Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SumatraPDF-3.5.2-64.exe

Overview

General Information

Sample name:SumatraPDF-3.5.2-64.exe
Analysis ID:1467016
MD5:c02dc2ca96fe9841963883c0fe177399
SHA1:7e42e66e9198c258da48a6194577e3dbd424463a
SHA256:290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Contains capabilities to detect virtual machines
Found large amount of non-executed APIs
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)

Classification

Process Tree

  • System is w7x64
  • SumatraPDF-3.5.2-64.exe (PID: 2544 cmdline: "C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe" MD5: C02DC2CA96FE9841963883C0FE177399)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SumatraPDF-3.5.2-64.exeStatic PE information: certificate valid
Source: SumatraPDF-3.5.2-64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source: Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source: Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/documentstructure
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://schemas.openxps.org/oxps/v1.0/fixedrepresentation
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://www.idpf.org/2007/opf
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: http://www.idpf.org/2007/opfapplication/xhtml
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://://https://translate.google.com/?op=translate&sl=auto&tl=$
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.deepl.com/translator#-/$
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.google.com/search?q=$
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa
Source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/manualArialwebsiteArial
Source: SumatraPDF-3.5.2-64.exe, SumatraPDF-settings.txt.0.drString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress
Source: classification engineClassification label: clean1.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeFile created: C:\Users\user\Desktop\SumatraPDF-settings.txtJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeMutant created: NULL
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: 64-.\n\n 64- tl:Nag-i-install ka n
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: sv:Kunde inte hitta SumatraPDF-installation. ta:PDF . th:
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: run-install-now
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: ssilentprint-to-defaultprint-dialogh?helpexit-when-doneexit-on-printrestrictpresentationfullscreeninvertcolorsinvert-colorsconsoleinstalluninstallwith-filterwith-searchwith-previewrandregressxtestertestappnew-windowlogcrash-on-openreuse-instanceesc-to-exitenum-printerssleep-msprint-toprint-settingsinverse-searchforward-searchfwdsearchnameddestnamed-destpageviewzoomscrollappdatapluginstress-testnmaxrenderextract-textbenchdinstall-dirlangupdate-self-todelete-filebgcolorbg-colorfwdsearch-offsetfwdsearch-widthfwdsearch-colorfwdsearch-permanentmanga-modesearchall-usersallusersrun-install-nowtest-browseraddeset-color-rangeCall to EnumPrinters failed with error %#xSumatraPDF - EnumeratePrinters, default%s (Port: %s, attributes: %#x%s)
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: -run-install-now
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: -install-dir "
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: allUsers but not elevated: re-starting as elevated
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: TopRightBottomLeftDxDy#000000#ffffff#f5fc0cTextColorBackgroundColorSelectionColorWindowMarginPageSpacingGradientColorsInvertColorsHideScrollbarsWindowMarginPageSpacingCbxMangaModeUseFixedPageUIURLNameCommandLineNameFiltershrinkPrintScale#6581ffHighlightOffsetHighlightWidthHighlightColorHighlightPermanent#ffff00#00ff00#ff00ff#ff0000HighlightColorUnderlineColorSquigglyColorStrikeOutColorFreeTextColorFreeTextSizeFreeTextBorderWidthTextIconColorTextIconTypeDefaultAuthorCmdKeyXYDxDyNamePageNoPageLabel0XYFilePathFavoritesIsPinnedIsMissingOpenCountDecryptionKeyUseDefaultStateDisplayModeScrollPosPageNoZoomRotationWindowStateWindowPosShowTocSidebarDxDisplayR2LReparseIdxTocStateFilePathDisplayModePageNoZoomRotationScrollPosShowTocTocStateTabStatesTabIndexWindowStateWindowPosSidebarDxDwHighDateTimeDwLowDateTimeFor documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400#80fff200Settings below are not recognized by the current versionThemeFixedPageUIComicBookUIChmUISelectionHandlersExternalViewersZoomLevelsZoomIncrementPrinterDefaultsForwardSearchAnnotationsDefaultPasswordsRememberOpenedFilesRememberStatePerDocumentRestoreSessionUiLanguageInverseSearchCmdLineEnableTeXEnhancementsDefaultDisplayModeDefaultZoomShortcutsEscToExitReuseInstanceReloadModifiedDocumentsMainWindowBackgroundFullPathInTitleShowMenubarShowToolbarShowFavoritesShowTocNoHomeTabTocDySidebarDxToolbarSizeTabWidthTreeFontSizeTreeFontWeightOffsetTreeFontNameSmoothScrollShowStartPageCheckForUpdatesVersionToSkipWindowStateWindowPosUseTabsUseSysColorsCustomScreenDPIFileStatesSessionDataReopenOnceTimeOfLastUpdateCheckOpenCountWeekSumatraPDF.exesumatra-install-log.txtExtractFiles(): dir '%s'
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: -run-install-now -all-users -with-filter -with-preview -silent -log -install-dir "Re-launching '%s' as elevated, args
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: writes installation log to %LOCALAPPDATA%\sumatra-install-log.txt
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-installation</a>.SumatraPDF installer${appName}${appName} installer options:
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments<a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>SumatraPDF installer usageSumatraPDF is running as admin and cannot open files from a non-admin processNot a valid installerrb<a href="https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316">Read more about this error</a>this is not a SumatraPDF installer, -x option not available
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: re-launching '%s' with args '%s' as elevated
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: -install
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: sumatra-installer
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: Do you want to install new version?New version availableDon't installSumatraPDF UpdateSkip this versionInstall and relaunch -sleep-ms 500 -exit-when-done -update-self-to "%s" -installsumatra-installerNotifyUserOfUpdate: installer cmd: '%s'
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: tl:&Magpatuloy sa pag-install ng 32-bit na bersyon
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: tl:Hindi ma-install ang PDF previewer
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: tl:Hindi ma-install ang PDF search filter
Source: SumatraPDF-3.5.2-64.exeString found in binary or memory: tl:Huwag i-install
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: cscdll.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeWindow found: window name: SysTabControl32Jump to behavior
Source: SumatraPDF-3.5.2-64.exeStatic PE information: certificate valid
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SumatraPDF-3.5.2-64.exeStatic file information: File size 16065496 > 1048576
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x59b200
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x279400
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x62d600
Source: SumatraPDF-3.5.2-64.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SumatraPDF-3.5.2-64.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SumatraPDF-3.5.2-64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Bookmark Shortcuts%.2flnkfitwidthfitpage"%s" -page %d -view "%s" -zoom %s -scroll %d,%dfitcontentSelect folder with PDF filesBookmark shortcut to page %s of %s*.xps;*.oxps*.pdf*.ps;*.eps*.djvu*.chm*.cbz;*.cbr;*.cb7;*.cbt*.svgSVG documents*.mobi*.epub*.pdb;*.prc*.fb2;*.fb2z;*.zfb2;*.fb2.zip*.bmp;*.dib;*.gif;*.jpg;*.jpeg;*.jxr;*.png;*.tga;*.tif;*.tiff;*.webp;*.heic;*.avifImagesAll supported documents*.txt;*.log;*.nfo;file_id.diz;read.me;*.tcrVK_DOWN source: SumatraPDF-3.5.2-64.exe
Source: Binary string: SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\kjk\src\sumatrapdf\out\rel64\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: SumatraPDF-3.5.2-64.exe
Source: Binary string: </html>.pdb<<html> source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\user\Desktop\crashinfo\libmupdf.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: C:\Users\user\Desktop\crashinfo\SumatraPDF-dll.pdb source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SumatraPDF.pdbSumatraPDF-dll.pdblibmupdf.pdbInstallCrashHandler: skipping because !crashDumpPath source: SumatraPDF-3.5.2-64.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa% source: SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libmupdf.pdb source: SumatraPDF-3.5.2-64.exe
Source: Binary string: ITSF.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfoo.epubfoo.JP2Rar! source: SumatraPDF-3.5.2-64.exe
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SumatraPDF-3.5.2-64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: SumatraPDF-3.5.2-64.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeAPI coverage: 6.9 %
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeCode function: 0_2_0000000140134BD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0000000140134BD8
Source: SumatraPDF-3.5.2-64.exeBinary or memory string: Shell_TrayWndKillProcessesUsingInstallation()
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exeCode function: 0_2_0000000140134F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0000000140134F68

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SumatraPDF-3.5.2-64.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)0%Avira URL Cloudsafe
http://www.idpf.org/2007/opf0%Avira URL Cloudsafe
http://www.idpf.org/2007/opfapplication/xhtml0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.330%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/discussions/23160%Avira URL Cloudsafe
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:0%Avira URL Cloudsafe
https://www.google.com/search?q=$0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/manualArialwebsiteArial0%Avira URL Cloudsafe
http://docs.oasis-open.org/ns/office/1.2/meta/pkg#0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF0%Avira URL Cloudsafe
http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/discussions0%Avira URL Cloudsafe
http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreade0%Avira URL Cloudsafe
http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/settings/settings3-5-1.html0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/update-check-rel.txt0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments0%Avira URL Cloudsafe
http://www.gribuser.ru/xml/fictionbook/2.00%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.20%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Contribute-translation0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/0%Avira URL Cloudsafe
https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64P0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerel0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgress0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a14464879041750%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Corrupted-installation0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Keyboard-shortcuts0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Submit-crash-report.html0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdf0%Avira URL Cloudsafe
https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS0%Avira URL Cloudsafe
https://sumatra-website.onrender.com/update-check-rel.txt0%Avira URL Cloudsafe
https://://https://translate.google.com/?op=translate&sl=auto&tl=$0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Version-history.html0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.0%Avira URL Cloudsafe
http://www.daisy.org/z3986/2005/ncx/0%Avira URL Cloudsafe
https://www.deepl.com/translator#-/$0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/manual0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/download-free-pdf-viewer0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.idpf.org/2007/opfSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.idpf.org/2007/opfapplication/xhtmlSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/settings/settings3-5-1.html8.33SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlShowCrashHandlerMessage:SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtdSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.google.com/search?q=$SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/manualArialwebsiteArialSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://docs.oasis-open.org/ns/office/1.2/meta/pkg#SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/discussions/2316SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDFSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175)SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://docs.oasis-open.org/ns/office/1.2/meta/pkg#DocumentSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/download-free-pdf-viewer-------------SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFileSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/discussionsSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/settings/settings3-5-1.htmlSumatraPDF-3.5.2-64.exe, SumatraPDF-settings.txt.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORShttps://github.com/sumatrapdfreadeSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFileSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/update-check-rel.txtSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Installer-cmd-line-argumentsSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.gribuser.ru/xml/fictionbook/2.0SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORSSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Contribute-translationSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsaSumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/dl/prerel/PRE_RELEASE_VER/SumatraPDF-prerelSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://sumatra-website.onrender.com/update-check-rel.txtInstaller64LatestInstaller32InstallerArm64PSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgressSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/commit/646d1feddcc80b3b51072c5b27a1446487904175SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Corrupted-installationSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Keyboard-shortcutsSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Keyboard-shortcutssumatrapdfrestrict.inihttps://www.sumatrapdfSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://://https://translate.google.com/?op=translate&sl=auto&tl=$SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/dl/rel/SumatraPDF-3.5.2-64.pdb.lzsa%SumatraPDF-3.5.2-64.exe, 00000000.00000002.651982488.000000000040E000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://sumatra-website.onrender.com/update-check-rel.txtSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/docs/Version-history.htmlSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/URLUpdateInfohttps://www.sumatrapdfreader.org/docs/Version-history.SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    http://www.daisy.org/z3986/2005/ncx/SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.deepl.com/translator#-/$SumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/manualSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sumatrapdfreader.org/download-free-pdf-viewerSumatraPDF-3.5.2-64.exefalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1467016
    Start date and time:2024-07-03 16:28:25 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 12m 45s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
    Number of analysed new started processes analysed:4
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:SumatraPDF-3.5.2-64.exe
    Detection:CLEAN
    Classification:clean1.winEXE@1/1@0/0
    EGA Information:
    • Successful, ratio: 100%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Max analysis timeout: 600s exceeded, the analysis took too long
    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net
    • Report size getting too big, too many NtCreateFile calls found.
    • Report size getting too big, too many NtEnumerateValueKey calls found.
    • VT rate limit hit for: SumatraPDF-3.5.2-64.exe

    Simulations

    Behavior and APIs

    TimeTypeDescription
    10:29:33API Interceptor516x Sleep call for process: SumatraPDF-3.5.2-64.exe modified

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    bg.microsoft.map.fastly.nethttps://www.filemail.com/t/RuKZYfeBGet hashmaliciousHTMLPhisherBrowse
    • 199.232.210.172
    kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
    • 199.232.214.172
    SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.6737.3783.exeGet hashmaliciousAgentTeslaBrowse
    • 199.232.210.172
    dhl_awb_shipping_doc_03072024224782020031808174CN18030724000000324(991KB).vbsGet hashmaliciousUnknownBrowse
    • 199.232.214.172
    https://url7304.disco-mailer.net/ls/click?upn=u001.DWLeRfOXStcSaUNphm6ZnGquuezyvOF0FIuLMCSCrIQ9t3e8n3fjexKHJjVTV-2BQUFT1dnxR3BcyXaxz-2BblhjX71zswvTIlAGm31luuFhJgeOGXb3dn9Itq74-2Fe-2BlKg-2Bs0-2F4odRns7kSdvfqBhyqSbrYsnPmx4SeDwlRdlhHbM3UucitnipcwJ1gR7h8DzOIUWsvEslHUA8FsNTNWtsq3Q-2FU-2FPeBtGbo-2Fx3kgcXxAZuE-3DPmkq_5KlZmZKASPtIpYbHU6HHQmxS-2FHe3g010GX01BBBmlalJnMdBClXoEYQADKPWInqgHw-2B5921oa-2Fum9DxIHV8wgOarlsOnYJwzp6I2lNDfeCQdFcL55956QetBM0U9iihLLCXzc7MWVFcQDUwnaU8PUgQFrTwK63nQhJu8ngVllYSJR-2BUamfX7Ej8Gpp4vMWsL8t65JTtpjdFVQ36IgP-2B2LxLYSj9SfdmLAt97TCVXHWn7xANKqYpl-2BYx09SetkszDOjJuUV9L9bqZ-2FbmClOsUrPLylG74RJ8zQAREr7-2BUktmlWKoc8C7oqqTOKv340mZnTc-2FztCVjFgPMm1Bz5lR5AptUVEvvSBboXVGluKKoNkkMFkS-2BmNybyD3Aa-2BX8UZ5sGet hashmaliciousHTMLPhisherBrowse
    • 199.232.214.172
    https://inpzk.useringimportdulcimer.ink/?=vxkncwole9Get hashmaliciousHTMLPhisherBrowse
    • 199.232.214.172
    1C769A32-2CBF-4738-9013-480E0434BAEF_06182024030338389.exeGet hashmaliciousScreenConnect ToolBrowse
    • 199.232.214.172
    https://u6071375.ct.sendgrid.net/ls/click?upn=u001.jNebCYco-2BJgBMGJDj1kJWP39IKixFvDeSBij1PLovvXT0hkMSWjEhuIEgwQ-2F309CwGFmoY6-2Bl45VLW7K9Sd8-2Fg-3D-3Dm1D8_bgsmQmhs-2BDkrnAcljUiGIti1-2F3303-2FliL2Lyr586-2FN9rAlBFKILfRyjObk6Iz5-2FtMSxC-2FhiWOZXbqnmzeZXBiy3CSpPIYxz2-2BTcFMtFX6z-2FFKaL9cuMNNsd9H8Soth9M-2BiGwIhw5kRyphke6a8RYyV0rtdDONsX7lNk6Cr796v-2FIJZ8nzBJ39o6b-2FDySakEM-2B9nvScrgUWzDogJp7LxfPQ-3D-3DGet hashmaliciousHTMLPhisherBrowse
    • 199.232.210.172
    La1EGA8voq.exeGet hashmaliciousRemcosBrowse
    • 199.232.210.172
    https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFhSZp6GshBFVdVLEzBsru52fhlDAZ8Q3OfCA-2F-2Bk2qB9l25yp_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZM3qYZS8WARR8FVyg-2FqvoINWytiD-2FheyMDzu6v-2BoRt5KWyPoztbWkeGPmxB3DyZYTb9a0dAMPLFunr2Ay3ayAFAAvKLYcNXJh5TbSbsyQLthHxBhJhxiFX8keWC7AD3Hw3SgmU-2Be6lkIQuq7tgnHL9CbCr8GEaIyKgtaL1D3uFR7kdAbCakzZIHLBzzIP6uu3b9lr3L70N6m-2FPL5vz2WpJ-2B4Z2WkXjdKV6CAWTeZlidHHDlZecGQIcrIqiWGF6jpeY-3D#Dsonya.buzzard@aggregate.comGet hashmaliciousUnknownBrowse
    • 199.232.214.172

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\Desktop\SumatraPDF-settings.txt

    Download File
    Process:C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe
    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
    Category:dropped
    Size (bytes):1900
    Entropy (8bit):5.178903367295074
    Encrypted:false
    SSDEEP:48:bsGMk3jjseCLuvkkKtY/K0iswT415VPv4CBzqjHB:AGMk3kehkkKtY/Fix4BvvQB
    MD5:24F296183D3CB208BBE982476AB93154
    SHA1:93F0BB240742A555FA5477E759D6429BE988D71A
    SHA-256:6255EEAED0A76F17867D6E2CD83D3DA25A027E5B1D7EF63E245F7B73B3CD6946
    SHA-512:2931F4870B41AA7815BECD11E1AEA44220DD7523A6BD6E9138142DC87AB765023BA11D00C8DBA97A1F0D367D458E20CD7583D399DCB5C6B55723DF9212A17664
    Malicious:false
    Reputation:low
    Preview:.# For documentation, see https://www.sumatrapdfreader.org/settings/settings3-5-1.html..Theme = Light..FixedPageUI [...TextColor = #000000...BackgroundColor = #ffffff...SelectionColor = #f5fc0c...WindowMargin = 2 4 2 4...PageSpacing = 4 4...InvertColors = false...HideScrollbars = false..]..ComicBookUI [...WindowMargin = 0 0 0 0...PageSpacing = 4 4...CbxMangaMode = false..]..ChmUI [...UseFixedPageUI = false..]....SelectionHandlers [..]..ExternalViewers [..]....ZoomLevels = 8.33 12.5 18 25 33.33 50 66.67 75 100 125 150 200 300 400 600 800 1000 1200 1600 2000 2400 3200 4800 6400..ZoomIncrement = 0....PrinterDefaults [...PrintScale = shrink..]..ForwardSearch [...HighlightOffset = 0...HighlightWidth = 15...HighlightColor = #6581ff...HighlightPermanent = false..]..Annotations [...HighlightColor = #ffff00...UnderlineColor = #00ff00...SquigglyColor = #ff00ff...StrikeOutColor = #ff0000...FreeTextColor = ...FreeTextSize = 12...FreeTextBorderWidth = 1...TextIconColor = ...TextIconType = ...Defa

    Static File Info

    General

    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):7.0278259579196165
    TrID:
    • Win64 Executable GUI (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:SumatraPDF-3.5.2-64.exe
    File size:16'065'496 bytes
    MD5:c02dc2ca96fe9841963883c0fe177399
    SHA1:7e42e66e9198c258da48a6194577e3dbd424463a
    SHA256:290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0
    SHA512:d7acf551d0764fcfb9a895701679981f76b2ff73f99bce5da2c6c3f2f0556ee33f45d0d98848fee96a6ccfa24e09c26303705c5f094e945e647f53f7e4716faf
    SSDEEP:393216:Y6OPZedL1pUAuPXiuZ08RBCxXJq3oeNy8x:KedJp9uPXiuZ08RBCxXJxWy8x
    TLSH:B0F69D96B2945AB4D142FA3CC91183AEF22DFC5C5B51838342DA7D746E733A81C29FB1
    File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........................................................................V...............................e............S..b....S.....

    File Icon

    Icon Hash:07e1f996ba8aca55

    Static PE Info

    General

    Entrypoint:0x1405548c4
    Entrypoint Section:.text
    Digitally signed:true
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Time Stamp:0x6538CEF7 [Wed Oct 25 08:16:55 2023 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:b60d142e4e08a961cef4281a2d95eda1

    Authenticode Signature

    Signature Valid:true
    Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
    Signature Validation Error:The operation completed successfully
    Error Number:0
    Not Before, Not After
    • 5/23/2021 8:00:00 PM 8/23/2024 7:59:59 PM
    Subject Chain
    • CN=Krzysztof Kowalczyk, O=Krzysztof Kowalczyk, L=San Diego, S=California, C=US
    Version:3
    Thumbprint MD5:26EC7DA902C98B5E1B1E6F563968F3AE
    Thumbprint SHA-1:D362E5044F9E7DC7D84B1EA26BB53ADF6A79E84D
    Thumbprint SHA-256:B8FBBAFE0BA712899CA1B03DB143695DD1A1B673FB4FAB386CAB466B4EE3A8F0
    Serial:00C8A79ACFA20CA41509245C1F7F64FFC4

    Entrypoint Preview

    Instruction
    dec eax
    sub esp, 28h
    call 00007F9C70879C40h
    dec eax
    add esp, 28h
    jmp 00007F9C7087941Fh
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    int3
    nop word ptr [eax+eax+00000000h]
    dec eax
    cmp ecx, dword ptr [008CC119h]
    jne 00007F9C708795B2h
    dec eax
    rol ecx, 10h
    test cx, FFFFh
    jne 00007F9C708795A3h
    ret
    dec eax
    ror ecx, 10h
    jmp 00007F9C708798A3h
    int3
    int3
    jmp 00007F9C7088CC98h
    int3
    int3
    int3
    jmp 00007F9C70879598h
    int3
    int3
    int3
    inc eax
    push ebx
    dec eax
    sub esp, 20h
    dec eax
    lea eax, dword ptr [0004A7DBh]
    dec eax
    mov ebx, ecx
    dec eax
    mov dword ptr [ecx], eax
    test dl, 00000001h
    je 00007F9C708795ACh
    mov edx, 00000018h
    call 00007F9C7087957Bh
    dec eax
    mov eax, ebx
    dec eax
    add esp, 20h
    pop ebx
    ret
    int3
    dec eax
    sub esp, 28h
    call 00007F9C7087A130h
    test eax, eax
    je 00007F9C708795C3h
    dec eax
    mov eax, dword ptr [00000030h]
    dec eax
    mov ecx, dword ptr [eax+08h]
    jmp 00007F9C708795A7h
    dec eax
    cmp ecx, eax
    je 00007F9C708795B6h
    xor eax, eax
    dec eax
    cmpxchg dword ptr [008EFB30h], ecx
    jne 00007F9C70879590h
    xor al, al
    dec eax
    add esp, 28h
    ret
    mov al, 01h
    jmp 00007F9C70879599h
    int3
    int3
    int3
    inc eax
    push ebx
    dec eax

    Data Directories

    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IMPORT0x812a980xdc.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0xed20000xe0258.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0xeaf0000x21e7c.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0xf4d8000x4bd8.rsrc
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xfb30000x9170.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x7f1f600x70.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x7f20000x28.rdata
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5a9c600x140.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x59d0000x1128.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x81147c0xe0.rdata
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

    Sections

    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x59b1e40x59b200503b41bd8b2c2ba39327e60a2b1797f1unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x59d0000x2792900x27940014ef811286d37dbb54bcc47206717044unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x8170000x6972780x62d600de4ad32ce98fd7772fa90ca2d0ed8b5aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0xeaf0000x21e7c0x22000d2221f544567f88c907ea454206c35ddFalse0.5113381778492647data6.3091803857365685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    _RDATA0xed10000x15c0x200089d101f3919aa13556907694bc92ddfFalse0.419921875data3.292991650879148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0xed20000xe02580xe04005e5589d2ac272c4d073f658deb8ec97fFalse0.4159688109671126data6.65346150992118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xfb30000x91700x9200d29ee96fa252a54bb44b8f4291855f74False0.1701359160958904data5.460504125280082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

    Resources

    NameRVASizeTypeLanguageCountryZLIB Complexity
    RT_CURSOR0xfb21080x134dataEnglishUnited States0.29545454545454547
    RT_BITMAP0xfb07680x328Device independent bitmap graphic, 16 x 16 x 24, image size 768EnglishUnited States0.7091584158415841
    RT_ICON0xf598c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.3829957356076759
    RT_ICON0xf5a7680x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.4381768953068592
    RT_ICON0xf5b0100x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.33598265895953755
    RT_ICON0xf5b5780x3addPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9757780874643307
    RT_ICON0xf5f0580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.312551867219917
    RT_ICON0xf616000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3785178236397749
    RT_ICON0xf626a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5815602836879432
    RT_ICON0xf62b780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6060767590618337
    RT_ICON0xf63a200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.7635379061371841
    RT_ICON0xf642c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7695086705202312
    RT_ICON0xf648300xeec1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9984457060584742
    RT_ICON0xf736f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.42012448132780084
    RT_ICON0xf75ca00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.5684803001876173
    RT_ICON0xf76d480x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7092198581560284
    RT_ICON0xf772180x42a9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9773220041019631
    RT_ICON0xf7b4c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 131072EnglishUnited States0.07738376907606767
    RT_ICON0xf8bcf00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 32768EnglishUnited States0.11118327822390174
    RT_ICON0xf8ff180x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 18432EnglishUnited States0.12531120331950207
    RT_ICON0xf924c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192EnglishUnited States0.15196998123827393
    RT_ICON0xf935680x468Device independent bitmap graphic, 16 x 32 x 32, image size 2048EnglishUnited States0.2473404255319149
    RT_ICON0xf93a300x47cePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9778043738439778
    RT_ICON0xf982000x10828Device independent bitmap graphic, 128 x 256 x 32, image size 131072EnglishUnited States0.08258902164911866
    RT_ICON0xfa8a280x4228Device independent bitmap graphic, 64 x 128 x 32, image size 32768EnglishUnited States0.11478507321681625
    RT_ICON0xfacc500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 18432EnglishUnited States0.13101659751037345
    RT_ICON0xfaf1f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192EnglishUnited States0.16064727954971858
    RT_ICON0xfb02a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 2048EnglishUnited States0.2526595744680851
    RT_DIALOG0xfb0a900x140dataEnglishUnited States0.55
    RT_DIALOG0xfb0e700x1c0dataEnglishUnited States0.515625
    RT_DIALOG0xfb0d680x102dataEnglishUnited States0.624031007751938
    RT_DIALOG0xfb10300xd0dBase III DBT, next free block index 4294901761EnglishUnited States0.6586538461538461
    RT_DIALOG0xfb11000x4b4dataEnglishUnited States0.4418604651162791
    RT_DIALOG0xfb0bd00x198dataEnglishUnited States0.5563725490196079
    RT_DIALOG0xfb15b80x10cdataEnglishUnited States0.5970149253731343
    RT_DIALOG0xfb16c80x2acdataEnglishUnited States0.4283625730994152
    RT_DIALOG0xfb19780x148dataEnglishUnited States0.5914634146341463
    RT_RCDATA0xed2bd00x86cebUnicode text, UTF-8 textEnglishUnited States0.41135626463541186
    RT_GROUP_CURSOR0xfb22400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
    RT_GROUP_ICON0xf62b100x68dataEnglishUnited States0.7019230769230769
    RT_GROUP_ICON0xf771b00x68dataEnglishUnited States0.7211538461538461
    RT_GROUP_ICON0xf939d00x5adataEnglishUnited States0.7777777777777778
    RT_GROUP_ICON0xfb07080x5adataEnglishUnited States0.7777777777777778
    RT_VERSION0xed29600x26cdataEnglishUnited States0.5145161290322581
    RT_MANIFEST0xfb1ac00x643XML 1.0 document, ASCII textEnglishUnited States0.42732376793512167

    Imports

    DLLImport
    COMCTL32.dllImageList_EndDrag, ImageList_Add, ImageList_DragEnter, ImageList_DragMove, ImageList_BeginDrag, ImageList_Create, ImageList_AddMasked, InitCommonControlsEx, ImageList_Destroy, CreatePropertySheetPageW, ImageList_GetIconSize, ImageList_Draw
    KERNEL32.dllSystemTimeToFileTime, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetLogicalDrives, CloseHandle, FindResourceW, GetModuleHandleW, MulDiv, VerSetConditionMask, VerifyVersionInfoW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapCreate, HeapFree, GetCurrentProcess, TerminateProcess, GetEnvironmentVariableA, WaitForSingleObject, GetCurrentThreadId, GetLocaleInfoA, CreateToolhelp32Snapshot, QueryPerformanceFrequency, Sleep, IsDebuggerPresent, DebugBreak, CreateMutexW, ReleaseMutex, DecodePointer, LoadLibraryExA, WriteConsoleW, GetStringTypeW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindFirstFileExW, GetTimeZoneInformation, HeapSize, GetProcessHeap, SetStdHandle, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, LCMapStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, GetConsoleOutputCP, ReadConsoleW, SetEnvironmentVariableW, GetModuleHandleExW, FreeLibraryAndExitThread, SetFilePointerEx, LCMapStringEx, TlsFree, InitializeCriticalSectionAndSpinCount, EncodePointer, RtlUnwind, RtlPcToFileHeader, RtlUnwindEx, InitializeCriticalSectionEx, GetStartupInfoW, InitializeSListHead, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, CreateSemaphoreW, GetProcessAffinityMask, ReleaseSemaphore, GetConsoleMode, MoveFileW, FlushFileBuffers, GetFileType, SetEndOfFile, CreateHardLinkW, RemoveDirectoryW, DeviceIoControl, SetThreadPriority, SetLastError, SetConsoleCtrlHandler, GetCurrentDirectoryW, FoldStringW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, TzSpecificLocalTimeToSystemTime, IsDBCSLeadByte, GetCPInfo, CompareStringW, AreFileApisANSI, LocalFileTimeToFileTime, RaiseException, FileTimeToDosDateTime, FileTimeToLocalFileTime, SetThreadContext, FlushInstructionCache, VirtualAlloc, VirtualFree, VirtualProtect, GetSystemDirectoryW, OpenThread, VirtualQuery, GetThreadContext, GetModuleHandleA, ResumeThread, SuspendThread, Thread32First, Thread32Next, AllocConsole, FormatMessageA, CreateProcessW, InitializeSRWLock, InitializeConditionVariable, GetThreadGroupAffinity, InitOnceBeginInitialize, InitOnceComplete, WakeConditionVariable, GetEnvironmentVariableW, FreeLibrary, LoadLibraryW, OutputDebugStringW, LoadLibraryExW, GetProcAddress, GetModuleFileNameW, GetFileAttributesW, OutputDebugStringA, GetTempPathW, GetUserDefaultUILanguage, MapViewOfFile, CreateFileMappingW, UnmapViewOfFile, SetErrorMode, GetDateFormatW, GetTimeFormatW, MoveFileExW, LoadResource, LockResource, SizeofResource, SetThreadExecutionState, GlobalAddAtomW, GlobalDeleteAtom, GetTickCount, GetSystemTime, GlobalUnlock, GlobalLock, GlobalFree, GlobalAlloc, GetCurrentThread, Process32FirstW, Process32NextW, OpenProcess, ExitProcess, GetCommandLineW, GetLastError, SetUnhandledExceptionFilter, Module32NextW, PeekNamedPipe, LocalFree, SetCurrentDirectoryW, LoadLibraryA, AttachConsole, GetVersionExW, GetStdHandle, SetConsoleScreenBufferSize, GetCurrentProcessId, HeapDestroy, AddVectoredExceptionHandler, GlobalMemoryStatusEx, Module32FirstW, HeapAlloc, CreateThread, GetSystemInfo, HeapReAlloc, SetEvent, GetConsoleScreenBufferInfo, ReadDirectoryChangesW, QueueUserAPC, ResetEvent, ExitThread, WaitForMultipleObjectsEx, CompareFileTime, CancelIo, GetFileTime, GetDriveTypeW, GetTempFileNameW, CopyFileW, DeleteFileW, GetFileAttributesExW, GetFileInformationByHandle, SetFileAttributesW, GetVolumePathNameW, SetFileTime, GetDriveTypeA, GetPrivateProfileIntW, CreateEventW, GetShortPathNameW, GetLongPathNameW, WritePrivateProfileStringW, GetFileSizeEx, GetACP, MultiByteToWideChar, GetExitCodeProcess, ReadFile, SetFilePointer, TlsSetValue, TlsAlloc, TlsGetValue, CreateEventA, GetModuleFileNameA, GetFullPathNameA, FindClose, FindFirstFileW, GetFullPathNameW, FindNextFileW, lstrcpynW, GetWindowsDirectoryW, WideCharToMultiByte, GetLocaleInfoW, SetNamedPipeHandleState, WriteFile, CreateFileW, CreateDirectoryW
    USER32.dllSystemParametersInfoW, GetMessagePos, WindowFromDC, IsWindowEnabled, GetUpdateRect, SetRectEmpty, GetClassInfoExW, RegisterWindowMessageW, GetCursorPos, ClientToScreen, SetLayeredWindowAttributes, DeferWindowPos, GetPropW, RemovePropW, BeginDeferWindowPos, SetPropW, EndDeferWindowPos, HideCaret, SetClassLongPtrW, ShowCaret, IsCharAlphaNumericW, WindowFromPoint, GetWindowThreadProcessId, GetMessageW, AllowSetForegroundWindow, LoadBitmapW, TranslateAcceleratorW, LoadCursorW, GetClassNameW, SetParent, MapVirtualKeyW, ScreenToClient, IsWindow, CharLowerBuffW, GetAncestor, IsCharUpperW, CheckRadioButton, EndDialog, SetDlgItemTextW, SendDlgItemMessageW, DialogBoxIndirectParamW, IsDlgButtonChecked, BringWindowToTop, SetWindowLongW, CheckDlgButton, DialogBoxParamW, MoveWindow, OpenClipboard, CloseClipboard, EmptyClipboard, ReuseDDElParam, ShowWindowAsync, IsWindowUnicode, UnpackDDElParam, ModifyMenuW, CheckMenuRadioItem, GetMenuItemID, GetMenu, SetMenuItemInfoW, SetMenu, DrawTextExW, InsertMenuW, GetWindowLongW, GetWindow, FindWindowExW, GetFocus, IsChild, MessageBeep, GetDesktopWindow, UpdateWindow, MessageBoxW, MsgWaitForMultipleObjects, DispatchMessageW, SendMessageW, PeekMessageW, TranslateMessage, GetDlgItem, PostQuitMessage, PostMessageW, EnableWindow, MessageBoxA, CreateMenu, LoadIconW, SetActiveWindow, DestroyWindow, GetMenuItemInfoW, GetSystemMenu, CallWindowProcW, GetWindowRect, IsWindowVisible, SetWindowPos, GetMenuItemCount, SetWindowLongPtrW, CreateWindowExW, CreatePopupMenu, GetWindowLongPtrW, RegisterClassExW, GetClassLongPtrW, SendInput, DdeFreeStringHandle, DdeDisconnect, DrawTextW, CheckMenuItem, SetClipboardData, DdeFreeDataHandle, DdeClientTransaction, DdeUninitialize, DdeInitializeW, TrackMouseEvent, GetMonitorInfoW, GetWindowInfo, DdeConnect, DdeCreateStringHandleW, DestroyCursor, EnumDisplayMonitors, MonitorFromWindow, MonitorFromRect, CopyImage, GetKeyState, AdjustWindowRectEx, OemToCharA, CharToOemA, OemToCharBuffA, CharLowerW, CharUpperW, CharToOemBuffW, TrackPopupMenu, ShowWindow, InvalidateRgn, OffsetRect, RedrawWindow, MapWindowPoints, SetMenuDefaultItem, GetSysColor, GetForegroundWindow, DestroyAcceleratorTable, DestroyMenu, FindWindowW, GetWindowDC, TrackPopupMenuEx, RemoveMenu, GetClientRect, IsZoomed, AppendMenuW, DrawIconEx, EnableMenuItem, DrawEdge, GetParent, DrawFrameControl, InvalidateRect, SetScrollInfo, DefWindowProcW, ShowScrollBar, GetDC, FillRect, GetCursor, GetScrollInfo, GetScrollPos, GetCapture, SetTimer, SetFocus, SetCapture, SetCursor, KillTimer, ReleaseCapture, IsIconic, ReleaseDC, GetSystemMetrics, BeginPaint, SetForegroundWindow, EndPaint, CreateAcceleratorTableW, IsDialogMessageW
    GDI32.dllSetROP2, GetObjectA, GetTextExtentPoint32W, ExtTextOutW, GetObjectW, CreateDIBSection, GetTextExtentPoint32A, SetLayout, CreateRoundRectRgn, SelectClipRgn, RoundRect, BitBlt, StartPage, AbortDoc, EndDoc, CreateDCW, GetDeviceCaps, SetMapMode, StartDocW, EndPage, Polyline, LineTo, MoveToEx, SetBkColor, Ellipse, CreateFontIndirectW, CreatePatternBrush, CreateBitmap, SetBkMode, GetClipBox, CreateRectRgn, SetViewportOrgEx, ExcludeClipRect, ExtSelectClipRgn, SetBrushOrgEx, SelectObject, CreateCompatibleDC, PatBlt, StretchBlt, GetStockObject, DeleteDC, SetTextColor, CreatePen, Rectangle, DeleteObject, CreateSolidBrush, GetDIBColorTable, SetWorldTransform, SetStretchBltMode, SetDIBits, TextOutW, GetDIBits, SetGraphicsMode, SetDIBColorTable, CreateCompatibleBitmap
    WINSPOOL.DRVDocumentPropertiesW, OpenPrinterW, GetPrinterW, EnumPrintersW, DeviceCapabilitiesW, ClosePrinter
    COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
    ADVAPI32.dllCryptDestroyHash, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExW, RegGetValueW, RegEnumKeyW, InitializeSecurityDescriptor, CheckTokenMembership, FreeSid, OpenProcessToken, RegSetKeySecurity, SetFileSecurityW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptAcquireContextW, CryptCreateHash, CryptHashData, RegOpenKeyExW, CryptGetHashParam, CryptReleaseContext, SetSecurityDescriptorDacl, AllocateAndInitializeSid
    SHELL32.dllSHGetDesktopFolder, ShellExecuteExW, DragAcceptFiles, SHChangeNotify, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHGetMalloc, DragFinish, DragQueryFileW, SHBindToParent, SHAddToRecentDocs, SHGetFolderPathW, SHFileOperationW, CommandLineToArgvW
    ole32.dllCoSetProxyBlanket, CreateStreamOnHGlobal, CoInitialize, CoCreateInstance, OleUninitialize, OleInitialize, CoTaskMemAlloc, CoTaskMemFree, CoGetMalloc, ReleaseStgMedium, CoUninitialize
    OLEAUT32.dllVariantInit, VariantClear, SysFreeString, SysAllocString, SafeArrayPutElement, SafeArrayCreateVector

    Possible Origin

    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jul 3, 2024 16:29:50.589545012 CEST8.8.8.8192.168.2.220xdd47No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Jul 3, 2024 16:29:50.589545012 CEST8.8.8.8192.168.2.220xdd47No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Jul 3, 2024 16:29:50.598968029 CEST8.8.8.8192.168.2.220x9680No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Jul 3, 2024 16:29:50.598968029 CEST8.8.8.8192.168.2.220x9680No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    System Behavior

    General

    Target ID:0
    Start time:10:29:33
    Start date:03/07/2024
    Path:C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe
    Wow64 process (32bit):false
    Commandline:"C:\Users\user\Desktop\SumatraPDF-3.5.2-64.exe"
    Imagebase:0x13fbe0000
    File size:16'065'496 bytes
    MD5 hash:C02DC2CA96FE9841963883C0FE177399
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    Disassembly

    Reset < >

      Execution Graph

      Execution Coverage:2.9%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:1.2%
      Total number of Nodes:344
      Total number of Limit Nodes:6
      execution_graph 2631 140149878 2634 140149724 2631->2634 2639 14015a6a4 EnterCriticalSection 2634->2639 2625 13fbe24b8 RegOpenKeyExW RegCloseKey 2626 1401348f0 8 API calls 2625->2626 2627 13fbe2512 2626->2627 2640 13fbe20f4 2641 13fbe2222 2640->2641 2642 13fbe2132 2640->2642 2643 140134ee0 3 API calls 2641->2643 2645 13fbe1ec6 13 API calls 2642->2645 2652 13fbe2149 2642->2652 2644 13fbe222e 2643->2644 2644->2642 2646 13fbe223b GetModuleHandleW GetProcAddress 2644->2646 2645->2652 2660 140134e74 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 2646->2660 2647 140134ee0 3 API calls 2648 13fbe227c 2647->2648 2654 13fbe2198 2648->2654 2661 13fbe22a6 LoadLibraryExW 2648->2661 2650 1401348f0 8 API calls 2653 13fbe2218 2650->2653 2652->2647 2652->2654 2659 13fbe21ea 2652->2659 2657 13fbe21dd CoTaskMemFree 2654->2657 2658 13fbe21c9 GetLastError 2654->2658 2654->2659 2657->2659 2658->2657 2659->2650 2662 13fbe228e 2661->2662 2663 13fbe22c4 GetProcAddress 2661->2663 2664 140134e74 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 2662->2664 2663->2662 2604 14015b11c 2605 14015b156 FlsSetValue 2604->2605 2606 14015b13b FlsGetValue 2604->2606 2607 14015b148 2605->2607 2609 14015b163 2605->2609 2606->2607 2608 14015b150 2606->2608 2608->2605 2610 14014a3b0 __free_lconv_mon 11 API calls 2609->2610 2611 14015b172 2610->2611 2612 14015b190 FlsSetValue 2611->2612 2613 14015b180 FlsSetValue 2611->2613 2614 14015b1ae 2612->2614 2615 14015b19c FlsSetValue 2612->2615 2616 14015b189 2613->2616 2617 14015ac8c __free_lconv_mon 11 API calls 2614->2617 2615->2616 2618 14014a428 __free_lconv_mon 11 API calls 2616->2618 2619 14015b1b6 2617->2619 2618->2607 2620 14014a428 __free_lconv_mon 11 API calls 2619->2620 2620->2607 2678 13fbe2851 2679 140136290 2678->2679 2680 13fbe2892 RegGetValueW 2679->2680 2682 13fbe28ca 2680->2682 2681 1401348f0 8 API calls 2683 13fbe28f7 2681->2683 2682->2681 2684 1401348c4 2687 140134f68 2684->2687 2688 140134f8b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 2687->2688 2689 1401348cd 2687->2689 2688->2689 2665 13fbe27f0 2666 13fbe2823 2665->2666 2667 1401348f0 8 API calls 2666->2667 2668 13fbe283f 2667->2668 2260 13fbe15ed 2261 13fbe15fe 2260->2261 2262 13fbe1641 2261->2262 2263 13fbe162f 2261->2263 2289 13fbe1760 2262->2289 2308 13fbe11b7 2263->2308 2266 13fbe163d 2354 13fbe1e6a 2266->2354 2267 13fbe165c 2267->2266 2270 13fbe16d1 2267->2270 2343 13fbe2032 2267->2343 2269 13fbe1639 2269->2266 2328 13fbe1336 2269->2328 2351 13fbe2908 2270->2351 2274 13fbe1e6a 13 API calls 2275 13fbe170d 2274->2275 2276 13fbe1e6a 13 API calls 2275->2276 2278 13fbe1717 2276->2278 2277 13fbe16ab 2347 13fbe2064 2277->2347 2279 13fbe1e6a 13 API calls 2278->2279 2281 13fbe171f 2279->2281 2283 13fbe1e6a 13 API calls 2281->2283 2284 13fbe1727 2283->2284 2285 13fbe1e6a 13 API calls 2284->2285 2286 13fbe1734 2285->2286 2358 1401348f0 2286->2358 2291 13fbe17c5 2289->2291 2292 13fbe1a98 2291->2292 2294 13fbe1c99 14 API calls 2291->2294 2298 13fbe1ac1 GetModuleHandleW GetProcAddress 2291->2298 2299 13fbe19b0 2291->2299 2303 13fbe1e6a 13 API calls 2291->2303 2306 14014b95c 11 API calls 2291->2306 2307 13fbe2032 13 API calls 2291->2307 2367 13fbe1000 2291->2367 2377 14014b670 2291->2377 2390 13fbe1df2 2291->2390 2395 13fbe1ec6 2291->2395 2399 140134ee0 AcquireSRWLockExclusive 2291->2399 2293 13fbe1e6a 13 API calls 2292->2293 2293->2299 2294->2291 2295 1401348f0 8 API calls 2296 13fbe1b75 2295->2296 2296->2267 2404 140134e74 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 2298->2404 2299->2295 2303->2291 2306->2291 2307->2291 2309 13fbe1ec6 13 API calls 2308->2309 2310 13fbe11e2 2309->2310 2311 13fbe1226 2310->2311 2543 13fbe10eb 2310->2543 2556 13fbe10ab 2311->2556 2314 13fbe12fc 2316 1401348f0 8 API calls 2314->2316 2315 13fbe1e6a 13 API calls 2315->2314 2317 13fbe132a 2316->2317 2317->2269 2318 13fbe126a 2319 13fbe1f80 13 API calls 2318->2319 2321 13fbe130a 2318->2321 2320 13fbe1298 2319->2320 2320->2321 2322 13fbe12b1 2320->2322 2321->2315 2323 13fbe1f80 13 API calls 2322->2323 2324 13fbe12e1 2323->2324 2325 13fbe2032 13 API calls 2324->2325 2326 13fbe12ec 2325->2326 2327 13fbe1e6a 13 API calls 2326->2327 2327->2311 2562 13fbe14b5 2328->2562 2331 13fbe14b5 9 API calls 2332 13fbe1372 2331->2332 2333 13fbe14b5 9 API calls 2332->2333 2337 13fbe1381 2333->2337 2334 13fbe147e 2335 1401348f0 8 API calls 2334->2335 2336 13fbe14a6 2335->2336 2336->2267 2337->2334 2338 13fbe1485 GetLastError 2337->2338 2341 13fbe13bc 2337->2341 2338->2334 2339 13fbe145b GetLastError 2342 13fbe144f 2339->2342 2340 13fbe1e6a 13 API calls 2340->2334 2341->2339 2341->2342 2342->2340 2344 13fbe2043 2343->2344 2345 13fbe1ec6 13 API calls 2344->2345 2346 13fbe208e 2344->2346 2345->2346 2346->2277 2348 13fbe2072 2347->2348 2350 13fbe208e 2347->2350 2349 13fbe1ec6 13 API calls 2348->2349 2348->2350 2349->2350 2350->2270 2352 13fbe292a CoTaskMemAlloc 2351->2352 2353 13fbe293b 2351->2353 2352->2353 2353->2266 2355 13fbe1e7f 2354->2355 2357 13fbe1703 2354->2357 2356 140134918 13 API calls 2355->2356 2355->2357 2356->2357 2357->2274 2360 1401348f9 2358->2360 2359 13fbe1744 2360->2359 2361 140134c0c IsProcessorFeaturePresent 2360->2361 2362 140134c24 2361->2362 2576 140134e00 RtlCaptureContext 2362->2576 2368 13fbe1065 2367->2368 2369 13fbe1ec6 13 API calls 2368->2369 2370 13fbe1074 2369->2370 2405 13fbe1f80 2370->2405 2372 13fbe1089 2373 1401348f0 8 API calls 2372->2373 2374 13fbe1096 2373->2374 2375 13fbe1ec6 13 API calls 2374->2375 2376 13fbe208e 2374->2376 2375->2376 2376->2291 2378 14014b67d 2377->2378 2379 14014b6a1 2377->2379 2378->2379 2380 14014b682 2378->2380 2381 14014b6db 2379->2381 2384 14014b6fa 2379->2384 2409 140146ec4 2380->2409 2383 140146ec4 __free_lconv_mon 11 API calls 2381->2383 2387 14014b6e0 _invalid_parameter_noinfo 2383->2387 2412 14013e02c 2384->2412 2385 14014b687 _invalid_parameter_noinfo 2385->2291 2387->2291 2388 14014b707 2388->2387 2389 140150b08 29 API calls 2388->2389 2389->2388 2391 13fbe1e04 OutputDebugStringW 2390->2391 2535 13fd0bbb0 2391->2535 2394 13fbe1e3e OutputDebugStringW OutputDebugStringW 2394->2291 2396 13fbe1f35 2395->2396 2397 13fbe1ed7 2395->2397 2396->2291 2397->2396 2536 140134918 2397->2536 2400 140134ef6 2399->2400 2401 140134efb ReleaseSRWLockExclusive 2400->2401 2403 140134f00 SleepConditionVariableSRW 2400->2403 2403->2400 2406 13fbe1fa0 2405->2406 2407 13fbe1ec6 13 API calls 2406->2407 2408 13fbe1fb5 2406->2408 2407->2408 2408->2372 2420 14015b054 GetLastError 2409->2420 2411 140146ecd 2411->2385 2413 14013e04b 2412->2413 2414 14013e050 2412->2414 2413->2388 2414->2413 2478 14015aedc GetLastError 2414->2478 2416 14013e06b 2514 14015c688 2416->2514 2421 14015b095 FlsSetValue 2420->2421 2426 14015b078 2420->2426 2422 14015b0a7 2421->2422 2423 14015b085 SetLastError 2421->2423 2437 14014a3b0 2422->2437 2423->2411 2426->2421 2426->2423 2428 14015b0d4 FlsSetValue 2431 14015b0f2 2428->2431 2432 14015b0e0 FlsSetValue 2428->2432 2429 14015b0c4 FlsSetValue 2430 14015b0cd 2429->2430 2444 14014a428 2430->2444 2450 14015ac8c 2431->2450 2432->2430 2438 14014a3c1 __free_lconv_mon 2437->2438 2439 14014a412 2438->2439 2440 14014a3f6 RtlAllocateHeap 2438->2440 2455 140158e44 2438->2455 2441 140146ec4 __free_lconv_mon 10 API calls 2439->2441 2440->2438 2442 14014a410 2440->2442 2441->2442 2442->2428 2442->2429 2445 14014a45e 2444->2445 2446 14014a42d HeapFree 2444->2446 2445->2423 2446->2445 2447 14014a448 GetLastError 2446->2447 2448 14014a455 __free_lconv_mon 2447->2448 2449 140146ec4 __free_lconv_mon 9 API calls 2448->2449 2449->2445 2464 14015ab64 2450->2464 2458 140158e84 2455->2458 2463 14015a6a4 EnterCriticalSection 2458->2463 2476 14015a6a4 EnterCriticalSection 2464->2476 2479 14015af1d FlsSetValue 2478->2479 2480 14015af00 FlsGetValue 2478->2480 2482 14015af2f 2479->2482 2497 14015af0d 2479->2497 2481 14015af17 2480->2481 2480->2497 2481->2479 2484 14014a3b0 __free_lconv_mon 11 API calls 2482->2484 2483 14015af89 SetLastError 2485 14015af96 2483->2485 2486 14015afa9 2483->2486 2487 14015af3e 2484->2487 2485->2416 2494 14015afc1 FlsGetValue 2486->2494 2495 14015afdc FlsSetValue 2486->2495 2488 14015af5c FlsSetValue 2487->2488 2489 14015af4c FlsSetValue 2487->2489 2490 14015af68 FlsSetValue 2488->2490 2491 14015af7a 2488->2491 2492 14015af55 2489->2492 2490->2492 2493 14015ac8c __free_lconv_mon 11 API calls 2491->2493 2496 14014a428 __free_lconv_mon 11 API calls 2492->2496 2499 14015af82 2493->2499 2500 14015afd6 2494->2500 2504 14015afce 2494->2504 2498 14015afe9 2495->2498 2495->2504 2496->2497 2497->2483 2501 14014a3b0 __free_lconv_mon 11 API calls 2498->2501 2502 14014a428 __free_lconv_mon 11 API calls 2499->2502 2500->2495 2503 14015aff8 2501->2503 2502->2483 2505 14015b016 FlsSetValue 2503->2505 2506 14015b006 FlsSetValue 2503->2506 2504->2416 2508 14015b022 FlsSetValue 2505->2508 2509 14015b034 2505->2509 2507 14015b00f 2506->2507 2510 14014a428 __free_lconv_mon 11 API calls 2507->2510 2508->2507 2511 14015ac8c __free_lconv_mon 11 API calls 2509->2511 2510->2504 2512 14015b03c 2511->2512 2513 14014a428 __free_lconv_mon 11 API calls 2512->2513 2513->2504 2515 14013e08e 2514->2515 2516 14015c69d 2514->2516 2518 14015c6f4 2515->2518 2516->2515 2522 1401665cc 2516->2522 2519 14015c71c 2518->2519 2520 14015c709 2518->2520 2519->2413 2520->2519 2532 140163d60 2520->2532 2523 14015aedc 23 API calls 2522->2523 2524 1401665db 2523->2524 2530 140166621 2524->2530 2531 14015a6a4 EnterCriticalSection 2524->2531 2530->2515 2533 14015aedc 23 API calls 2532->2533 2534 140163d69 2533->2534 2535->2394 2537 140134910 2536->2537 2538 14014a45e 2537->2538 2539 14014a42d HeapFree 2537->2539 2538->2396 2539->2538 2540 14014a448 GetLastError 2539->2540 2541 14014a455 __free_lconv_mon 2540->2541 2542 140146ec4 __free_lconv_mon 11 API calls 2541->2542 2542->2538 2544 13fbe1ec6 13 API calls 2543->2544 2545 13fbe1107 2544->2545 2546 13fbe111a GetModuleFileNameW 2545->2546 2547 13fbe1135 2546->2547 2548 13fbe113a GetLastError 2547->2548 2549 13fbe1176 2547->2549 2548->2549 2550 13fbe1145 2548->2550 2551 13fbe1198 GetLastError 2549->2551 2554 13fbe1189 2549->2554 2552 13fbe1ec6 13 API calls 2550->2552 2551->2554 2553 13fbe1152 2552->2553 2555 13fbe1165 GetModuleFileNameW 2553->2555 2554->2318 2555->2549 2557 13fbe2032 13 API calls 2556->2557 2558 13fbe10bf 2557->2558 2559 13fbe2032 13 API calls 2558->2559 2560 13fbe10ce 2559->2560 2561 13fbe10d6 GetFileAttributesW 2560->2561 2561->2314 2563 13fbe14de 2562->2563 2564 13fbe1501 2562->2564 2565 13fbe1363 2563->2565 2566 13fbe14ea GetProcAddress 2563->2566 2567 140134ee0 3 API calls 2564->2567 2565->2331 2566->2565 2568 13fbe150d 2567->2568 2568->2563 2572 13fbe1c5c LoadLibraryExW 2568->2572 2573 13fbe1c7f LoadLibraryExW 2572->2573 2574 13fbe151b 2572->2574 2575 140134e74 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 2574->2575 2577 140134e1a RtlLookupFunctionEntry 2576->2577 2578 140134c37 2577->2578 2579 140134e30 RtlVirtualUnwind 2577->2579 2580 140134bd8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2578->2580 2579->2577 2579->2578 2581 14014f928 2582 14014f93c 2581->2582 2583 14014f954 2581->2583 2583->2582 2585 14014f818 2583->2585 2590 14015e280 EnterCriticalSection 2585->2590 2587 14014f834 2588 14015e368 LeaveCriticalSection 2587->2588 2589 14014f882 2588->2589 2589->2582 2591 14014a428 2592 14014a45e 2591->2592 2593 14014a42d HeapFree 2591->2593 2593->2592 2594 14014a448 GetLastError 2593->2594 2595 14014a455 __free_lconv_mon 2594->2595 2596 140146ec4 __free_lconv_mon 9 API calls 2595->2596 2596->2592 2597 14014a3b0 2598 14014a3c1 __free_lconv_mon 2597->2598 2599 14014a412 2598->2599 2600 14014a3f6 RtlAllocateHeap 2598->2600 2603 140158e44 __free_lconv_mon 2 API calls 2598->2603 2601 140146ec4 __free_lconv_mon 10 API calls 2599->2601 2600->2598 2602 14014a410 2600->2602 2601->2602 2603->2598 2669 13fbe23e4 2672 13fbe2958 GetEnvironmentVariableW 2669->2672 2671 13fbe23f3 2673 13fbe29ac 2672->2673 2674 13fbe2974 2672->2674 2673->2671 2675 13fbe1ec6 13 API calls 2674->2675 2676 13fbe2980 2675->2676 2676->2673 2677 13fbe298c GetEnvironmentVariableW 2676->2677 2677->2673 2690 13fbe2324 2691 13fbe2349 2690->2691 2692 13fbe1e6a 13 API calls 2691->2692 2693 13fbe23a5 2692->2693 2694 1401348f0 8 API calls 2693->2694 2695 13fbe23b2 2694->2695 2621 14015c22c 2622 14015c254 2621->2622 2623 14015c240 2621->2623 2623->2622 2624 14014a428 __free_lconv_mon 11 API calls 2623->2624 2624->2622 2628 13fbe1ea2 2629 13fbe1ec6 13 API calls 2628->2629 2630 13fbe1ebd 2629->2630

      Executed Functions

      Function 000000014015B2F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: AddressFreeLibraryProc
      • String ID: api-ms-$ext-ms-
      • API String ID: 3013587201-537541572
      • Opcode ID: e4fe48c854c3e632869e80c64ec8db9cc9bffe49cd316b8c20fb2922860ce4b0
      • Instruction ID: e3218a152bfe04c22a0af94630b868af027dd858a7bb6cee305732e82f1e1fa2
      • Opcode Fuzzy Hash: e4fe48c854c3e632869e80c64ec8db9cc9bffe49cd316b8c20fb2922860ce4b0
      • Instruction Fuzzy Hash: BB41F372312A4482EB67CB17A880BD523A1F74DFD0F4C452A9E1E6B7A5EE39C545C300
      Function 000000014015BB14 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: String
      • String ID: LCMapStringEx
      • API String ID: 2568140703-3893581201
      • Opcode ID: 625c65ffab90239088a480d68690d8096d19c9efb5ff1c2381dc515d1cd8623e
      • Instruction ID: 0c5f4f08a0ae18792b0d135b99ffe82b0cddcd8699ed273463abf2e4269eecfa
      • Opcode Fuzzy Hash: 625c65ffab90239088a480d68690d8096d19c9efb5ff1c2381dc515d1cd8623e
      • Instruction Fuzzy Hash: E1211536208B8486DB658B16F88078AB7A5F78DBC4F484126EF8D83B29DE38C540CB40
      Function 000000014014A428 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: ErrorFreeHeapLast
      • String ID:
      • API String ID: 485612231-0
      • Opcode ID: 958567044e3adab993be22d6434b9c4d9d2f1fc4369be7e5e4818822e37ff867
      • Instruction ID: 28674671389976eb2f4a5d91eb66883d8e86851b75e5565fd696bae9f1c170a7
      • Opcode Fuzzy Hash: 958567044e3adab993be22d6434b9c4d9d2f1fc4369be7e5e4818822e37ff867
      • Instruction Fuzzy Hash: 74E01271B1164482FF1A67F398593E911916B9CF44F4944358B09536B6ED38C9554601
      Function 000000014014A3B0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      • RtlAllocateHeap.NTDLL(?,?,00000000,000000014015B0B6,?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014014A405
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 124df37cf2e7ea381b88c17281b8b67a5854621d9b2628d22826c8ac1dbdc82a
      • Instruction ID: aebca8f54d11be06d4be81388b3ad4fa9431ec5a76da1b69390e57ddb537a2d9
      • Opcode Fuzzy Hash: 124df37cf2e7ea381b88c17281b8b67a5854621d9b2628d22826c8ac1dbdc82a
      • Instruction Fuzzy Hash: EDF0B43431230481FE57AB6399193E912946B5CF40F8E48324F0A8B7F2EE7CC8808221

      Non-executed Functions

      Function 0000000140134F68 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
      • String ID:
      • API String ID: 2933794660-0
      • Opcode ID: 3be227cb8252aac31629724096c608187ebffdc99491d3ac1e2d2a14734ec97e
      • Instruction ID: 462e5b193dfe814c50b3f4728cea5c78e451836a499c0f4844e6a04239cc6b88
      • Opcode Fuzzy Hash: 3be227cb8252aac31629724096c608187ebffdc99491d3ac1e2d2a14734ec97e
      • Instruction Fuzzy Hash: B511D676710B088AEB01CF61E8557E833B4F75DB58F441E25EB6D87BA4DB78D1948340
      Function 0000000140134BD8 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$CurrentProcess
      • String ID:
      • API String ID: 1249254920-0
      • Opcode ID: 6bef131a2eac4467d255269b65b5e6b0247de1cdc79986c0592ece5c9143e238
      • Instruction ID: 3527a1b3730c3c9fb4dd558087daede72df6eb68bf440c3774a43e74b52647bc
      • Opcode Fuzzy Hash: 6bef131a2eac4467d255269b65b5e6b0247de1cdc79986c0592ece5c9143e238
      • Instruction Fuzzy Hash: 63D092B1B11A088AEB1A6B63A8153A92270A79CF45F0410269B0657334AE3CC5868302
      Function 000000013FBE1760 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 241libraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 80 13fbe1760-13fbe17c1 81 13fbe17c5-13fbe1860 call 13fbe1e58 call 13fbe1000 call 13fd0bbb0 call 13fbe1c99 80->81 90 13fbe1af6-13fbe1afe 81->90 91 13fbe1866-13fbe1880 call 13fd0bbb0 call 13fbe1c99 81->91 92 13fbe1b00-13fbe1b4d call 13fbe1f4e 90->92 93 13fbe1b52-13fbe1b5e call 13fbe1e6a 90->93 91->90 103 13fbe1886-13fbe18a5 91->103 92->93 100 13fbe1b65-13fbe1ba3 call 1401348f0 93->100 105 13fbe18ab-13fbe18b5 103->105 106 13fbe1aa8-13fbe1abb call 140134ee0 103->106 107 13fbe199b-13fbe19aa call 13fbe1e6a 105->107 108 13fbe18bb-13fbe18e2 105->108 106->105 114 13fbe1ac1-13fbe1af1 GetModuleHandleW GetProcAddress call 140134e74 106->114 107->81 116 13fbe19b0-13fbe1b60 107->116 108->107 115 13fbe18e8-13fbe18ed 108->115 114->105 115->107 120 13fbe18f3-13fbe1925 call 13fbe1e58 call 13fbe20de 115->120 116->100 125 13fbe1927-13fbe194f call 13fd0bbb0 120->125 126 13fbe1993-13fbe1996 call 13fbe1e6a 120->126 131 13fbe1988 call 13fbe1e6a 125->131 132 13fbe1951-13fbe195b call 13fd0bbb0 125->132 126->107 136 13fbe198d-13fbe1991 131->136 137 13fbe195d-13fbe1964 132->137 138 13fbe1983 132->138 136->107 139 13fbe1966-13fbe196e call 14014b670 137->139 138->131 141 13fbe1973-13fbe1975 139->141 142 13fbe1977-13fbe1981 141->142 143 13fbe19b5-13fbe19f4 call 13fbe1f4e call 13fbe1e6a call 13fbe1df2 141->143 142->138 142->139 150 13fbe1a9a-13fbe1aa0 143->150 151 13fbe19fa-13fbe19fd 143->151 150->107 153 13fbe1aa6 150->153 151->150 152 13fbe1a03-13fbe1a42 call 13fbe1ec6 call 14014b95c 151->152 152->136 158 13fbe1a48-13fbe1a56 call 13fbe1f4e 152->158 153->90 161 13fbe1a5b-13fbe1a74 call 14014b95c 158->161 161->136 164 13fbe1a7a-13fbe1a96 call 13fbe2032 * 2 161->164 164->161 169 13fbe1a98 164->169 169->90
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: AddressCloseHandleModuleOpenProcQueryValue
      • String ID: GetCurrentPackageInfo$Microsoft.WebView2Runtime.Beta_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Canary_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Dev_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Internal_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Stable_8wekyb3d8bbwe$beta$canary$dev$internal$kernelbase.dll
      • API String ID: 696543570-4251609998
      • Opcode ID: 44a0b3c7aa43c496d420b8976d1d367078d38f49d7ce270ae9f75b82d73d0cf3
      • Instruction ID: 59cd487e75a01621bd1f47d11427cee20b2b5ea8f55f84fdf7c1257d0a15154d
      • Opcode Fuzzy Hash: 44a0b3c7aa43c496d420b8976d1d367078d38f49d7ce270ae9f75b82d73d0cf3
      • Instruction Fuzzy Hash: 2FB174B1604B4085FA11AF16F4507EAF3E0FBA9B84F605129EE8D177A9DF38C646CB40
      Function 000000014015AEDC Relevance: 18.1, APIs: 12, Instructions: 112COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • GetLastError.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AEEB
      • FlsGetValue.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF00
      • FlsSetValue.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF21
      • FlsSetValue.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF4E
      • FlsSetValue.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF5F
      • FlsSetValue.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF70
      • SetLastError.KERNEL32(?,?,?,000000014013E06B,?,?,?,000000014014B707,?,?,?,?,?,?,?,?), ref: 000000014015AF8B
      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000000014013E06B,?,?,?,000000014014B707), ref: 000000014015AFC1
      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000000014013E06B,?,?,?,000000014014B707), ref: 000000014015AFE0
        • Part of subcall function 000000014014A3B0: RtlAllocateHeap.NTDLL(?,?,00000000,000000014015B0B6,?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014014A405
      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000000014013E06B,?,?,?,000000014014B707), ref: 000000014015B008
        • Part of subcall function 000000014014A428: HeapFree.KERNEL32 ref: 000000014014A43E
        • Part of subcall function 000000014014A428: GetLastError.KERNEL32 ref: 000000014014A448
      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000000014013E06B,?,?,?,000000014014B707), ref: 000000014015B019
      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000000014013E06B,?,?,?,000000014014B707), ref: 000000014015B02A
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: Value$ErrorLast$Heap$AllocateFree
      • String ID:
      • API String ID: 3174826731-0
      • Opcode ID: c7bb338fa4416adcaf18ccf7d183bce47325322700dc6a4e6a200ed1c2833003
      • Instruction ID: 4d950a656023f8783416dde0cd2b7a0e3fa309455053de7c227173da92578a3c
      • Opcode Fuzzy Hash: c7bb338fa4416adcaf18ccf7d183bce47325322700dc6a4e6a200ed1c2833003
      • Instruction Fuzzy Hash: C9411E7024220482FA6BA7339495BED22525B8CFB4F6D4726AB360F7F6EE3ED4415600
      Function 000000013FBE20F4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 100libraryloaderCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • GetLastError.KERNEL32(?,?,-5555555555555556,?,BrowserExecutableFolder,000000013FBE257F), ref: 000000013FBE21C9
      • CoTaskMemFree.OLE32 ref: 000000013FBE21E2
      • GetModuleHandleW.KERNEL32(?,?,-5555555555555556,?,BrowserExecutableFolder,000000013FBE257F), ref: 000000013FBE2242
      • GetProcAddress.KERNEL32(?,?,-5555555555555556,?,BrowserExecutableFolder,000000013FBE257F), ref: 000000013FBE2252
        • Part of subcall function 0000000140134EE0: AcquireSRWLockExclusive.KERNEL32(?,?,?,000000013FBE150D,?,?,?,000000013FBE1363), ref: 0000000140134EF0
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: AcquireAddressErrorExclusiveFreeHandleLastLockModuleProcTask
      • String ID: BrowserExecutableFolder$GetCurrentApplicationUserModelId$Kernel32.dll
      • API String ID: 2548195841-1124854693
      • Opcode ID: 97e529c8c7a084d808807536ffa0f9df3f802a3654eb60b41538ac46ee475aaa
      • Instruction ID: e86fd0a8c047e6bbde5ab7a1a5445ca7821d92d928c09b13e9f25d64bf4b7651
      • Opcode Fuzzy Hash: 97e529c8c7a084d808807536ffa0f9df3f802a3654eb60b41538ac46ee475aaa
      • Instruction Fuzzy Hash: 78417275A04A1082FA11EF26F8513E973A1B79CB94F610239DA8E873B5DF38D647CB01
      Function 000000013FBE1336 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 104COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: ErrorLast
      • String ID: GetFileVersionInfoSizeW$GetFileVersionInfoW$VerQueryValueW$\StringFileInfo\040904B0\ProductVersion
      • API String ID: 1452528299-1241276684
      • Opcode ID: 273c81d367476b8ae125a796f6d1839897c3644086a3a7fb4bb9f3339633d617
      • Instruction ID: fc77732bd0e1ba7ad9c79f3fa201bc66f175d02c6d792e31dddbb422d9e634cb
      • Opcode Fuzzy Hash: 273c81d367476b8ae125a796f6d1839897c3644086a3a7fb4bb9f3339633d617
      • Instruction Fuzzy Hash: CC41A4B1B1164845FA51EF66F8507EAF3E0BB98F80F944135AE4D47399EE38C6068B50
      Function 000000014015B054 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
      Download Yara Rule

      Control-flow Graph

      APIs
      • GetLastError.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B063
      • FlsSetValue.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B099
      • FlsSetValue.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B0C6
      • FlsSetValue.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B0D7
      • FlsSetValue.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B0E8
      • SetLastError.KERNEL32(?,?,?,0000000140146ECD,?,?,?,?,000000014014A45C), ref: 000000014015B103
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: Value$ErrorLast
      • String ID:
      • API String ID: 2506987500-0
      • Opcode ID: 1009f67ed1f647b14a07bb2a06233d5132de5db0981acd1529376a8eb2f992fd
      • Instruction ID: 9021c006fe6ec66ac95a20c185ad04b38e83159ea671e0df3dead30078be9947
      • Opcode Fuzzy Hash: 1009f67ed1f647b14a07bb2a06233d5132de5db0981acd1529376a8eb2f992fd
      • Instruction Fuzzy Hash: 5D113D3030574482FA56A7339595BEE62626B8CFB4F694725AB360B7F6DE7AC4418200
      Function 000000014015B11C Relevance: 7.6, APIs: 5, Instructions: 54COMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      • FlsGetValue.KERNEL32(?,?,00000000,0000000140140C8E,?,?,00000000,0000000140147F3A), ref: 000000014015B13B
      • FlsSetValue.KERNEL32(?,?,00000000,0000000140140C8E,?,?,00000000,0000000140147F3A), ref: 000000014015B15A
      • FlsSetValue.KERNEL32(?,?,00000000,0000000140140C8E,?,?,00000000,0000000140147F3A), ref: 000000014015B182
      • FlsSetValue.KERNEL32(?,?,00000000,0000000140140C8E,?,?,00000000,0000000140147F3A), ref: 000000014015B193
      • FlsSetValue.KERNEL32(?,?,00000000,0000000140140C8E,?,?,00000000,0000000140147F3A), ref: 000000014015B1A4
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: Value
      • String ID:
      • API String ID: 3702945584-0
      • Opcode ID: 6e7596943cfbddd2575954eefe92a7c8866b816aae988e0558cebd1a57637dfe
      • Instruction ID: b279dce3733ada6db9005d4320be4bc5b88fe7cee98dec10494295338fa4e2cf
      • Opcode Fuzzy Hash: 6e7596943cfbddd2575954eefe92a7c8866b816aae988e0558cebd1a57637dfe
      • Instruction Fuzzy Hash: 27115E30301640C1FA9A9733A9E1FE921816B8CBF4F6D4725A7390A7F6DE3DC4018200
      Function 000000013FBE1C99 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91registryCOMMON
      Download Yara Rule

      Control-flow Graph

      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: CloseOpenQueryValue
      • String ID: EBWebView
      • API String ID: 3677997916-998646055
      • Opcode ID: 08ee8a18caff5c7196689b66e41163826835503071b819ee472052c0426b47d6
      • Instruction ID: 4ebad875447f9df2396194092bdff2e4b3b7b5ec495c6edb9ce41fc79f73881d
      • Opcode Fuzzy Hash: 08ee8a18caff5c7196689b66e41163826835503071b819ee472052c0426b47d6
      • Instruction Fuzzy Hash: 8B31F67171464445FB60CF66F8947EAE3E0BB98BC4F509125AE8D07B9DDE7CC2068B00
      Function 000000013FBE1DF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 383 13fbe1df2-13fbe1dfd 384 13fbe1e04-13fbe1e0a 383->384 385 13fbe1e0c 384->385 386 13fbe1e18-13fbe1e20 384->386 387 13fbe1e0e-13fbe1e16 385->387 388 13fbe1e26-13fbe1e54 OutputDebugStringW call 13fd0bbb0 OutputDebugStringW * 2 385->388 386->388 387->384 387->386
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: DebugOutputString
      • String ID: Loader skipped an incompatible version:
      • API String ID: 1166629820-2341185882
      • Opcode ID: 223367485c23500674fb8c623ed909e3335d27437528c39103a3bb11da8d8459
      • Instruction ID: 7715f20d8b625f0d621e37b7ad4b1813238d2d4ca36acca8b23728b5a8713da8
      • Opcode Fuzzy Hash: 223367485c23500674fb8c623ed909e3335d27437528c39103a3bb11da8d8459
      • Instruction Fuzzy Hash: C5F03A72B4155882EE46AB16FD903E9A6A1A79CBE4F901436CE4E473A4D938CA838740
      Function 000000013FBE10EB Relevance: 6.1, APIs: 4, Instructions: 65COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: ErrorFileLastModuleName
      • String ID:
      • API String ID: 2776309574-0
      • Opcode ID: 41af299ffbbf544cb70119ac2e81e24a7ee66545db3173fe62df78aa00bd12cd
      • Instruction ID: a07a33e73c29224622622c1901c9740cb328bd7d9bcce60e58e68786e15d8e8d
      • Opcode Fuzzy Hash: 41af299ffbbf544cb70119ac2e81e24a7ee66545db3173fe62df78aa00bd12cd
      • Instruction Fuzzy Hash: D7119E70B0511403FA59BA63AD557EE81915B9AFD0F10443CDD4F8BB9ADD3C8A434302
      Function 000000013FBE24B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28registryCOMMON
      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: CloseOpen
      • String ID: Software\Policies\Microsoft\Edge\WebView2\
      • API String ID: 47109696-3769946317
      • Opcode ID: f7e0db95aff5fa1ada4a42d155400f24f5c14a6b3d594dd8475134c150a4dd8a
      • Instruction ID: b232935707b19236c633ac82705bfc700c91f19b1813507d53bb1905de9786ba
      • Opcode Fuzzy Hash: f7e0db95aff5fa1ada4a42d155400f24f5c14a6b3d594dd8475134c150a4dd8a
      • Instruction Fuzzy Hash: 73F05E32710B5481F7519B26F951BCA37A0B78CBD4F416111AE8E5B724DE38C45AC740
      Function 000000013FBE22A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
      Download Yara Rule
      APIs
      • LoadLibraryExW.KERNEL32(?,?,?,?,000000013FBE228E,?,?,-5555555555555556,?,BrowserExecutableFolder,000000013FBE257F), ref: 000000013FBE22B9
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: GetCurrentProcessExplicitAppUserModelID$shell32.dll
      • API String ID: 1029625771-718263829
      • Opcode ID: ded2ab6559a7689ffd8d6c7926921170430721c5ca290f021354a87eb1309cc3
      • Instruction ID: 90e8d3e585d9ccbb02cea2dafb41034bec2cb0236a8444f3eafeb70020e9a165
      • Opcode Fuzzy Hash: ded2ab6559a7689ffd8d6c7926921170430721c5ca290f021354a87eb1309cc3
      • Instruction Fuzzy Hash: 5DD09E70B52940C1EB099B539C8239067E1BB5DB51FD48425CA0E47374EE3CC29E8B11
      Function 000000013FBE1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
      Download Yara Rule
      APIs
      • LoadLibraryExW.KERNEL32(?,?,?,?,000000013FBE151B,?,?,?,000000013FBE1363), ref: 000000013FBE1C6F
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.652993532.000000013FBE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013FBE0000, based on PE: true
      • Associated: 00000000.00000002.652987533.000000013FBE0000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014017D000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140301000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.0000000140303000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653068962.000000014030E000.00000002.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653120247.00000001403F7000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653200107.0000000140A00000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653204252.0000000140A02000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653207670.0000000140A05000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653211435.0000000140A06000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653216229.0000000140A16000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653219881.0000000140A19000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653224050.0000000140A1F000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653227389.0000000140A20000.00000008.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A23000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A29000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653231119.0000000140A35000.00000004.00000001.01000000.00000003.sdmpDownload File
      • Associated: 00000000.00000002.653248506.0000000140A8F000.00000002.00000001.01000000.00000003.sdmpDownload File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_13fbe0000_SumatraPDF-3.jbxd
      Similarity
      • API ID: LibraryLoad
      • String ID: api-ms-win-core-version-l1-1-0.dll$version.dll
      • API String ID: 1029625771-4294597371
      • Opcode ID: eb9b05c3bf581bcc3e30dd31f3ef14d7a98471735cb393745bdbbfcd30adc73c
      • Instruction ID: abbd21840f72bc6f06bd159784bdc142ae6a4bafa821b97447f232ac5a4a3a38
      • Opcode Fuzzy Hash: eb9b05c3bf581bcc3e30dd31f3ef14d7a98471735cb393745bdbbfcd30adc73c
      • Instruction Fuzzy Hash: E0D01771F1284080FB8D8B13AC82380A2E1BBADB01F848019820D862B0EE38C24A8B40