b6be8c569d4659d6aa99
                                                                                                                    • Instruction ID: 6bfc7ae5b4adfea16131a545876f89d0968913634317a5cbc2ad2eb9b038f4d6
                                                                                                                    • Opcode Fuzzy Hash: 3b9b306b418df6198821e2372ddfeaebe62b3d3d4911b6be8c569d4659d6aa99
                                                                                                                    • Instruction Fuzzy Hash: 52F14D71E016199FDF14CFA9D8807EEF7B2FF88314F15826AE815AB384D73499418B94
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F4570 Relevance: 3.1, Strings: 2, Instructions: 563COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • End Application Detection Id. Code = %s, xrefs: 002F4CC3
                                                                                                                    • Start Application Detection Id, xrefs: 002F45CB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: End Application Detection Id. Code = %s$Start Application Detection Id
                                                                                                                    • API String ID: 1385522511-2548038187
                                                                                                                    • Opcode ID: df0ae81c19b049282fb7f72f8576fa4ea68c8f5d0ecd0872119492e7cb90953f
                                                                                                                    • Instruction ID: 3c8e435a1a6cfbbf9c19d9791e41b751cb64faf99bce6b4ba30923b78d78aee6
                                                                                                                    • Opcode Fuzzy Hash: df0ae81c19b049282fb7f72f8576fa4ea68c8f5d0ecd0872119492e7cb90953f
                                                                                                                    • Instruction Fuzzy Hash: 3C328D31D20219CBCF24DFA8C8547EEF7B1AF54304F6542A9E505B7291EB706A94CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004AB11B Relevance: 2.9, Strings: 2, Instructions: 388COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0$o~J
                                                                                                                    • API String ID: 0-745342745
                                                                                                                    • Opcode ID: ceb67e73b275f7ca94b2b11468d2f7ac98fa04e9f2c69b23203be1d9232669a7
                                                                                                                    • Instruction ID: 3faad44e5dc802acea7868be9cf85d8a62731f50d02bd3adf49edf27883009d7
                                                                                                                    • Opcode Fuzzy Hash: ceb67e73b275f7ca94b2b11468d2f7ac98fa04e9f2c69b23203be1d9232669a7
                                                                                                                    • Instruction Fuzzy Hash: 7DE1CF706006058FCB24CF68C494AAFB7F1FF6A314B24465FD8569B392D738AD42CB99
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003372E0 Relevance: 2.7, Strings: 1, Instructions: 1494COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • 0123456789ABCDEFabcdef-+XxPp, xrefs: 00337445
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                    • API String ID: 593203224-3606100449
                                                                                                                    • Opcode ID: 7c63987b5b37f033b1dc01e1e0f8406f1ebd76cbb5031515d7733042c73663ed
                                                                                                                    • Instruction ID: 587ad1bc2003585a5acf66dcfc4b33fdc83efa7aa9eb141632efb92727ed9530
                                                                                                                    • Opcode Fuzzy Hash: 7c63987b5b37f033b1dc01e1e0f8406f1ebd76cbb5031515d7733042c73663ed
                                                                                                                    • Instruction Fuzzy Hash: 87D267B4604245CFDB76CF18C890BB5B7B1AF46304F6584D9E8898B392DB35ED86CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004BD22A Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,00000000,?,00000008,?,?,004BD225,00000000,?,00000008,?,?,004CEF2E,00000000), ref: 004BD457
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: d4e80d827268d17f94bcd06835086b3ccde421f660b73fa328a6c8f74ac5cc41
                                                                                                                    • Instruction ID: 3bba6f3495e6ebddae98ff486bd45f1ba2f02c75dbc8986ad906b02130381d68
                                                                                                                    • Opcode Fuzzy Hash: d4e80d827268d17f94bcd06835086b3ccde421f660b73fa328a6c8f74ac5cc41
                                                                                                                    • Instruction Fuzzy Hash: 8EB18F31A10604DFD718CF28C486BA57BE0FF45364F298699E899CF3A1D339E982CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002D10D0 Relevance: .3, Instructions: 270COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ecfe98650ce80b65451e6107918aa3102029278c7b72910b33a45b633f2f9ce7
                                                                                                                    • Instruction ID: f0e2e41dc1db5509062db6bcd5f245b81a1a27f61133554ea80557d15668c9f4
                                                                                                                    • Opcode Fuzzy Hash: ecfe98650ce80b65451e6107918aa3102029278c7b72910b33a45b633f2f9ce7
                                                                                                                    • Instruction Fuzzy Hash: F8A1102171A2C79FC30DCE6C48805A9FF617B7610074887DEE884EB783C514EAA9C7E2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004B3173 Relevance: .2, Instructions: 158COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 138b19d0908f75a30e2a6b14e347264a92ec6ec6c40ea4e4025e589548016a3a
                                                                                                                    • Instruction ID: cc0f7443f1cf22cff6c3e637a076cc7735ff115d7e2083923ecea7ee4e563f72
                                                                                                                    • Opcode Fuzzy Hash: 138b19d0908f75a30e2a6b14e347264a92ec6ec6c40ea4e4025e589548016a3a
                                                                                                                    • Instruction Fuzzy Hash: A4518471E00119AFDF08CF9AC951AEEBBB6EF84304F59809DE815AB301D734AE50CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003AA338 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 327fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003AA342
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00532434,00000000,0053276C,00000000,005343B0,00000000,?,00000000,00000A88,003AB5C8,003728AD,00000000,00000038), ref: 003AA3E1
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,005343B0,00000000,?,00000000,00000A88,003AB5C8,003728AD,00000000,00000038), ref: 003AA494
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$CreateH_prolog3_ModuleName
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3408945735-3916222277
                                                                                                                    • Opcode ID: 03bdbcd10cb490ba1fec73f6b2fcab860735e32fef50eb7aa1e4d4cbfa3343eb
                                                                                                                    • Instruction ID: 378bd04594d7a19994f720dba285b52e989b604748b6e9c6efaf69c2712e6f87
                                                                                                                    • Opcode Fuzzy Hash: 03bdbcd10cb490ba1fec73f6b2fcab860735e32fef50eb7aa1e4d4cbfa3343eb
                                                                                                                    • Instruction Fuzzy Hash: 75C19272A00614AFDB229F60CC49FFE77B8EF4A310F1041A9F909A6151DB759E94CF62
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F2200 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 170threadinjectionprocessCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2290
                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 002F22A6
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F22B9
                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 002F22D3
                                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F22DB
                                                                                                                    • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000044,00000000,00000000,00000044,?), ref: 002F231F
                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,00000000), ref: 002F2379
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F237C
                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F237F
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2393
                                                                                                                    • GetThreadContext.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F23C2
                                                                                                                    • VirtualProtectEx.KERNEL32(?,?,00000424,00000040,?), ref: 002F2404
                                                                                                                    • WriteProcessMemory.KERNEL32(?,?,?,00000424,00000000), ref: 002F241F
                                                                                                                    • FlushInstructionCache.KERNEL32(?,?,00000424,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2431
                                                                                                                    • SetThreadContext.KERNEL32(?,00010003,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2444
                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2450
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F245C
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000004,0145A768), ref: 002F2464
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Handle$CurrentThread$CloseContextDirectoryModule$AddressCacheCreateDuplicateFileFlushInstructionMemoryNameProcProtectResumeSystemVirtualWindowsWrite
                                                                                                                    • String ID: IsWow64Process$kernel32
                                                                                                                    • API String ID: 1692321928-3789238822
                                                                                                                    • Opcode ID: 547c08b2fda7a9046420653e2d3db55eca6ec2c3647e7c10019fe977a21de6ba
                                                                                                                    • Instruction ID: 5e78bbb461edae076ad05c0053b17169f735c871438e92ea28a766683f75de9d
                                                                                                                    • Opcode Fuzzy Hash: 547c08b2fda7a9046420653e2d3db55eca6ec2c3647e7c10019fe977a21de6ba
                                                                                                                    • Instruction Fuzzy Hash: DC614DB1D0021CAFEB21DF61DC45FEAB7B8EB48704F0041E5FA09A6191DB746A94CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00315560 Relevance: 28.5, APIs: 7, Strings: 9, Instructions: 485sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00315694
                                                                                                                    • wsprintfW.USER32 ref: 00315703
                                                                                                                    • RtlEnterCriticalSection.NTDLL(-0000018C), ref: 0031585F
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00315A62
                                                                                                                      • Part of subcall function 0049F16D: RtlEnterCriticalSection.NTDLL(005767E0), ref: 0049F177
                                                                                                                      • Part of subcall function 0049F16D: RtlLeaveCriticalSection.NTDLL(005767E0), ref: 0049F1AA
                                                                                                                      • Part of subcall function 0049F16D: RtlWakeAllConditionVariable.NTDLL ref: 0049F221
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00577884), ref: 00315A6F
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00315AD3
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00315BFA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Init_thread_footer$EnterLeave$ConditionSleepVariableWakewsprintf
                                                                                                                    • String ID: GoCart pushed to front of the installed Queue: %s$ADM_STATUS_READER_INSTALL_ERROR$AdobeAcrobatReader$AdobeAcrobatReaderAPP$GoCart$Precheck$adm_status_code$adm_status_name$adm_status_reason
                                                                                                                    • API String ID: 1346125039-1087257696
                                                                                                                    • Opcode ID: c7a0d8b576bbbede13ed680fc1bed77494cbaf8f1499984d73daa0c7c4bd5855
                                                                                                                    • Instruction ID: ab2e8fc97507d07781c9d4596ddf33e8b49b5894a4e9cf9a74ecbf6b57b547a8
                                                                                                                    • Opcode Fuzzy Hash: c7a0d8b576bbbede13ed680fc1bed77494cbaf8f1499984d73daa0c7c4bd5855
                                                                                                                    • Instruction Fuzzy Hash: 5712E270A00709DFDB15DFA4C856BEDBBB1BF59314F158269E409AB2C2DB70AD84CB81
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B220 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 233memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0033B2AA
                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 0033B2B8
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0033B33F
                                                                                                                    • SysAllocString.OLEAUT32(7D8B83E9), ref: 0033B35A
                                                                                                                    • _com_issue_errorex.COMSUPP ref: 0033B398
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0033B3A5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$AllocCopyInitString_com_issue_errorex
                                                                                                                    • String ID: XMLParser$addChildToNode ... XMLParser not Initialized ...$addChildToNode ... node is null!$lR
                                                                                                                    • API String ID: 4186184965-1835530078
                                                                                                                    • Opcode ID: af549f6c4cbd350f68a38db9323ebee9e5d7bbc4c73c50ac5277ffffaa327712
                                                                                                                    • Instruction ID: b296f8c896b3f8a2c14d473cd61404082cb48f9ac6e6de5dea5bfbeb5dd9a9d6
                                                                                                                    • Opcode Fuzzy Hash: af549f6c4cbd350f68a38db9323ebee9e5d7bbc4c73c50ac5277ffffaa327712
                                                                                                                    • Instruction Fuzzy Hash: B881E174A01248EFDB12DFA9C989B9EBBF8FF45314F104159F905AB291D775AA00CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B520 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 199memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$AllocCopyInitString_com_issue_errorex
                                                                                                                    • String ID: XMLParser$addChildToNode ... XMLParser not Initialized ...$addChildToNode ... node is null!
                                                                                                                    • API String ID: 4186184965-4178667580
                                                                                                                    • Opcode ID: b67d53e60d29a99cce18216b4ae7c23a297d3dea0969de44add88062956b6569
                                                                                                                    • Instruction ID: 936b795e0f20b3e8a9db5d028d0cb3a5b2243969ed2a017a8074313b73350b95
                                                                                                                    • Opcode Fuzzy Hash: b67d53e60d29a99cce18216b4ae7c23a297d3dea0969de44add88062956b6569
                                                                                                                    • Instruction Fuzzy Hash: F071DC74E00348EFDB11DFA8C889B9EBBB8FF45314F14415DE915AB292D7B4AA00CB61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F5250 Relevance: 19.7, APIs: 1, Strings: 10, Instructions: 422COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(0000011C,7D8B83E9,00000000,00000000), ref: 002F5320
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Version
                                                                                                                    • String ID: 5.1$6.0$Binary signature validation failed.$Certificate mismatch: $ValidationFailure$adobe inc$adobe systems incorporated$google inc$google llc$mcafee llc
                                                                                                                    • API String ID: 1889659487-4007284344
                                                                                                                    • Opcode ID: e458e8f3485600e77532cb898795543da65c2756e340964c69d57906193ccc85
                                                                                                                    • Instruction ID: 2c3a415085c379c2073da08f54a48214aea5cabbd96dcd45cbd197c286eec697
                                                                                                                    • Opcode Fuzzy Hash: e458e8f3485600e77532cb898795543da65c2756e340964c69d57906193ccc85
                                                                                                                    • Instruction Fuzzy Hash: B0128D71D10269DBDF20CFA4CC55BEDBBB0AF56314F20829AE50877281EB706A95CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F3360 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 265processsynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(00000000), ref: 002F353B
                                                                                                                    • GetLastError.KERNEL32 ref: 002F3545
                                                                                                                    • GetLastError.KERNEL32(005343B4,00000002,?,00000008,005343BC,00000001,7D8B83E9), ref: 002F356D
                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,?,00000044,?,-00000002), ref: 002F3659
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 002F36C0
                                                                                                                    • GetExitCodeProcess.KERNEL32(?,00000008), ref: 002F36D3
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002F36F0
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002F36F8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseErrorHandleLastProcess$CodeCreateExitFileObjectPathRemoveSingleSpecWait
                                                                                                                    • String ID: D$Failed to remove file spec error: %d$FileUtils
                                                                                                                    • API String ID: 1791194634-3621875036
                                                                                                                    • Opcode ID: f23875f01df7019d5e29a24750bcc9b12d0adf019a7bc9db40f65db764e35c27
                                                                                                                    • Instruction ID: 1f358acf551f6f1f9ab3bab37d5a10c83bb441bfe2b7377066b9915112b775fc
                                                                                                                    • Opcode Fuzzy Hash: f23875f01df7019d5e29a24750bcc9b12d0adf019a7bc9db40f65db764e35c27
                                                                                                                    • Instruction Fuzzy Hash: A6B1AC70D102099FCB21DF64CD41BAEB7B5EF99304F5442A9E905A7291EB706A94CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003111F0 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 201sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0031121F
                                                                                                                      • Part of subcall function 00330FE0: RtlEnterCriticalSection.NTDLL(?), ref: 0033101C
                                                                                                                      • Part of subcall function 00330FE0: RtlLeaveCriticalSection.NTDLL(?), ref: 0033102F
                                                                                                                    • RtlEnterCriticalSection.NTDLL(?), ref: 00311348
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 00311358
                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00311413
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footerInitializeSleep
                                                                                                                    • String ID: Error closing IPC channel$Error initializing IPC$Error reading packet : %d$IPCCommunications$InvalidParent$Successfully closed IPC channel
                                                                                                                    • API String ID: 4210563109-4172709400
                                                                                                                    • Opcode ID: 843cf2cd38548f97128bdba9bfc482b553ed4ffbc22f0cfa4c8dc4adabd92e88
                                                                                                                    • Instruction ID: 3e42504fa6bbee67f0e18f1cdc2c04f4b31a8635b87dd498fa83c3cce8ae67f7
                                                                                                                    • Opcode Fuzzy Hash: 843cf2cd38548f97128bdba9bfc482b553ed4ffbc22f0cfa4c8dc4adabd92e88
                                                                                                                    • Instruction Fuzzy Hash: 4881FF709043099FDB29DFA4C819BFEBBB4EF08304F14462DE552AB2D2DB74A994CB51
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00331470 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlEnterCriticalSection.NTDLL(0145A7B4), ref: 003314CC
                                                                                                                    • Sleep.KERNEL32(00000001), ref: 003314D4
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(0145A7B4), ref: 003314E1
                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?), ref: 0033155B
                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 00331586
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(?), ref: 003315CC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$ByteCharLeaveMultiWide$EnterSleep
                                                                                                                    • String ID: Terminate channel
                                                                                                                    • API String ID: 136537519-3506379291
                                                                                                                    • Opcode ID: b7d3a6cc2c631f8711eda90a42cde3f1b8d186723d9aef1f2cf6101e89851de7
                                                                                                                    • Instruction ID: f9ac70e6c428ca4693db25a4cd38f7adfc3ab97c2d0748b2095b555b3ad718c7
                                                                                                                    • Opcode Fuzzy Hash: b7d3a6cc2c631f8711eda90a42cde3f1b8d186723d9aef1f2cf6101e89851de7
                                                                                                                    • Instruction Fuzzy Hash: 64A19070D00219DFEB15DFA4CC95BAEBBB8BF45310F1442A9E409A7281DB70AA48CF65
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003481A0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointerEx.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,00000000,?,?,001,00000003,?), ref: 003481E4
                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00348204
                                                                                                                    • GetLastError.KERNEL32 ref: 00348222
                                                                                                                    • GetLastError.KERNEL32 ref: 00348230
                                                                                                                    Strings
                                                                                                                    • failed to write data. Error code - %d, xrefs: 00348233
                                                                                                                    • file pointer set error - %d, xrefs: 0034827C
                                                                                                                    • file handler not initialized, xrefs: 003481B8
                                                                                                                    • Failed to write the segment in the file which is to be downloaded, xrefs: 0034829A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLast$PointerWrite
                                                                                                                    • String ID: Failed to write the segment in the file which is to be downloaded$failed to write data. Error code - %d$file handler not initialized$file pointer set error - %d
                                                                                                                    • API String ID: 2977825765-1319907779
                                                                                                                    • Opcode ID: 731ec704558e397488a36244d08af1f94ce181e1e1f8e69d5882c2132f7734e3
                                                                                                                    • Instruction ID: 47feb8e3faea0f1c4f2c77c18cc9ff30b5a5a0449907c3f3c5a4399105470b12
                                                                                                                    • Opcode Fuzzy Hash: 731ec704558e397488a36244d08af1f94ce181e1e1f8e69d5882c2132f7734e3
                                                                                                                    • Instruction Fuzzy Hash: 7631A675A00218AFCF01AF64DC85BAE7BE9EF48310F114096FD089F246DAB1AD54CB95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00348080 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 96fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetFilePointerEx.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,00000012,?), ref: 003480C4
                                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 003480E4
                                                                                                                    • GetLastError.KERNEL32 ref: 00348103
                                                                                                                    • GetLastError.KERNEL32 ref: 00348111
                                                                                                                    Strings
                                                                                                                    • failed to read data. Error code - %d, xrefs: 00348114
                                                                                                                    • Failed to read the segment from the downloaded file, xrefs: 0034817A
                                                                                                                    • file handler to read not initialized, xrefs: 00348098
                                                                                                                    • file pointer set error - %d, xrefs: 0034815C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLast$PointerRead
                                                                                                                    • String ID: Failed to read the segment from the downloaded file$failed to read data. Error code - %d$file handler to read not initialized$file pointer set error - %d
                                                                                                                    • API String ID: 2170121939-552781294
                                                                                                                    • Opcode ID: ec5446dc8edc6e690de830ab40bbf7c7537b3accdd5b503035680060c39376d8
                                                                                                                    • Instruction ID: 95d42670d03fbdd100bdc66c99dc89edb25b3641ae0640ea627be19a7f35cafb
                                                                                                                    • Opcode Fuzzy Hash: ec5446dc8edc6e690de830ab40bbf7c7537b3accdd5b503035680060c39376d8
                                                                                                                    • Instruction Fuzzy Hash: 8431BE71A00218AFCF01EF64DC85BAE7BE8EF08311F1140A6FD099F242DA71AD54CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003DB468 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 271windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 003DB46F
                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 003DB4D8
                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 003DB50E
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 003DB568
                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 003DB590
                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 003DB75D
                                                                                                                    • DeleteObject.GDI32(?), ref: 003DB774
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CompatibleCreateObject$BitmapDeleteH_prolog3Select
                                                                                                                    • String ID: 3&7$3&7
                                                                                                                    • API String ID: 3587968642-3020793735
                                                                                                                    • Opcode ID: cf556421007887fdb0bc739130d3db65ad001e339c4468d43795ccf6ad7ae7ee
                                                                                                                    • Instruction ID: 4ffa5ec681f0ca8d6f4a3ded0a4d65d5a483a86fa8f8a8a7707ef38b7acde307
                                                                                                                    • Opcode Fuzzy Hash: cf556421007887fdb0bc739130d3db65ad001e339c4468d43795ccf6ad7ae7ee
                                                                                                                    • Instruction Fuzzy Hash: 94A18D7290020ADBCF16DFA9D985ABEBBF4FF44304F12812AF555EA291DB34D914CB60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00352060 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 190encryptionmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32 ref: 003520CD
                                                                                                                    • CertGetIssuerCertificateFromStore.CRYPT32(?,00000000,00000000,?), ref: 003520F7
                                                                                                                    • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 0035211F
                                                                                                                    • LocalAlloc.KERNEL32(00000000), ref: 00352133
                                                                                                                    • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,?), ref: 0035214B
                                                                                                                    • LocalFree.KERNEL32(?,?,?), ref: 0035217A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cert$LocalNameString$AllocCertificateErrorFreeFromIssuerLastStore
                                                                                                                    • String ID: Certificate not matching$lR
                                                                                                                    • API String ID: 771185627-2808037631
                                                                                                                    • Opcode ID: 1e3b82a1cfd6c25ec22c37a47acbf7b6311760af6725d729b0b7a671fbd390c6
                                                                                                                    • Instruction ID: e8296095c0bfa4be811ab5a2bec1aae98cd02612592f5b214d7eccd0fba89634
                                                                                                                    • Opcode Fuzzy Hash: 1e3b82a1cfd6c25ec22c37a47acbf7b6311760af6725d729b0b7a671fbd390c6
                                                                                                                    • Instruction Fuzzy Hash: C061EC75900214ABDB198F64DC48FAFBBB5FF4A315F150519ED01B72A0EB306A88CBA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F4420 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • UrlIsW.SHLWAPI(?,00000000,7D8B83E9,?,?,00000000,004D4E5D,000000FF,?,0032FC7F,-00000030), ref: 002F4466
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 002F448A
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,iexplore,00000008,00000000,00000001), ref: 002F44F2
                                                                                                                    • UrlIsW.SHLWAPI(?,00000000), ref: 002F451A
                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 002F453A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExecuteShell
                                                                                                                    • String ID: -nohome $iexplore$open
                                                                                                                    • API String ID: 587946157-2530092967
                                                                                                                    • Opcode ID: 33fb1265cdb94a0904f1fe305efc4b27212d6fc53dd002007426a68a474a796f
                                                                                                                    • Instruction ID: 37fc77495aff727755e5c8ddb3049ad17185c75505cc64940f8efa5f5ed00ac5
                                                                                                                    • Opcode Fuzzy Hash: 33fb1265cdb94a0904f1fe305efc4b27212d6fc53dd002007426a68a474a796f
                                                                                                                    • Instruction Fuzzy Hash: 5541B130650309ABDB30EF58CC59FAAFBB4AB04B54F60052AE601BB2D0D7B0A954CF64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00342380 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 323COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    • failed to create a new segment, xrefs: 003425B9
                                                                                                                    • failed to create the last segment, xrefs: 00342597
                                                                                                                    • number of jobs created when resuming from disk are %d, xrefs: 00342782
                                                                                                                    • num of jobs to be created is %d, xrefs: 0034240D
                                                                                                                    • already downloaded bytes for segment %d is %d, xrefs: 00342499
                                                                                                                    • partially downloaded bytes for segment %d is %d, xrefs: 003424E5, 003426DD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __aulldiv
                                                                                                                    • String ID: already downloaded bytes for segment %d is %d$failed to create a new segment$failed to create the last segment$num of jobs to be created is %d$number of jobs created when resuming from disk are %d$partially downloaded bytes for segment %d is %d
                                                                                                                    • API String ID: 3732870572-2727180387
                                                                                                                    • Opcode ID: 1607385c597f5f2bf1cb4b92c9ff0553b0643618b2a948df7ece5d4f5ed763af
                                                                                                                    • Instruction ID: 6c6816a38b22e62771db0c0b41da04a4e0fa2cb887d44faefb226245b63b06eb
                                                                                                                    • Opcode Fuzzy Hash: 1607385c597f5f2bf1cb4b92c9ff0553b0643618b2a948df7ece5d4f5ed763af
                                                                                                                    • Instruction Fuzzy Hash: A7D15870A00609AFCB1AEFA4C895FAEFBB9FF45304F104159F415AB292DB31B915CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034C420 Relevance: 12.5, APIs: 1, Strings: 7, Instructions: 459COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • failed to retrieve the ETAG header from the head request, xrefs: 0034C83F
                                                                                                                    • Retry Count: %d reached for retriving file size and total time taken in seconds is %d, xrefs: 0034C74B
                                                                                                                    • The value of ETAG for the file is , xrefs: 0034C890
                                                                                                                    • some intermittent error while fetching remote file size. Retrying now. Error code is %d and error type is %d, xrefs: 0034C6BA
                                                                                                                    • failed to retrieve the server file Size, xrefs: 0034C779
                                                                                                                    • ETag, xrefs: 0034C7D6, 0034C89D
                                                                                                                    • failed to init the http downloader to get file Size, xrefs: 0034C57A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ETag$Retry Count: %d reached for retriving file size and total time taken in seconds is %d$The value of ETAG for the file is $failed to init the http downloader to get file Size$failed to retrieve the ETAG header from the head request$failed to retrieve the server file Size$some intermittent error while fetching remote file size. Retrying now. Error code is %d and error type is %d
                                                                                                                    • API String ID: 0-2065089768
                                                                                                                    • Opcode ID: fc83cf0d4ab1039d5fda7d408cda17c887ad9f664e9d5fc283379f535273d3b9
                                                                                                                    • Instruction ID: 7f5777292322ef096248b45bbc481be2ac0c4f6c1aa8cc53cba4bce09e649f27
                                                                                                                    • Opcode Fuzzy Hash: fc83cf0d4ab1039d5fda7d408cda17c887ad9f664e9d5fc283379f535273d3b9
                                                                                                                    • Instruction Fuzzy Hash: 2B129D719112199FCB1ADF64C859BEDBBF4BF15304F1441DAE40AAB292DB307A88CF61
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002EF010 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 131COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 0033A120: _com_issue_errorex.COMSUPP ref: 0033A196
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 002EF10E
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002EF124
                                                                                                                    • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 002EF13F
                                                                                                                    Strings
                                                                                                                    • FileUtils, xrefs: 002EF156
                                                                                                                    • Non Admin creating destination directory %s, xrefs: 002EF0F6
                                                                                                                    • SHCreateDirectoryEx failed. Error: %d, xrefs: 002EF14C
                                                                                                                    • createDirectoryParams/createDestination, xrefs: 002EF0A6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DirectoryPath$CreateExistsFileInit_thread_footer_com_issue_errorex
                                                                                                                    • String ID: FileUtils$Non Admin creating destination directory %s$SHCreateDirectoryEx failed. Error: %d$createDirectoryParams/createDestination
                                                                                                                    • API String ID: 2933693980-4075147966
                                                                                                                    • Opcode ID: e0e4727d9a770631491a3996d9add659b8c558c0171c660306c5c0ebfa292711
                                                                                                                    • Instruction ID: d101bad5faed7885077a939b580c5efe9e337c6a710164e65059306570a55953
                                                                                                                    • Opcode Fuzzy Hash: e0e4727d9a770631491a3996d9add659b8c558c0171c660306c5c0ebfa292711
                                                                                                                    • Instruction Fuzzy Hash: 3551AC71D20259EFCB01DFA4DD56BEEBBB4FF54304F10422AE401AB281EBB45A45CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036C553 Relevance: 12.1, APIs: 8, Instructions: 97memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 0036C55A
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00000000), ref: 0036C56B
                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000000,?,?,00000001,?,?,?,002E7E7A,?,7D8B83E9), ref: 0036C587
                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000000,00000010,?,?,00000000,?,?,00000001,?,?,?,002E7E7A,?,7D8B83E9), ref: 0036C5F0
                                                                                                                    • LocalReAlloc.KERNEL32(?,00000000,00000002,00000010,?,?,00000000,?,?,00000001,?,?,?,002E7E7A,?,7D8B83E9), ref: 0036C5FE
                                                                                                                    • TlsSetValue.KERNEL32(?,00000000,7D8B83E9), ref: 0036C62F
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(002E7E7A), ref: 0036C64D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocCriticalLocalSectionValue$EnterH_prolog3_catchLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1707010094-0
                                                                                                                    • Opcode ID: d0e663801b133199bd8877385007fce23e3f616f8df14412ccb38b4964e0da7d
                                                                                                                    • Instruction ID: 354e57fd871cc1ac28a3d5167cf3eef68025fa3ea22139b50a22a1c0a8185180
                                                                                                                    • Opcode Fuzzy Hash: d0e663801b133199bd8877385007fce23e3f616f8df14412ccb38b4964e0da7d
                                                                                                                    • Instruction Fuzzy Hash: 3A31C271500701DFCB26DF15C845A7BBBB5EF80320B15D46AE89A9B26ACB70ED10CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036A015 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClearH_prolog3_catch_Variant_strlen
                                                                                                                    • String ID: `<u
                                                                                                                    • API String ID: 1755785604-3367579956
                                                                                                                    • Opcode ID: f277971f421e0515ef8ede4521fb26f0b2657c0da9b9969195f5a6d61eedc966
                                                                                                                    • Instruction ID: bc68d9e5ab50f36487428408954f7f32134399ff5c664d202d97e331e6ee512e
                                                                                                                    • Opcode Fuzzy Hash: f277971f421e0515ef8ede4521fb26f0b2657c0da9b9969195f5a6d61eedc966
                                                                                                                    • Instruction Fuzzy Hash: 32A19D75800A19DBCF06DFA4C8408FEBBB5FF09310B298159E811BB259D735AD52DFA2
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035B12F Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 258memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 0035B139
                                                                                                                    • SysAllocStringLen.OLEAUT32(?,00000000), ref: 0035B20A
                                                                                                                    • SetWindowPos.USER32(?,?,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,?,00000000,00000378,00000000), ref: 0035B3C8
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0035B419
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$AllocFreeH_prolog3_Window
                                                                                                                    • String ID: ?J$`<u
                                                                                                                    • API String ID: 1244472968-1911096745
                                                                                                                    • Opcode ID: c6e8ba06214b9cdd9b367545d2827392a07c44b1733fcfec51d768df045f7155
                                                                                                                    • Instruction ID: c15ec06bfac9c836038ca2af83653ac35fe46a242e10d1443f24324252170ab4
                                                                                                                    • Opcode Fuzzy Hash: c6e8ba06214b9cdd9b367545d2827392a07c44b1733fcfec51d768df045f7155
                                                                                                                    • Instruction Fuzzy Hash: AEB1F3B5D002199FCF15CFA9C890AADFBB5FF48310F14816AE809AB355E734A945CF60
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00320210 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 243sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • Sleep.KERNEL32(000007D0), ref: 0032046B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footerSleep
                                                                                                                    • String ID: AcroExch.Document.DC$Acrobat.Document.DC$Software\Adobe\Acrobat Reader\DC\AVAlert\cCheckbox$Software\Adobe\Adobe Acrobat\DC\AVAlert\cCheckbox$iAppDoNotTakePDFOwnershipAtLaunchWin10$pdf_user_choice
                                                                                                                    • API String ID: 1811701964-3549503691
                                                                                                                    • Opcode ID: 160719634ac6869bec2e3aae4a726810212845cbd7638dbe4b2021b5ae591ec9
                                                                                                                    • Instruction ID: 6564bcb5571b417bb4d75853edec0d46f3d5c5dce2e231668f841187ec459489
                                                                                                                    • Opcode Fuzzy Hash: 160719634ac6869bec2e3aae4a726810212845cbd7638dbe4b2021b5ae591ec9
                                                                                                                    • Instruction Fuzzy Hash: 85A1BD71D103189BDB25DFA0C859BEEBBB0AF15314F65426AE1017B292EB706E89CF50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030E470 Relevance: 10.7, APIs: 7, Instructions: 206threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E4C3
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E4DF
                                                                                                                    • TerminateThread.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E516
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E522
                                                                                                                    • TerminateThread.KERNEL32(74DF2EE0,000000FF,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E556
                                                                                                                    • CloseHandle.KERNEL32(74DF2EE0,?,?,?,?,?,?,?,?,?,?,?,7D8B83E9,?,?), ref: 0030E55D
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0030E669
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle$TerminateThread$Initialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 196183332-0
                                                                                                                    • Opcode ID: 505a6ca987ef2d7b1112fff55e69d8bafba227741d3104f25c13b871a15fbc11
                                                                                                                    • Instruction ID: 80988344ee7508038684da6127c070b0ef32119cd0af228d9c73a9bd1c271610
                                                                                                                    • Opcode Fuzzy Hash: 505a6ca987ef2d7b1112fff55e69d8bafba227741d3104f25c13b871a15fbc11
                                                                                                                    • Instruction Fuzzy Hash: 27711171A00605EFDB15DF68CC55BAAFBB8FF05324F104A2AE424972D1DB74EA14CBA1
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00345550 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PathFileExistsW.SHLWAPI(?,00000000,?,?,00348ACE,?,?), ref: 00345559
                                                                                                                    • DeleteFileW.KERNEL32(?,?,00348ACE,?,?), ref: 00345583
                                                                                                                    • GetLastError.KERNEL32(?,?,?,00348ACE,?,?), ref: 00345595
                                                                                                                    • GetLastError.KERNEL32(?,?,?,00348ACE,?,?), ref: 003455A5
                                                                                                                    Strings
                                                                                                                    • File does not exist at %s, xrefs: 00345569
                                                                                                                    • Failed to delete file at path:%ls error:%d, xrefs: 003455AB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLast$DeleteExistsPath
                                                                                                                    • String ID: Failed to delete file at path:%ls error:%d$File does not exist at %s
                                                                                                                    • API String ID: 2844817965-1968543198
                                                                                                                    • Opcode ID: c9be9eca456dad325e5f3998027c73b68af390da5c04a8fc3d3fe0c897486a6e
                                                                                                                    • Instruction ID: 66a25993caa049900933003c8b459a8aaf266ab6c7498452bafc462899dbceb7
                                                                                                                    • Opcode Fuzzy Hash: c9be9eca456dad325e5f3998027c73b68af390da5c04a8fc3d3fe0c897486a6e
                                                                                                                    • Instruction Fuzzy Hash: 3D01D6756001087FD7019F69DC85A7ABBECEF49255B0040A4FD0DCB212DA32AC21CBA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036D066 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,003572B1,00000000), ref: 0036D078
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ApplicationRecoveryInProgress), ref: 0036D088
                                                                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 0036D091
                                                                                                                    • RtlDecodePointer.NTDLL(00000000), ref: 0036D09F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                    • String ID: ApplicationRecoveryInProgress$kernel32.dll
                                                                                                                    • API String ID: 2061474489-2899047487
                                                                                                                    • Opcode ID: b4a60338463ff2145b269b3ba06e6a5b51c837e3a712dcc7b9e64bf34e5d8c3f
                                                                                                                    • Instruction ID: 5e4c3b8552568d5427c8606b81bef2cce14fc4d1ea4edc2f45510ae6bc77488f
                                                                                                                    • Opcode Fuzzy Hash: b4a60338463ff2145b269b3ba06e6a5b51c837e3a712dcc7b9e64bf34e5d8c3f
                                                                                                                    • Instruction Fuzzy Hash: 42F02734B023119B87222B30BC0883A3BAC6A84742B014030FD0AD3325CB718C11DAA9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036D011 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,003572F4,00000001), ref: 0036D023
                                                                                                                    • GetProcAddress.KERNEL32(00000000,ApplicationRecoveryFinished), ref: 0036D033
                                                                                                                    • RtlEncodePointer.NTDLL(00000000), ref: 0036D03C
                                                                                                                    • RtlDecodePointer.NTDLL(00000000), ref: 0036D04A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                    • String ID: ApplicationRecoveryFinished$kernel32.dll
                                                                                                                    • API String ID: 2061474489-1962646049
                                                                                                                    • Opcode ID: 1f059de38e6af1e93a26a5bfc9942ba5ee6b1f956a264998c5a9611a0f401bc1
                                                                                                                    • Instruction ID: 404da082aa0051053784a9e137ef35dcc1e14a7c2cd85d1c3cf2bb71f89a9bc4
                                                                                                                    • Opcode Fuzzy Hash: 1f059de38e6af1e93a26a5bfc9942ba5ee6b1f956a264998c5a9611a0f401bc1
                                                                                                                    • Instruction Fuzzy Hash: 46F06575B423159B87221F70BD088797B9CAA847527054075FD05D3265DB349C21DBE9
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003051B0 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00305200
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00305222
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0030524A
                                                                                                                    • __Getctype.LIBCPMT ref: 0030532E
                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0030539E
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003053C8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1102183713-0
                                                                                                                    • Opcode ID: 02f583c15b402df795eed922045148401950eb5ea71c314a8c89b0975abad6ee
                                                                                                                    • Instruction ID: 02532f46d0bdbacd064a7c705beb9bba84e46817cc5a5b8c9e9e5cc605ed5fa9
                                                                                                                    • Opcode Fuzzy Hash: 02f583c15b402df795eed922045148401950eb5ea71c314a8c89b0975abad6ee
                                                                                                                    • Instruction Fuzzy Hash: 9A71BFB0D01648CFDB12CF68C5507AEBBF8EF18314F14855ED849AB391E774AA84DB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002F6090 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 403COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00338D00: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,?), ref: 00338D23
                                                                                                                    • PathAppendW.SHLWAPI(00000000,?,?,?,?,?), ref: 002F616E
                                                                                                                    • PathFileExistsW.SHLWAPI(?,pathValid.txt,0000000D,7D8B83E9,?,?), ref: 002F61BA
                                                                                                                    • PathIsDirectoryW.SHLWAPI(?), ref: 002F61D4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$AppendDirectoryExistsFileFolderSpecial
                                                                                                                    • String ID: parent UNC Path in Child: %s$pathValid.txt
                                                                                                                    • API String ID: 2104674270-357044310
                                                                                                                    • Opcode ID: 01f9274040e83c3d84c94f62452fa8db886ef92ccbbc6cd784e9a91397f4d1bb
                                                                                                                    • Instruction ID: 1ac5b9fcb61270cbcd3fd4a73180fe587a1e6beef83a0a8fa80ead0cc651c64c
                                                                                                                    • Opcode Fuzzy Hash: 01f9274040e83c3d84c94f62452fa8db886ef92ccbbc6cd784e9a91397f4d1bb
                                                                                                                    • Instruction Fuzzy Hash: 0E02CF71D1025DCBDF14DFA4C858BEEBBB0EF14308F544169D405AB282EB75AA96CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003344D0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00334506
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00334529
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00334549
                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003345BB
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003345D3
                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003345F6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2081738530-0
                                                                                                                    • Opcode ID: 360a93b84daf8ffba730ec09041b1172253b5af02284e0892ba8c208e8176774
                                                                                                                    • Instruction ID: 74b72a2791a8bdbd6bcf763998f79b4b91c374219fe396e327e225028abdec17
                                                                                                                    • Opcode Fuzzy Hash: 360a93b84daf8ffba730ec09041b1172253b5af02284e0892ba8c208e8176774
                                                                                                                    • Instruction Fuzzy Hash: 4B41D172D002198FDB12CF55E9806AEBBB8FF1A724F15415AE81667351E734BE44CBD0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003320D0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00577C78,000000FF,00000000,00000000,00000405,?,?,00000000,00000038,?), ref: 003320EB
                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00577C78,000000FF,00000000,?), ref: 0033213B
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,005337DC,?,?,00000000), ref: 00332145
                                                                                                                    Strings
                                                                                                                    • Failed to convert MultiByteToWideChar. ErrorCode::%d, xrefs: 0033214C
                                                                                                                    • Error allocating memory while converting UTF8 string to Native string, xrefs: 0033210B
                                                                                                                    • StringUtils, xrefs: 00332115, 00332156
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                    • String ID: Error allocating memory while converting UTF8 string to Native string$Failed to convert MultiByteToWideChar. ErrorCode::%d$StringUtils
                                                                                                                    • API String ID: 1717984340-281077328
                                                                                                                    • Opcode ID: 5014388afca282fe18b1c142143740e096d0e96497be0dd5355c13cc98e01ee1
                                                                                                                    • Instruction ID: ef6eb9b1e330f539ae8e9e4b595f632332834a4712f836a1413c34bbca41d4ab
                                                                                                                    • Opcode Fuzzy Hash: 5014388afca282fe18b1c142143740e096d0e96497be0dd5355c13cc98e01ee1
                                                                                                                    • Instruction Fuzzy Hash: 0A212E76B8031037CB2177A97C07FEF3B68DF86720F0501A9FE09A72C2D965551186A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00341310 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 215COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • The file has changed on the server. Please close this workflow and try again., xrefs: 0034362C
                                                                                                                    • The new ETAG (%s) is different from the previous ETAG value (%s). So, the current download is invalid., xrefs: 00343614
                                                                                                                    • dle is not paused. So, no need to resume, xrefs: 00343493
                                                                                                                    • ETag, xrefs: 003434BF, 0034358A, 003435D0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ETag$The file has changed on the server. Please close this workflow and try again.$The new ETAG (%s) is different from the previous ETAG value (%s). So, the current download is invalid.$dle is not paused. So, no need to resume
                                                                                                                    • API String ID: 0-2798059100
                                                                                                                    • Opcode ID: a85b3f93121ece1b8622127c250cf52bc2d64832b6175991b04e15743ac3245d
                                                                                                                    • Instruction ID: e97acdca0e26b6e7f6ea1c819f800d79c63ef5a136c915fa0c576e1600ab0e60
                                                                                                                    • Opcode Fuzzy Hash: a85b3f93121ece1b8622127c250cf52bc2d64832b6175991b04e15743ac3245d
                                                                                                                    • Instruction Fuzzy Hash: E581B070910249DBDB15DF74C895BEEBBB4AF04318F20421EE456AB391DB346A44CB55
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003284A0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                    • RtlEnterCriticalSection.NTDLL(-0000018C), ref: 003286BB
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(-0000018C), ref: 003286DC
                                                                                                                      • Part of subcall function 003205B0: SendMessageW.USER32(?,00000BCA,00000000,00000000), ref: 003205E8
                                                                                                                      • Part of subcall function 002D8620: __Init_thread_footer.LIBCMT ref: 002D8742
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalInit_thread_footerSection$EnterLeaveMessageSend
                                                                                                                    • String ID: Downloading : %s$GoCart$Starting download for all packages.
                                                                                                                    • API String ID: 1743593657-1678466242
                                                                                                                    • Opcode ID: 75e5bfa1c33c056eea5cd3d027073a65fb5b1f56e9f2693c4036f7d13292d7ce
                                                                                                                    • Instruction ID: 97bc32f5f1b0249e5e991ba3dae1d1e61a34cf67e15f65d633e46211d5c79d68
                                                                                                                    • Opcode Fuzzy Hash: 75e5bfa1c33c056eea5cd3d027073a65fb5b1f56e9f2693c4036f7d13292d7ce
                                                                                                                    • Instruction Fuzzy Hash: BE810171A01204AFDB15DF68E886BA9FBB0FF41314F25826AE81467382DF70AC55CF91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0032D4F0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 196COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 002D8570: __Init_thread_footer.LIBCMT ref: 002D85F8
                                                                                                                      • Part of subcall function 0033A120: _com_issue_errorex.COMSUPP ref: 0033A196
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0032D638
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer$_com_issue_errorex
                                                                                                                    • String ID: //launchAcrobat$Acrobat Pro DC$AcrobatDCCheckBox$Received Launch Acrobat Check Box click message
                                                                                                                    • API String ID: 1829800392-2360623104
                                                                                                                    • Opcode ID: 4690bbe471c183acdfb27b05cffc1a81feb1ea524d9fd973d05ce93e1856779b
                                                                                                                    • Instruction ID: b174ca3126b18a4e7aece527af1be70a0c5f61fd3c3c4b370de063f5a864d45d
                                                                                                                    • Opcode Fuzzy Hash: 4690bbe471c183acdfb27b05cffc1a81feb1ea524d9fd973d05ce93e1856779b
                                                                                                                    • Instruction Fuzzy Hash: A3819F30D10259DFDB11DFA4D855BEEBBB0BF55304F214269E005AB282DBB56A48CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E21E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(00000000,002DFE4B,00000006,002DFE4A), ref: 002E2264
                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 002E2277
                                                                                                                    • LockResource.KERNEL32(00000000), ref: 002E2286
                                                                                                                    • SizeofResource.KERNEL32(?,?), ref: 002E229C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                                    • String ID: |x5
                                                                                                                    • API String ID: 3473537107-335511547
                                                                                                                    • Opcode ID: fd962c98d26161036e784677e2741d8e88498d45fdc1b0a2b3f75d6eae6a86ae
                                                                                                                    • Instruction ID: 06d8e048cdbffd12291bef6cce4752e9277d517655d14cb1eb148b814a332b67
                                                                                                                    • Opcode Fuzzy Hash: fd962c98d26161036e784677e2741d8e88498d45fdc1b0a2b3f75d6eae6a86ae
                                                                                                                    • Instruction Fuzzy Hash: 38412431A10556DFDB249F2ACC45A3EB7A9EF41301F4041ADF9039B3A1EB789D28CE90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033C240 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(?,Advapi32.dll,7D8B83E9), ref: 0033C2B0
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 0033C2C4
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0033C303
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: Advapi32.dll$CreateProcessWithTokenW
                                                                                                                    • API String ID: 145871493-2244679747
                                                                                                                    • Opcode ID: 0a921398c3c25c73e7989f6a1604d7af79e0989ed8052ffb5b55af3fcd1643cb
                                                                                                                    • Instruction ID: afcdd1e68e8bef65dc4ca53dea9be8a13c0caaa7f96aa83e9a9253fac693220e
                                                                                                                    • Opcode Fuzzy Hash: 0a921398c3c25c73e7989f6a1604d7af79e0989ed8052ffb5b55af3fcd1643cb
                                                                                                                    • Instruction Fuzzy Hash: EE31F172A01218EFCF01DFA9D984ADEBBF5FB08720F41412AF915E3250E7359911CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00364137 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTopWindow.USER32(?), ref: 0036413E
                                                                                                                    • GetTopWindow.USER32(00000000), ref: 00364181
                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 003641A3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window
                                                                                                                    • String ID: U5
                                                                                                                    • API String ID: 2353593579-1897351987
                                                                                                                    • Opcode ID: ea8798042463d4406bd45d5d7310f459770e5f4773bfe6089218d2b26a5cf691
                                                                                                                    • Instruction ID: 91763bbfdd4f89be365faec51359cbc6ee3a42f4b5332dd15dda98499acf3db4
                                                                                                                    • Opcode Fuzzy Hash: ea8798042463d4406bd45d5d7310f459770e5f4773bfe6089218d2b26a5cf691
                                                                                                                    • Instruction Fuzzy Hash: 4001A53240111AEBDF236F90ED09E9E3B29BF26361F058014FA1954064C776C9B5EBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FC500 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 165stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: !I$VersionString${AC76BA86-0000-0000-7760-7E8A45000000}${AC76BA86-0000-0000-BA7E-7E8A45000000}
                                                                                                                    • API String ID: 1659193697-167949492
                                                                                                                    • Opcode ID: fd172df0351ee5587f23167e3bfd15369612de75aa725346d91283942f2aaa14
                                                                                                                    • Instruction ID: 85f21a5a8c797044b2a83073014dcf22bb4c7f9f9ed87f4a8bc221f8b9e41a25
                                                                                                                    • Opcode Fuzzy Hash: fd172df0351ee5587f23167e3bfd15369612de75aa725346d91283942f2aaa14
                                                                                                                    • Instruction Fuzzy Hash: 417162B191061C9BCB20DF24CC55BEAB7B8FF54308F5042D9E609A7241EB30AB95CF58
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003341F0 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0033422A
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00334248
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00334268
                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0033432C
                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00334344
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 459529453-0
                                                                                                                    • Opcode ID: bb61b1f0d21c14e515231a6156b462b67ada8905e222a4541adb2a9f7187b651
                                                                                                                    • Instruction ID: c0bf6ed95398b82bc15fa5543f9dc48878ec49b73c54be227ec06df295b2cb2f
                                                                                                                    • Opcode Fuzzy Hash: bb61b1f0d21c14e515231a6156b462b67ada8905e222a4541adb2a9f7187b651
                                                                                                                    • Instruction Fuzzy Hash: DD41CD71A002158FCB12CF65D981AAFB7B8FB14714F15456AE806AB350EB34BE45CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003572FE Relevance: 7.6, APIs: 5, Instructions: 118memorystringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _memcpy_s.LIBCMT ref: 0035736B
                                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 00357394
                                                                                                                    • lstrcmpW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00372F98,000000F1,00000010,0037395F,0055A76C,00000010,00000008,003736B2), ref: 003573AD
                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,?,?,?), ref: 003573EA
                                                                                                                    • GlobalFix.KERNEL32(00000000), ref: 003573F8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$Alloc_memcpy_slstrcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4126437549-0
                                                                                                                    • Opcode ID: 5af00e3ac8ab5f90a4cf5e23ba5e41dc260b1cc4520cf3ced761a0741accf1ab
                                                                                                                    • Instruction ID: 7c61b83c8e58eab5cd8fe9869e098246ff4180f246adc1378271fcf92a07dbff
                                                                                                                    • Opcode Fuzzy Hash: 5af00e3ac8ab5f90a4cf5e23ba5e41dc260b1cc4520cf3ced761a0741accf1ab
                                                                                                                    • Instruction Fuzzy Hash: F541B0B1600208AFEB129F65DC85D6A7BADEF44745F05446AFE0287272DB30DD10DB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003AB516 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __EH_prolog3.LIBCMT ref: 003AB51D
                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 003AB6D2
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 003AB72A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$DeleteH_prolog3
                                                                                                                    • String ID: 3&7
                                                                                                                    • API String ID: 657949336-2718934256
                                                                                                                    • Opcode ID: f54edafa6d4754b7506000e6a8c76ccc5997c0e19a3deeefdad7d9e5f1fadd0b
                                                                                                                    • Instruction ID: 0a68296f5744f68b21a600d219ca63b160e3982531c63231d2c93d0d180395f7
                                                                                                                    • Opcode Fuzzy Hash: f54edafa6d4754b7506000e6a8c76ccc5997c0e19a3deeefdad7d9e5f1fadd0b
                                                                                                                    • Instruction Fuzzy Hash: C2719C71C006148BCF1AEF65C8847AEBBB5FF4A310F1581AAEC146F296CB758944CBA0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0030A390 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0030A451
                                                                                                                    • RtlEnterCriticalSection.NTDLL(-0000018C), ref: 0030A52D
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(-0000018C), ref: 0030A54E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeaveObjectSingleWait
                                                                                                                    • String ID: InstallationSkipped
                                                                                                                    • API String ID: 501323975-1569378864
                                                                                                                    • Opcode ID: dd7a0ff74afde71309e3ecc0e9c69ae98b4a007fd7d20ddf01efac5884003db4
                                                                                                                    • Instruction ID: 5e07528b0711993e8daee83d0bd3c10c9e1dce3a61394fdcccf444ebb55812e9
                                                                                                                    • Opcode Fuzzy Hash: dd7a0ff74afde71309e3ecc0e9c69ae98b4a007fd7d20ddf01efac5884003db4
                                                                                                                    • Instruction Fuzzy Hash: E471C571E007059FDB11DF68D819BAA7BB1FF45318F258268E404AF382D771E942CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E04C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 002E0520
                                                                                                                    • _com_issue_error.COMSUPP ref: 002E055C
                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 002E0590
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$AllocFree_com_issue_error
                                                                                                                    • String ID: `<u
                                                                                                                    • API String ID: 1786537486-3367579956
                                                                                                                    • Opcode ID: 26d268990d5aebd08c468f15e4a727219a240f289a0528d44a29a1eb889726f9
                                                                                                                    • Instruction ID: 828f0a458b2bc82cd918c283a035389566f84e9db4c71b8489db133687e289f3
                                                                                                                    • Opcode Fuzzy Hash: 26d268990d5aebd08c468f15e4a727219a240f289a0528d44a29a1eb889726f9
                                                                                                                    • Instruction Fuzzy Hash: 7931D7B1950756ABD7208F1AD844B5BBBE8FF40720F50462EEC1597280E7F4A955CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00339240 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(00000000,?,?,?,?), ref: 003392BB
                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 003392C5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFileLastPathRemoveSpec
                                                                                                                    • String ID: Failed to remove file spec error: %d$FileUtils
                                                                                                                    • API String ID: 3648509562-2156732388
                                                                                                                    • Opcode ID: 399f08675d8f28f517280993386eef7ca41ca2bd6b797cb3b85759341bc295af
                                                                                                                    • Instruction ID: 32be03d9f6eb36d92f80527fac4120380f339d51c15f0c8b3d8b9525abfb7c23
                                                                                                                    • Opcode Fuzzy Hash: 399f08675d8f28f517280993386eef7ca41ca2bd6b797cb3b85759341bc295af
                                                                                                                    • Instruction Fuzzy Hash: 86216172600714EBC725AB54EC81FBB73ACEF96300F45056AFC06CB152E7A5B910C6A5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003412A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • already stopped. No need to stop now, xrefs: 00342108
                                                                                                                    • failed to stop the file downloader, xrefs: 00342139
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalEnterSection
                                                                                                                    • String ID: already stopped. No need to stop now$failed to stop the file downloader
                                                                                                                    • API String ID: 1904992153-1172314604
                                                                                                                    • Opcode ID: f5aa12eb44204116e1c0ae1122aaa14ca718146a8f7cf215dc3ff54a38f8bbdc
                                                                                                                    • Instruction ID: d076ed6596044af00f7a583b77bbf463db78df484624d498fefd567e779241e4
                                                                                                                    • Opcode Fuzzy Hash: f5aa12eb44204116e1c0ae1122aaa14ca718146a8f7cf215dc3ff54a38f8bbdc
                                                                                                                    • Instruction Fuzzy Hash: 33119031600A019FD722AF28EC55B96B3E8AF50314F50452EF556DE1A2DF60B88ACA95
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 004C057B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetConsoleOutputCP.KERNEL32(7D8B83E9,004C120D,00000000,?), ref: 004C05DE
                                                                                                                      • Part of subcall function 004C76B6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004C3F37,?,00000000,-00000008), ref: 004C7762
                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004C0839
                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004C0881
                                                                                                                    • GetLastError.KERNEL32 ref: 004C0924
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2112829910-0
                                                                                                                    • Opcode ID: a09131df7217316b048b4e99b4fa1ca11b72d6d4cdddfb59b68896dc1191d2b4
                                                                                                                    • Instruction ID: f5bf2290f82f784445a35d08f62fb8a8fdacdefc87f292934bfce9dd25d75771
                                                                                                                    • Opcode Fuzzy Hash: a09131df7217316b048b4e99b4fa1ca11b72d6d4cdddfb59b68896dc1191d2b4
                                                                                                                    • Instruction Fuzzy Hash: 84D158B9E04248DFCB15CFA8D880AADBBB4FF49304F18816EE455E7352D734A946CB64
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0034F150 Relevance: 6.2, APIs: 4, Instructions: 234COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __aulldiv
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3732870572-0
                                                                                                                    • Opcode ID: 0044c3175a0cf309a1959604e4a280beb9391e38d5f14ce19050f97b5d7fd7e9
                                                                                                                    • Instruction ID: fec31ed1b8be46c48afe983fe3adace658e53462d40c8d2925328556b2bd705e
                                                                                                                    • Opcode Fuzzy Hash: 0044c3175a0cf309a1959604e4a280beb9391e38d5f14ce19050f97b5d7fd7e9
                                                                                                                    • Instruction Fuzzy Hash: 9391C875E102159FCB48DF69C980AA9BBF5FF8C310B1541AAE818EB316D774AD41CF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FC020 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 156stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: !I$VersionString${A6EADE66-0000-0000-484E-7E8A45000000}
                                                                                                                    • API String ID: 1659193697-3318499031
                                                                                                                    • Opcode ID: 69d1290baae20f0a2605c231d9ff4d98ee9cdd250d0821b07276422e2e42c5cf
                                                                                                                    • Instruction ID: 2188884f5ead37df8ebd895043e0284b2da1a9b77d72887568cc89584d1e6eea
                                                                                                                    • Opcode Fuzzy Hash: 69d1290baae20f0a2605c231d9ff4d98ee9cdd250d0821b07276422e2e42c5cf
                                                                                                                    • Instruction Fuzzy Hash: F86191B191021C9BCB20DF64CD95BEAB3B8EF55304F5042DAE609A7241EB70AF85CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002FC290 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 156stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: !I$VersionString${AC76BA86-0000-0000-7760-7E8A45000000}
                                                                                                                    • API String ID: 1659193697-3696887189
                                                                                                                    • Opcode ID: 15642510b3014b17b6916a5c68cd46bee9ca2f07be1bcac0aed5ae021c950459
                                                                                                                    • Instruction ID: 3f88168149ebf37d3324d53c7a2defdbd0be881987636430827e8a092e11c84f
                                                                                                                    • Opcode Fuzzy Hash: 15642510b3014b17b6916a5c68cd46bee9ca2f07be1bcac0aed5ae021c950459
                                                                                                                    • Instruction Fuzzy Hash: C16191B191021D9BCB20DF24CD95BEAB3B8EF55304F5042DAE609A7281EB70AB85CF54
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035935E Relevance: 6.1, APIs: 4, Instructions: 122threadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 003592A9: GetParent.USER32(?), ref: 00359309
                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 003593BF
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 003593C9
                                                                                                                    • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 003593DF
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0035946A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentFileMessageModuleNameParentSendThreadWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2033580816-0
                                                                                                                    • Opcode ID: fa776286e97a35d26c503f59995f6418c14207f41d9da705d766d247552154fa
                                                                                                                    • Instruction ID: bc802a3c23fe04b4de1fe66ba3c996999fbe2013a9ffd39544bbeab03f3561bb
                                                                                                                    • Opcode Fuzzy Hash: fa776286e97a35d26c503f59995f6418c14207f41d9da705d766d247552154fa
                                                                                                                    • Instruction Fuzzy Hash: 9441B2B5A4021DDFCB22DF69DC88BA977B8FB14301F0545AAE909D7260D7708E898B50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E2540 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,?,00356C03,?,00000000,00000004,80004005,?,00000000), ref: 002E2581
                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,00356C03,?,00000000,00000004,80004005,?,00000000,?,003671BB,00000000), ref: 002E2594
                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,?,00356C03,?,00000000,00000004,80004005,?,00000000,?,003671BB,00000000,00000000), ref: 002E25A3
                                                                                                                    • SizeofResource.KERNEL32(00000001,?,?,?,?,?,00356C03,?,00000000,00000004,80004005,?,00000000,?,003671BB,00000000), ref: 002E25B9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3473537107-0
                                                                                                                    • Opcode ID: e8ecaf89cf3f8c6073701773f967b6ee6fcf793ed7450a27d4854c7980c93bd2
                                                                                                                    • Instruction ID: a2538c0612e11753762c20604195287459c97994f7c90551f79ad55abe1544b8
                                                                                                                    • Opcode Fuzzy Hash: e8ecaf89cf3f8c6073701773f967b6ee6fcf793ed7450a27d4854c7980c93bd2
                                                                                                                    • Instruction Fuzzy Hash: DD313871551562DFCB209F2BDD4497AB7ECFF85300B80066EF942CB261DA30DC68CAA4
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00371535 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00574EA0), ref: 00371566
                                                                                                                    • RtlInitializeCriticalSection.NTDLL(00000000), ref: 0037157C
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00574EA0), ref: 0037158A
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00000000), ref: 00371597
                                                                                                                      • Part of subcall function 003714CC: RtlInitializeCriticalSection.NTDLL(00574EA0), ref: 003714E4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 713024617-0
                                                                                                                    • Opcode ID: c80ecd3f8c1017058756108debbac6886199be35a44eb03622ff6805763ac426
                                                                                                                    • Instruction ID: 96287527d036851a7237777fa229238e8840831bc333205d848194cb7f1aa94e
                                                                                                                    • Opcode Fuzzy Hash: c80ecd3f8c1017058756108debbac6886199be35a44eb03622ff6805763ac426
                                                                                                                    • Instruction Fuzzy Hash: B7F09C735001189FDB152B58FC49B39766CFBD2375F815025F94993122D738CC49EE96
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0036C4AC Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlEnterCriticalSection.NTDLL(00574C80), ref: 0036C4B8
                                                                                                                    • TlsGetValue.KERNEL32(00574C64,?,?,?,?,0036C4A8,00000000,00000004,00369CB2,00356155,00367584,002E1FC2,00000001,?,?,?), ref: 0036C4CC
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00574C80), ref: 0036C4E6
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(00574C80), ref: 0036C4F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$Leave$EnterValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3969253408-0
                                                                                                                    • Opcode ID: b7649bcb53d5c224d81db187b7437431091f8cba1e638922dea86639b729bdb9
                                                                                                                    • Instruction ID: 57271861c08da7f009ee399f92b85f58d3f23d0bc14655daa05d065cf3ecbd39
                                                                                                                    • Opcode Fuzzy Hash: b7649bcb53d5c224d81db187b7437431091f8cba1e638922dea86639b729bdb9
                                                                                                                    • Instruction Fuzzy Hash: 96F090362102159BCB23DF26DC5897AF7ACEEC4364306D065E952A7216CE31EC11CAE0
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0049F23F Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SleepConditionVariableCS.KERNELBASE(?,0049F1DC,00000064), ref: 0049F262
                                                                                                                    • RtlLeaveCriticalSection.NTDLL(005767E0), ref: 0049F26C
                                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,0049F1DC,00000064,?,002D85B1,00577C54,7D8B83E9,00000000,004D1581,000000FF,?,002E67D5,HTTPSend_01,0000000B), ref: 0049F27D
                                                                                                                    • RtlEnterCriticalSection.NTDLL(005767E0), ref: 0049F284
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3269011525-0
                                                                                                                    • Opcode ID: 4d1af9f92a479f36714ed51f143fbb3ad8d2f2d6d3f044e02214317395c88e32
                                                                                                                    • Instruction ID: 5fd0ff45d3680c140190715de3d4648e2241223b536db295a670240cf3e4c127
                                                                                                                    • Opcode Fuzzy Hash: 4d1af9f92a479f36714ed51f143fbb3ad8d2f2d6d3f044e02214317395c88e32
                                                                                                                    • Instruction Fuzzy Hash: 19E09235501A34BBCA051B40FC09AA97F28EB887E5B008071F509A6161C7715825EFDD
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0035B457 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindow.USER32(?,00000002), ref: 0035B522
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window
                                                                                                                    • String ID: +J
                                                                                                                    • API String ID: 2353593579-3909002960
                                                                                                                    • Opcode ID: 02bc4139fef20534a79cee5fda4766c2d2b3017cccef20a8f019439bf7651cd0
                                                                                                                    • Instruction ID: 682636f3be8f5b9698f81e81f8b994aed8a25982fa5185a435188115a251b63f
                                                                                                                    • Opcode Fuzzy Hash: 02bc4139fef20534a79cee5fda4766c2d2b3017cccef20a8f019439bf7651cd0
                                                                                                                    • Instruction Fuzzy Hash: C9517071E00106DBDF2ACF99C840AAEF7B5EF89311F668529EC45A7350E7309E45DB50
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 003AA1A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 003AA1C2
                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 003AA1CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CompatibleCreate
                                                                                                                    • String ID: 3&7
                                                                                                                    • API String ID: 3111197059-2718934256
                                                                                                                    • Opcode ID: 0569728dfa797bf236ae41bd1be637b20e24eeb689505bb4600b8c7932fb6a5b
                                                                                                                    • Instruction ID: 1c406747ad8297c6c11f73d373a42c2e34499296aee57ec45ed67d9eb39982d3
                                                                                                                    • Opcode Fuzzy Hash: 0569728dfa797bf236ae41bd1be637b20e24eeb689505bb4600b8c7932fb6a5b
                                                                                                                    • Instruction Fuzzy Hash: FC31F6B19007009FCB85DF68D8843AA7BF5FF0A301F5046BAD855DE256E7B28645DF90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0033B150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _com_issue_errorex.COMSUPP ref: 0033B19A
                                                                                                                      • Part of subcall function 004A15E0: GetErrorInfo.OLEAUT32(00000000,?), ref: 004A1646
                                                                                                                    Strings
                                                                                                                    • getRootNode ... XMLParser not Initialized ..., xrefs: 0033B1E5
                                                                                                                    • XMLParser, xrefs: 0033B1EF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorInfo_com_issue_errorex
                                                                                                                    • String ID: XMLParser$getRootNode ... XMLParser not Initialized ...
                                                                                                                    • API String ID: 1686768256-3694962709
                                                                                                                    • Opcode ID: 172d9411ce95d7181d0057805dc0f241515ffa8a24883a46a4b8d8a08c34289e
                                                                                                                    • Instruction ID: 0c6bba9687f72dc2028794bcb15d0bc7969a02b5bbb49b9185bc88feb7546f5c
                                                                                                                    • Opcode Fuzzy Hash: 172d9411ce95d7181d0057805dc0f241515ffa8a24883a46a4b8d8a08c34289e
                                                                                                                    • Instruction Fuzzy Hash: E7218E72E05218AFC725CF54C846FAABBA8FF05B24F01465EEC15A7390D775A900CB90
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 002E84C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002E84EB
                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 002E854E
                                                                                                                      • Part of subcall function 004A1C53: _Yarn.LIBCPMT ref: 004A1C72
                                                                                                                      • Part of subcall function 004A1C53: _Yarn.LIBCPMT ref: 004A1C96
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                    • String ID: bad locale name
                                                                                                                    • API String ID: 1908188788-1405518554
                                                                                                                    • Opcode ID: 4b0562eb73c6d2aeb1a5328abb979b14b760466826c6f86a94b6e39bcff164c6
                                                                                                                    • Instruction ID: b4d3f450887d54f7b7b952790ad2bafa0a292f31a166b6f07ef18202535b5c32
                                                                                                                    • Opcode Fuzzy Hash: 4b0562eb73c6d2aeb1a5328abb979b14b760466826c6f86a94b6e39bcff164c6
                                                                                                                    • Instruction Fuzzy Hash: B421F0B0808784EED721CF69C80474BBFF4AF25314F10869ED48597B81D3B9A704CBA5
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 0049F076 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0049F657
                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 0049F73F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                    • String ID: (hW
                                                                                                                    • API String ID: 3761405300-2436164530
                                                                                                                    • Opcode ID: fcae94007cab5ac5df85dd5a099f862af83320ac9e1986c526b33f1dc7a0bdfd
                                                                                                                    • Instruction ID: 6f02699d81b11ea38fa3644be71e5b14d58f6933f20d8f92313cbc4b0f4a19bf
                                                                                                                    • Opcode Fuzzy Hash: fcae94007cab5ac5df85dd5a099f862af83320ac9e1986c526b33f1dc7a0bdfd
                                                                                                                    • Instruction Fuzzy Hash: 9A21DFB4512A00DED704CF1AFD85A547BE4BB68714F20442AE608CB3A1E3B599CDFF49
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00342020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49synchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00001388), ref: 003420A1
                                                                                                                    • CloseHandle.KERNEL32 ref: 003420A9
                                                                                                                    Strings
                                                                                                                    • download is not complete and hence stopping the download now, xrefs: 00342056
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleObjectSingleWait
                                                                                                                    • String ID: download is not complete and hence stopping the download now
                                                                                                                    • API String ID: 528846559-3481887753
                                                                                                                    • Opcode ID: 73a9ebb7386316057710bd948e56357db3a6851d1f0a5127611313157021da8c
                                                                                                                    • Instruction ID: 126ace9bd70167c12b576e87be7d0f04d5f007aeeda91767ffe2d96744db1bc9
                                                                                                                    • Opcode Fuzzy Hash: 73a9ebb7386316057710bd948e56357db3a6851d1f0a5127611313157021da8c
                                                                                                                    • Instruction Fuzzy Hash: 81118E71100B009BD736AF28C809BA7BAE4BF41309F56482DF58AAE2A1DB757844CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00395197 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EmptyH_prolog3Rect
                                                                                                                    • String ID: fT9
                                                                                                                    • API String ID: 1443337074-852066008
                                                                                                                    • Opcode ID: bc75d6d1dc27fb26029e90b9b8fd6feff15d526b4b665d50339e16706b9af68e
                                                                                                                    • Instruction ID: f07fd7bd26e5d152a23db9783ea30654b225c9be9e9947b77d7d33473ff33ee0
                                                                                                                    • Opcode Fuzzy Hash: bc75d6d1dc27fb26029e90b9b8fd6feff15d526b4b665d50339e16706b9af68e
                                                                                                                    • Instruction Fuzzy Hash: 37112AB0A01B02EFD309DF2AC581789FBA0BF19300F90862ED56D87251DB743129CB91
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                    Function 00356121 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 004A35BC: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,004A1905,?,005670A0,?,?,?), ref: 004A361C
                                                                                                                    • __EH_prolog3.LIBCMT ref: 0035615C
                                                                                                                      • Part of subcall function 0036C010: LocalAlloc.KERNEL32(00000040,00000000,?,0035616B,00000164,00000004,0056C118,0055884C,?,?,0056C230,005587EC,?,?,?,00558890), ref: 0036C018
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp, Offset: 002D0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2896595272.00000000002D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000056C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005F8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000005FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000606000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.000000000060B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006BF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2896650324.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897633372.000000000070D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_2d0000_Reader_Install_Setup.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocExceptionH_prolog3LocalRaise
                                                                                                                    • String ID: xO$wO
                                                                                                                    • API String ID: 4284520404-2436730409
                                                                                                                    • Opcode ID: 55d6cc4ee2abfde4cab0f1c8416c8e1798ff7f8be66b64462dd6c200dadf0257
                                                                                                                    • Instruction ID: 44af0db1b2f471d8c40f6d119af73071f7965a60a68fab1685c481d28c60be28
                                                                                                                    • Opcode Fuzzy Hash: 55d6cc4ee2abfde4cab0f1c8416c8e1798ff7f8be66b64462dd6c200dadf0257
                                                                                                                    • Instruction Fuzzy Hash: FEE0D86090030CF7D604FFD18C0BE9D7D9CD705708F50045A760067642EAF4AF084568
                                                                                                                    Uniqueness

                                                                                                                    Uniqueness Score: -1.00%