Edit tour

Windows Analysis Report
AdobeReaderPDFonline.exe

Overview

General Information

Sample name:	AdobeReaderPDFonline.exe
Analysis ID:	1587434
MD5:	af1d0f01b01da4da3a9a54b2bee820e9
SHA1:	859814a52ba8c1a67468cce646974be9bdece0cb
SHA256:	d883efc9e3f21d039ba1bec082b390432ea3f3608657e9ced8682be27c318ec2
Tags:	exeuser-zhuzhu0009
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

AI detected suspicious sample

Allocates memory in foreign processes

Drops PE files to the document folder of the user

Drops large PE files

Injects a PE file into a foreign processes

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to query CPU information (cpuid)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

IP address seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

AdobeReaderPDFonline.exe (PID: 2700 cmdline: "C:\Users\user\Desktop\AdobeReaderPDFonline.exe" MD5: AF1D0F01B01DA4DA3A9A54B2BEE820E9)

csc.exe (PID: 6484 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.3948989892.0000000009820000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.3948395260.0000000008023000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: csc.exe PID: 6484	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: csc.exe PID: 6484	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.csc.exe.9820000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.csc.exe.80aa228.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\AdobeReaderPDFonline.exe, ProcessId: 2700, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QualysDLP

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: AdobeReaderPDFonline.exe	Virustotal: Detection: 53%			Perma Link
Source: AdobeReaderPDFonline.exe	ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: AdobeReaderPDFonline.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: AdobeReaderPDFonline.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Source\Repos\DS-Platform\CppInstaller\CppSetup\bin\Win32\Release\CppSetup.pdb source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr
Source:	Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp

Source: global traffic

TCP traffic: 192.168.2.5:49769 -> 181.71.216.203:30203

Source: Joe Sandbox View

IP Address: 181.71.216.203 181.71.216.203

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: newstaticfreepoint24.ddns-ip.net

Source: csc.exe, 00000003.00000002.3948000354.0000000006F19000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006F2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: http://www.openssl.org/)
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/beta
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/betahttps://www.bittorrent.com/
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/f/
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/o
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/ohttps://dvpwdfe80sj9.cloudfront.net/zbdhttps://dvpwdfe80sj9.clo
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://dvpwdfe80sj9.cloudfront.net/zbd
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://github.com/arvidn/libtorrent/blob/master/LICENSE
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://github.com/webtorrent/webtorrent/blob/master/LICENSE
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://www.bittorrent.com/legal/privacy-policy/
Source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr	String found in binary or memory: https://www.bittorrent.com/legal/terms-of-use/

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

File dump: hdtach.exe.0.dr 959667331

Jump to dropped file

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B53A1D	0_2_00B53A1D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B495B4	0_2_00B495B4
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4E508	0_2_00B4E508
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3573A	0_2_00B3573A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C0BA	0_2_00B3C0BA
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B348D4	0_2_00B348D4
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C0C1	0_2_00B3C0C1
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41038	0_2_00B41038
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B5282C	0_2_00B5282C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4102F	0_2_00B4102F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D82E	0_2_00B3D82E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41011	0_2_00B41011
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3E00A	0_2_00B3E00A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D809	0_2_00B3D809
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D871	0_2_00B3D871
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B34863	0_2_00B34863
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4F061	0_2_00B4F061
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C852	0_2_00B3C852
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B521B0	0_2_00B521B0
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C9A1	0_2_00B3C9A1
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B411A6	0_2_00B411A6
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B35992	0_2_00B35992
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41199	0_2_00B41199
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4E98E	0_2_00B4E98E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B31939	0_2_00B31939
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D920	0_2_00B3D920
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3212E	0_2_00B3212E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C111	0_2_00B3C111
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C104	0_2_00B3C104
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C90E	0_2_00B3C90E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D96E	0_2_00B3D96E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B53955	0_2_00B53955
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D950	0_2_00B3D950
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3E282	0_2_00B3E282
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B322D5	0_2_00B322D5
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B412C3	0_2_00B412C3
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B412CE	0_2_00B412CE
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3723B	0_2_00B3723B
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4BA3C	0_2_00B4BA3C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3323F	0_2_00B3323F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40A21	0_2_00B40A21
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41221	0_2_00B41221
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3AA05	0_2_00B3AA05
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40BB0	0_2_00B40BB0
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3F390	0_2_00B3F390
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40BF7	0_2_00B40BF7
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4C3EE	0_2_00B4C3EE
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41BDF	0_2_00B41BDF
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40B3F	0_2_00B40B3F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B32327	0_2_00B32327
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40B2C	0_2_00B40B2C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D30E	0_2_00B3D30E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40B6E	0_2_00B40B6E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C35D	0_2_00B3C35D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B42CB8	0_2_00B42CB8
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B33C95	0_2_00B33C95
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3DC86	0_2_00B3DC86
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3DC8E	0_2_00B3DC8E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3DCF6	0_2_00B3DCF6
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3DC30	0_2_00B3DC30
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40C1F	0_2_00B40C1F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B33473	0_2_00B33473
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B32C7B	0_2_00B32C7B
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C5BA	0_2_00B3C5BA
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B535B9	0_2_00B535B9
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C5A5	0_2_00B3C5A5
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C59E	0_2_00B3C59E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B42585	0_2_00B42585
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D5FF	0_2_00B3D5FF
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B365E7	0_2_00B365E7
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4BDD6	0_2_00B4BDD6
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3DD24	0_2_00B3DD24
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41568	0_2_00B41568
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B41559	0_2_00B41559
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B45E87	0_2_00B45E87
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3AEF4	0_2_00B3AEF4
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C637	0_2_00B3C637
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C63D	0_2_00B3C63D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B40E2E	0_2_00B40E2E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B52E78	0_2_00B52E78
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D7BE	0_2_00B3D7BE
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D7A7	0_2_00B3D7A7
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4279E	0_2_00B4279E
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3C785	0_2_00B3C785
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3D7D6	0_2_00B3D7D6
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B427DA	0_2_00B427DA
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B31F3C	0_2_00B31F3C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B4176D	0_2_00B4176D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3A76F	0_2_00B3A76F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B35745	0_2_00B35745
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9788D	0_2_00B9788D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B93E0B	0_2_00B93E0B
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D740	0_2_00B9D740
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94C92	0_2_00B94C92
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D8FE	0_2_00B9D8FE
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C4F5	0_2_00B9C4F5
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C429	0_2_00B9C429
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B82D	0_2_00B9B82D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B97418	0_2_00B97418
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9481A	0_2_00B9481A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C412	0_2_00B9C412
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C471	0_2_00B9C471
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94C5A	0_2_00B94C5A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C449	0_2_00B9C449
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94C48	0_2_00B94C48
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B985B2	0_2_00B985B2
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94DAC	0_2_00B94DAC
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94DA7	0_2_00B94DA7
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C5A7	0_2_00B9C5A7
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B99182	0_2_00B99182
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B995FC	0_2_00B995FC
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B949EA	0_2_00B949EA
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D9D8	0_2_00B9D9D8
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D93C	0_2_00B9D93C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94D22	0_2_00B94D22
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94D11	0_2_00B94D11
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B179	0_2_00B9B179
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B95172	0_2_00B95172
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B97155	0_2_00B97155
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B99955	0_2_00B99955
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B94A	0_2_00B9B94A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9854F	0_2_00B9854F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B54F	0_2_00B9B54F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D6A3	0_2_00B9D6A3
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C6A5	0_2_00B9C6A5
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B982A4	0_2_00B982A4
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B98689	0_2_00B98689
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D68A	0_2_00B9D68A
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C282	0_2_00B9C282
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B986F9	0_2_00B986F9
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94AFD	0_2_00B94AFD
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D6E3	0_2_00B9D6E3
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B96AD6	0_2_00B96AD6
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D635	0_2_00B9D635
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9BA36	0_2_00B9BA36
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B99A2F	0_2_00B99A2F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94672	0_2_00B94672
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94A58	0_2_00B94A58
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9464D	0_2_00B9464D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9C24D	0_2_00B9C24D
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D643	0_2_00B9D643
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B997B8	0_2_00B997B8
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B947BA	0_2_00B947BA
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B7AB	0_2_00B9B7AB
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B997AE	0_2_00B997AE
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D3A3	0_2_00B9D3A3
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9479B	0_2_00B9479B
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B94B81	0_2_00B94B81
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D3F8	0_2_00B9D3F8
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9CFFF	0_2_00B9CFFF
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9CFF4	0_2_00B9CFF4
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9B7EC	0_2_00B9B7EC
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B983D9	0_2_00B983D9
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B983C8	0_2_00B983C8
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B997C5	0_2_00B997C5
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B98337	0_2_00B98337
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9A706	0_2_00B9A706
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B98B7F	0_2_00B98B7F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9D777	0_2_00B9D777
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9835C	0_2_00B9835C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9CF51	0_2_00B9CF51
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B9CF4C	0_2_00B9CF4C
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B98743	0_2_00B98743
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_053D3060	3_2_053D3060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_053D3050	3_2_053D3050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_097AC220	3_2_097AC220
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_097A06D8	3_2_097A06D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_097AD250	3_2_097AD250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_097AC547	3_2_097AC547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_097A3E56	3_2_097A3E56
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F5F80	3_2_098F5F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F07D8	3_2_098F07D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F13F0	3_2_098F13F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F3120	3_2_098F3120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F2890	3_2_098F2890
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F1DB0	3_2_098F1DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F1DC0	3_2_098F1DC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F3112	3_2_098F3112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F0B20	3_2_098F0B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F2880	3_2_098F2880
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F32FF	3_2_098F32FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_098F2AF0	3_2_098F2AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_0990C918	3_2_0990C918
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_0990E298	3_2_0990E298

Source: AdobeReaderPDFonline.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal88.evad.winEXE@3/1@1/1

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

File created: C:\Users\user\Documents\Elaborate Bytes

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: \Sessions\1\BaseNamedObjects\mono1234

Source: AdobeReaderPDFonline.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AdobeReaderPDFonline.exe	Virustotal: Detection: 53%
Source: AdobeReaderPDFonline.exe	ReversingLabs: Detection: 44%

Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_CHECKBOX>Launch the application on exit</LAUNCH_CHECKBOX>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: n al cerrar</LAUNCH_CHECKBOX>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Launch</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Iniciar</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Arrancar</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Uruchom</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Spustit</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Start</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: hren</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: </LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Lancer</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Avvia</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: <LAUNCH_RADIO>Starten</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: lat</LAUNCH_RADIO>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: </LAUNCH_ICON>
Source: AdobeReaderPDFonline.exe	String found in binary or memory: </LAUNCH_BTN>

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

File read: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\AdobeReaderPDFonline.exe "C:\Users\user\Desktop\AdobeReaderPDFonline.exe"
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"	Jump to behavior

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: a.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: AdobeReaderPDFonline.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: AdobeReaderPDFonline.exe

Static file information: File size 5835776 > 1048576

Source: AdobeReaderPDFonline.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x217c00
Source: AdobeReaderPDFonline.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x2e2400

Source: AdobeReaderPDFonline.exe

Static PE information: More than 200 imports for USER32.dll

Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: AdobeReaderPDFonline.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: AdobeReaderPDFonline.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: AdobeReaderPDFonline.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Source\Repos\DS-Platform\CppInstaller\CppSetup\bin\Win32\Release\CppSetup.pdb source: AdobeReaderPDFonline.exe, hdtach.exe.0.dr
Source:	Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 3.2.csc.exe.9820000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.csc.exe.80aa228.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3948989892.0000000009820000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3948395260.0000000008023000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: csc.exe PID: 6484, type: MEMORYSTR

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"			Jump to behavior

Source: AdobeReaderPDFonline.exe

Static PE information: real checksum: 0x46342c should be: 0x59eb74

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3EA76 pushad ; iretd	0_2_00B3EA77
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3EA7E pushad ; iretd	0_2_00B3EA7F
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Code function: 0_2_00B3E458 push E0810001h; iretd	0_2_00B3E45D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_053D65C9 push ecx; iretd	3_2_053D65CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Code function: 3_2_0990BC90 pushad ; iretd	3_2_0990BC91

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

File created: C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe

Jump to dropped file

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

File created: C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe

Jump to dropped file

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QualysDLP			Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run QualysDLP			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: csc.exe PID: 6484, type: MEMORYSTR

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 53D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 6E80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 8E80000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 582000	Jump to behavior

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Dropped PE file which has not been started: C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe

Jump to dropped file

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

API coverage: 5.3 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2680	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2680	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 1128	Thread sleep count: 200 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2680	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6388	Thread sleep time: -582000s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Thread delayed: delay time: 582000	Jump to behavior

Source: csc.exe, 00000003.00000002.3948829057.000000000970A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Code function: 3_2_0990E4F1 LdrInitializeThunk,

3_2_0990E4F1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4970000 protect: page readonly

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4970000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4970000			Jump to behavior
Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4A90008			Jump to behavior

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Code function: 0_2_00B56565 cpuid

0_2_00B56565

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\AdobeReaderPDFonline.exe

Code function: 0_2_005CD4D4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_005CD4D4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	31 Process Injection	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	11 Disable or Modify Tools	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	141 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	31 Process Injection	NTDS	141 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	134 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
AdobeReaderPDFonline.exe	54%	Virustotal		Browse
AdobeReaderPDFonline.exe	45%	ReversingLabs	Win32.Adware.RedCap

Source	Detection	Scanner	Label
https://dvpwdfe80sj9.cloudfront.net/f/	0%	Avira URL Cloud	safe
https://dvpwdfe80sj9.cloudfront.net/zbd	0%	Avira URL Cloud	safe
https://dvpwdfe80sj9.cloudfront.net/o	0%	Avira URL Cloud	safe
https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/beta	0%	Avira URL Cloud	safe
https://dvpwdfe80sj9.cloudfront.net/ohttps://dvpwdfe80sj9.cloudfront.net/zbdhttps://dvpwdfe80sj9.clo	0%	Avira URL Cloud	safe
https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/betahttps://www.bittorrent.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
newstaticfreepoint24.ddns-ip.net	181.71.216.203	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/betahttps://www.bittorrent.com/	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dvpwdfe80sj9.cloudfront.net/f/	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://www.bittorrent.com/legal/privacy-policy/	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false		high
https://stackoverflow.com/q/11564914/23354;	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/webtorrent/webtorrent/blob/master/LICENSE	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false		high
https://github.com/mgravell/protobuf-net	csc.exe, 00000003.00000002.3949027287.0000000009880000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.0000000008302000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2532639480.000000000843C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.openssl.org/)	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false		high
https://download-lb.utorrent.com/endpoint/utweb/os/riserollout/track/beta	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	csc.exe, 00000003.00000002.3948000354.0000000006F19000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3948000354.0000000006F2A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dvpwdfe80sj9.cloudfront.net/zbd	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/arvidn/libtorrent/blob/master/LICENSE	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false		high
https://www.bittorrent.com/legal/terms-of-use/	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false		high
https://dvpwdfe80sj9.cloudfront.net/o	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://dvpwdfe80sj9.cloudfront.net/ohttps://dvpwdfe80sj9.cloudfront.net/zbdhttps://dvpwdfe80sj9.clo	AdobeReaderPDFonline.exe, hdtach.exe.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
181.71.216.203	newstaticfreepoint24.ddns-ip.net	Colombia		27831	ColombiaMovilCO	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587434
Start date and time:	2025-01-10 11:43:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	AdobeReaderPDFonline.exe
Detection:	MAL
Classification:	mal88.evad.winEXE@3/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 84% Number of executed functions: 268 Number of non-executed functions: 72
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.253.45, 52.149.20.212
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtProtectVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:44:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run QualysDLP C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe
11:44:42	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run QualysDLP C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
181.71.216.203	MicrosoftWORD.exe	Get hash	malicious	Unknown	Browse
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse
	MicrosoftOfficeWord.exe	Get hash	malicious	Unknown	Browse
	AdobePDF.exe	Get hash	malicious	Unknown	Browse
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse
	AdobePremierPDF.exe	Get hash	malicious	Unknown	Browse
	2LDJIyMl2r.exe	Get hash	malicious	Remcos	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
newstaticfreepoint24.ddns-ip.net	MicrosoftWORD.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	MicrosoftOfficeWord.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	AdobePDF.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	AdobePremierPDF.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	2LDJIyMl2r.exe	Get hash	malicious	Remcos	Browse	181.71.216.203
	SHROsQyiAd.exe	Get hash	malicious	Remcos	Browse	181.131.217.244
	4JwhvqLe8n.exe	Get hash	malicious	Remcos	Browse	181.131.217.244

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ColombiaMovilCO	MicrosoftWORD.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	MicrosoftOfficeWord.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	AdobePDF.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	PDFonlineseguro.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	AdobePremierPDF.exe	Get hash	malicious	Unknown	Browse	181.71.216.203
	1736491685b40eefbc9bdfbc98216071e6ff3a4c19c7e1ab8a144cde35036665da85346b6b949.dat-decoded.exe	Get hash	malicious	Remcos	Browse	179.15.136.6
	6.elf	Get hash	malicious	Unknown	Browse	181.70.170.80
	173634822473cd620521fcc8b42a4aac25bbd1c3f6e30c324045b1411f9747e93f432d0281839.dat-decoded.exe	Get hash	malicious	Remcos	Browse	179.15.136.6

Process:	C:\Users\user\Desktop\AdobeReaderPDFonline.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	959667331
Entropy (8bit):	0.08625462809460394
Encrypted:	false
SSDEEP:
MD5:	1ED9B1C1CC1AD0A0002A3CE083DC9D5F
SHA1:	CA8788C1C7FA2F39304E8AA2B8276C928B4B7165
SHA-256:	50C929F7C263A067D323E03CA02B3F18EDE373CFD53E89DCE9EEF589BB469826
SHA-512:	99B974DBD3F000B44C7D2F9245AD17BD909FDCA8CE1E3196BC0162760264CD3C859488847EBFA6ADA03359B4582C248E14E96862B748887F0221DB7A84780B7D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7..V...V...V......V......V....."V......V......V...V..U..5...V..5...V..5..YW......V....p..V...V...V......V..Rich.V..........PE..L.....Eg...............'.\|!...7...............!...@...........................Y.....,4F...@.................................\|.)......`+.4"............E..(...`C.P...p.'.p.....................'.......'.@.............!..............................text.....!......\|!................. ..`.rdata........!.......!.............@..@.data.... ...@......,.............@....rsrc...4"...`+..$....*.............@..@........................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.0634954672891475
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	AdobeReaderPDFonline.exe
File size:	5'835'776 bytes
MD5:	af1d0f01b01da4da3a9a54b2bee820e9
SHA1:	859814a52ba8c1a67468cce646974be9bdece0cb
SHA256:	d883efc9e3f21d039ba1bec082b390432ea3f3608657e9ced8682be27c318ec2
SHA512:	5ddcb57d828f1b33bed2c9a72a9eede38f7601fcf9e4e34f69f6b17363db41a2362799b3bf36be61cc0851c9d309137a1210c3d4c916349a2d1724ebb7909c35
SSDEEP:	98304:9jYWohHXZ64z3lrxA0+IbvT3916Floj9ghi1RebMIg9Cbk/VFE/nIV3MwBReUcRR:9jYWqXZ6wF3916vojDIg9Cbk/VK/nqbO
TLSH:	7246BF327D4A445BD07212716A69E975A13E6D78273202C363E47F3F7831AC2293BE67
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V...V...V.......V.......V......"V.......V.......V...V...U..5....V..5....V..5...YW.......V....p..V...V...V.......V..Rich.V.

File Icon


Icon Hash:	335092b3b2c66517

Static PE Info

General

Entrypoint:	0x5cc6df
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67459109 [Tue Nov 26 09:12:41 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	b48ec932e0b94d3910a5e2592ad0d9cf

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
call 00007FC9B8DF1D92h
jmp 00007FC9B8DF0DCFh
cmp ecx, dword ptr [006A5000h]
jne 00007FC9B8DF0F53h
ret
jmp 00007FC9B8DF1951h
push ebp
mov ebp, esp
push esi
mov esi, 006B34E4h
push esi
call dword ptr [006192E8h]
mov eax, dword ptr [ebp+08h]
push esi
and dword ptr [eax], 00000000h
call dword ptr [006192ECh]
push 006B34E0h
call dword ptr [006192E4h]
pop esi
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, 006B34E4h
push esi
call dword ptr [006192E8h]
mov ecx, dword ptr [006A4FF0h]
mov eax, dword ptr [ebp+08h]
inc ecx
mov dword ptr [006A4FF0h], ecx
push esi
mov dword ptr [eax], ecx
mov eax, dword ptr fs:[0000002Ch]
mov ecx, dword ptr [006B3844h]
mov ecx, dword ptr [eax+ecx*4]
mov eax, dword ptr [006A4FF0h]
mov dword ptr [ecx+00000004h], eax
call dword ptr [006192ECh]
push 006B34E0h
call dword ptr [006192E4h]
pop esi
pop ebp
ret
push ebp
mov ebp, esp
push esi
push edi
mov edi, 006B34E4h
push edi
call dword ptr [006192E8h]
mov esi, dword ptr [ebp+08h]
cmp dword ptr [esi], 00000000h
jne 00007FC9B8DF0F5Eh
or dword ptr [esi], FFFFFFFFh
jmp 00007FC9B8DF0F78h
call 00007FC9B8DF0F81h
jmp 00007FC9B8DF0F41h
cmp dword ptr [esi], FFFFFFFFh
je 00007FC9B8DF0F46h
mov eax, dword ptr fs:[0000002Ch]
mov ecx, dword ptr [00003844h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29fe7c	0x1b8	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2b6000	0x2e2234	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x458600	0x2800	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x436000	0x2ab50	.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x278c70	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x278d00	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x278bb0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x219000	0xad0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x218000	0x217c00	bf8442e1a060d6a6110e5353f0b7e4f0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x219000	0x8b000	0x8ac00	c071b645d904afddfae36d09fbff0a76	False	0.33050218186936936	data	5.546535578758396	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2a4000	0x12000	0xbc00	df682c1e69ad36bfcf32c628e7178a04	False	0.17351645611702127	data	5.056360385601096	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2b6000	0x2e2234	0x2e2400	7e9251cd98c2809c7f0a338118d8a199	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x2cb174	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb178	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb17c	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb180	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb184	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb188	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb18c	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb190	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb194	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb198	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb19c	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb1a0	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb1a4	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb1a8	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb1ac	0x2	data	English	United States	5.0
AFX_DIALOG_LAYOUT	0x2cb1b0	0x2	data	English	United States	5.0
IMAGE_BLOB	0x2cb1b4	0x6182	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9983174425126192
IMAGE_BLOB2	0x2d1338	0x57e4	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	English	United States	0.9663111111111111
IMAGE_BLOB3	0x2d6b1c	0x6050	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced	English	United States	0.9756245944192083
LOCALE	0x2dcb6c	0xb1f	XML 1.0 document, ASCII text, with very long lines (345), with CRLF line terminators	English	United States	0.4130663856691254
LOCALE	0x2dd68c	0xb1f	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (344), with CRLF line terminators	English	United States	0.4260625219529329
LOCALE	0x2de1ac	0xa65	XML 1.0 document, ASCII text, with very long lines (344), with CRLF line terminators	English	United States	0.4269071777527245
LOCALE	0x2dec14	0xac8	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (343), with CRLF line terminators	English	United States	0.43623188405797103
LOCALE	0x2df6dc	0xafc	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (346), with CRLF line terminators	English	United States	0.4317211948790896
LOCALE	0x2e01d8	0xb1a	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (367), with CRLF line terminators	English	United States	0.45918367346938777
LOCALE	0x2e0cf4	0xaf3	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (353), with CRLF line terminators	English	United States	0.4659293613985016
LOCALE	0x2e17e8	0xa94	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (356), with CRLF line terminators	English	United States	0.4324224519940916
LOCALE	0x2e227c	0xb98	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (426), with CRLF line terminators	English	United States	0.4366576819407008
LOCALE	0x2e2e14	0xaa2	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (349), with CRLF line terminators	English	United States	0.44305657604702425
LOCALE	0x2e38b8	0xb6b	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (381), with CRLF line terminators	English	United States	0.43345877523092713
LOCALE	0x2e4424	0xad7	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (365), with CRLF line terminators	English	United States	0.43963963963963965
LOCALE	0x2e4efc	0xb00	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (406), with CRLF line terminators	English	United States	0.43785511363636365
LOCALE	0x2e59fc	0xb1a	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (367), with CRLF line terminators	English	United States	0.45918367346938777
LOCALE	0x2e6518	0xde9	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (366), with CRLF line terminators	English	United States	0.41224375175512495
LOCALE	0x2e7304	0xada	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators	English	United States	0.4474442044636429
LOCALE	0x2e7de0	0x1f1f	exported SGML document, Unicode text, UTF-8 text, with very long lines (1357), with CRLF line terminators	English	United States	0.3887285050834693
PNG	0x2e9d00	0x77	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	English	United States	0.9915966386554622
PNG	0x2e9d78	0x2f5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0145310435931307
PNG	0x2ea070	0x301	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	English	United States	1.0143042912873863
PNG	0x2ea374	0x287	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.017001545595054
PNG	0x2ea5fc	0x36e	PNG image data, 22 x 40, 8-bit/color RGB, non-interlaced	English	United States	1.0125284738041003
PNG	0x2ea96c	0x15d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0315186246418337
PNG	0x2eaacc	0x13e	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0345911949685536
PNG	0x2eac0c	0x115	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	English	United States	1.03971119133574
PNG	0x2ead24	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.0302013422818792
PNG	0x2eae50	0x20c	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.0209923664122138
PNG	0x2eb05c	0xfd	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.0276679841897234
PNG	0x2eb15c	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x2eb204	0x7c	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	English	United States	0.9919354838709677
PNG	0x2eb280	0x96	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.0133333333333334
PNG	0x2eb318	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.006896551724138
PNG	0x2eb3ac	0x84	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	English	United States	0.9848484848484849
PNG	0x2eb430	0xa3	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0122699386503067
PNG	0x2eb4d4	0x771	PNG image data, 13 x 156, 8-bit/color RGB, non-interlaced	English	United States	1.005774278215223
PNG	0x2ebc48	0x697	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.006520450503853
PNG	0x2ec2e0	0x342	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.013189448441247
PNG	0x2ec624	0x45f	PNG image data, 24 x 72, 8-bit/color RGB, non-interlaced	English	United States	1.0098302055406614
PNG	0x2eca84	0x1a3	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.026252983293556
PNG	0x2ecc28	0xac8	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0039855072463768
PNG	0x2ed6f0	0x37c	PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0123318385650224
PNG	0x2eda6c	0xa50	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0041666666666667
PNG	0x2ee4bc	0x48e	PNG image data, 9 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.009433962264151
PNG	0x2ee94c	0xa50	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0041666666666667
PNG	0x2ef39c	0x380	PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0122767857142858
PNG	0x2ef71c	0xab0	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0040204678362572
PNG	0x2f01cc	0xb1f	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0038637161924833
PNG	0x2f0cec	0xa8e	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0040710584752035
PNG	0x2f177c	0xb30	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.003840782122905
PNG	0x2f22ac	0x3a6	PNG image data, 48 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.011777301927195
PNG	0x2f2654	0x111b	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	English	United States	1.0025119890385932
PNG	0x2f3770	0x3d1	PNG image data, 23 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0112589559877174
PNG	0x2f3b44	0x21b	PNG image data, 11 x 88, 8-bit/color RGB, non-interlaced	English	United States	1.0204081632653061
PNG	0x2f3d60	0xb12	PNG image data, 50 x 273, 8-bit/color RGBA, non-interlaced	English	United States	1.003881439661256
PNG	0x2f4874	0x7ac	PNG image data, 50 x 162, 8-bit/color RGBA, non-interlaced	English	United States	1.005600814663951
PNG	0x2f5020	0xd43	PNG image data, 50 x 264, 8-bit/color RGB, non-interlaced	English	United States	1.003240058910162
PNG	0x2f5d64	0x3a4	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.011802575107296
PNG	0x2f6108	0x320	PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced	English	United States	1.01375
PNG	0x2f6428	0x31f	PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced	English	United States	1.0137672090112642
PNG	0x2f6748	0x2bd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0156918687589158
PNG	0x2f6a08	0x273	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	English	United States	1.0175438596491229
PNG	0x2f6c7c	0x2c9	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0154277699859748
PNG	0x2f6f48	0x163	PNG image data, 70 x 66, 8-bit/color RGBA, non-interlaced	English	United States	1.0112676056338028
PNG	0x2f70ac	0x152	PNG image data, 41 x 36, 8-bit/color RGBA, non-interlaced	English	United States	1.032544378698225
PNG	0x2f7200	0x38a	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0121412803532008
PNG	0x2f758c	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0082706766917293
PNG	0x2f7ac0	0x19c	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8810679611650486
PNG	0x2f7c5c	0x2296	PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.001242376327084
PNG	0x2f9ef4	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x2fa594	0x1c4	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8252212389380531
PNG	0x2fa758	0x522	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.008371385083714
PNG	0x2fac7c	0x2475	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.000750026786671
PNG	0x2fd0f4	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x2fd794	0x1c3	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8314855875831486
PNG	0x2fd958	0x505	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0085603112840467
PNG	0x2fde60	0x24d3	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.0004243131430997
PNG	0x300334	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x3009d4	0x1c7	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.832967032967033
PNG	0x300b9c	0x536	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0082458770614693
PNG	0x3010d4	0x24f0	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.0011632825719121
PNG	0x3035c4	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x303c64	0x1c5	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8388520971302428
PNG	0x303e2c	0x4d9	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.008863819500403
PNG	0x304308	0x23d3	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.0
PNG	0x3066dc	0x189	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.0279898218829517
PNG	0x306868	0x1bc	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	0.7027027027027027
PNG	0x306a24	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x3070c4	0x1c4	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.827433628318584
PNG	0x307288	0x4ef	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0087094220110848
PNG	0x307778	0x23a2	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.0007673755755317
PNG	0x309b1c	0xc5	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0253807106598984
PNG	0x309be4	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x30a284	0x1ba	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8212669683257918
PNG	0x30a440	0x4e4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0087859424920127
PNG	0x30a924	0x250f	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.0005270369979973
PNG	0x30ce34	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	English	United States	1.0064935064935066
PNG	0x30d4d4	0x1c2	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	0.8288888888888889
PNG	0x30d698	0x4e9	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0087509944311854
PNG	0x30db84	0x23c6	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.000436776588775
PNG	0x30ff4c	0xb5	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0165745856353592
PNG	0x310004	0x186	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.028205128205128
PNG	0x31018c	0x1b5	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	0.6864988558352403
PNG	0x310344	0x66	PNG image data, 1 x 46, 8-bit/color RGBA, non-interlaced	English	United States	0.9803921568627451
PNG	0x3103ac	0xf9	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.0321285140562249
PNG	0x3104a8	0x17c3	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	English	United States	0.992931119513398
PNG	0x311c6c	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0171073094867806
PNG	0x311ef0	0x71	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	English	United States	0.9823008849557522
PNG	0x311f64	0x71d	PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced	English	United States	1.0060406370126305
PNG	0x312684	0x794	PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced	English	United States	1.0056701030927835
PNG	0x312e18	0x284	PNG image data, 7 x 39, 8-bit/color RGBA, non-interlaced	English	United States	1.0170807453416149
PNG	0x31309c	0x203	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.021359223300971
PNG	0x3132a0	0x1b5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0251716247139588
PNG	0x313458	0xb2	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	English	United States	1.0168539325842696
PNG	0x31350c	0xd1	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	English	United States	0.9760765550239234
PNG	0x3135e0	0x21c	PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced	English	United States	1.0203703703703704
PNG	0x3137fc	0x21c	PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced	English	United States	1.0203703703703704
PNG	0x313a18	0x1ae	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0186046511627906
PNG	0x313bc8	0x13a	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.0222929936305734
PNG	0x313d04	0x13f	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0344827586206897
PNG	0x313e44	0x135	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	English	United States	0.9967637540453075
PNG	0x313f7c	0xdb	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0228310502283104
PNG	0x314058	0xc6	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.0252525252525253
PNG	0x314120	0x1a9	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0141176470588236
PNG	0x3142cc	0x19b	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.0194647201946472
PNG	0x314468	0x2296	PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced	English	United States	1.001242376327084
PNG	0x316700	0x13e	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0345911949685536
PNG	0x316840	0x115	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	English	United States	1.03971119133574
PNG	0x316958	0x83	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.0076335877862594
PNG	0x3169dc	0xce	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0242718446601942
PNG	0x316aac	0xb30	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.003840782122905
PNG	0x3175dc	0x25f	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0181219110378912
PNG	0x31783c	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	English	United States	0.9752066115702479
PNG	0x3178b8	0x170	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9755434782608695
PNG	0x317a28	0x26b	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	English	United States	1.0177705977382876
PNG	0x317c94	0x105	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9731800766283525
PNG	0x317d9c	0xe6	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	English	United States	1.0260869565217392
PNG	0x317e84	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.012101210121012
PNG	0x318214	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0179445350734095
PNG	0x31847c	0x11a	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0319148936170213
PNG	0x318598	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	English	United States	1.011764705882353
PNG	0x318644	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.0268456375838926
PNG	0x318770	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.021113243761996
PNG	0x31897c	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.0244897959183674
PNG	0x318a74	0xa6	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	English	United States	1.0180722891566265
PNG	0x318b1c	0x150	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	English	United States	1.0327380952380953
PNG	0x318c6c	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0174418604651163
PNG	0x318d18	0x89	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	English	United States	1.0
PNG	0x318da4	0x98	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.006578947368421
PNG	0x318e3c	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.006896551724138
PNG	0x318ed0	0x7d	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.008
PNG	0x318f50	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x318ff8	0xbc	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0159574468085106
PNG	0x3190b4	0xa07	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	English	United States	1.004285157771718
PNG	0x319abc	0x1de1	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	English	United States	1.0014380964832004
PNG	0x31b8a0	0x1be	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0246636771300448
PNG	0x31ba60	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0082150858849888
PNG	0x31bf9c	0x440	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	English	United States	1.010110294117647
PNG	0x31c3dc	0x12e	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.0298013245033113
PNG	0x31c50c	0x5b1	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0075497597803706
PNG	0x31cac0	0x408	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0106589147286822
PNG	0x31cec8	0x471	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.009674582233949
PNG	0x31d33c	0x4b7	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0091135045567523
PNG	0x31d7f4	0x481	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0095403295750216
PNG	0x31dc78	0x3ec	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0109561752988048
PNG	0x31e064	0x452	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0099457504520795
PNG	0x31e4b8	0x414	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.010536398467433
PNG	0x31e8cc	0x39e	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.011879049676026
PNG	0x31ec6c	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.009442060085837
PNG	0x31f0fc	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.025287356321839
PNG	0x31f2b0	0xea	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0299145299145298
PNG	0x31f39c	0x1ae0	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	English	United States	1.0015988372093023
PNG	0x320e7c	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0038154699965314
PNG	0x3219c0	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0071197411003237
PNG	0x321fcc	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	English	United States	1.0017410572966128
PNG	0x32387c	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	English	United States	1.0024602997092373
PNG	0x3249f4	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	English	United States	1.0011330861145447
PNG	0x326fe0	0xacb	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0039811798769454
PNG	0x327aac	0xbc8	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0036472148541113
PNG	0x328674	0xc2e	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0035279025016035
PNG	0x3292a4	0x5dd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0073284477015323
PNG	0x329884	0x597	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	English	United States	1.0076869322152342
PNG	0x329e1c	0x5f8	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.007198952879581
PNG	0x32a414	0x237	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	English	United States	1.0194003527336861
PNG	0x32a64c	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	English	United States	1.0077683615819208
PNG	0x32abd4	0x4b6	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0091210613598673
PNG	0x32b08c	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0082706766917293
PNG	0x32b5c0	0x5fe	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0071707953063884
PNG	0x32bbc0	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	0.9960440802486578
PNG	0x32c994	0x7c	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9919354838709677
PNG	0x32ca10	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021752026893416
PNG	0x32ddd4	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0123180291153415
PNG	0x32e154	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0119956379498365
PNG	0x32e4ec	0x125e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023394300297745
PNG	0x32f74c	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021808088818398
PNG	0x330b00	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126002290950744
PNG	0x330e6c	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0113168724279835
PNG	0x331238	0x1320	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002246732026144
PNG	0x332558	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021842732327244
PNG	0x333904	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012672811059908
PNG	0x333c68	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0115303983228512
PNG	0x334024	0x1274	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023285351397122
PNG	0x335298	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021899263388414
PNG	0x336638	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0122767857142858
PNG	0x3369b8	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0129411764705882
PNG	0x336d0c	0x1288	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002318718381113
PNG	0x337f94	0x211	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.0207939508506616
PNG	0x3381a8	0x2e4	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0148648648648648
PNG	0x33848c	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021838395870557
PNG	0x33983c	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126582278481013
PNG	0x339ba4	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x339f18	0x126b	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023329798515377
PNG	0x33b184	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.028301886792453
PNG	0x33b258	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.00219473264166
PNG	0x33c5ec	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x33c960	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0108695652173914
PNG	0x33cd54	0x1304	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0022596548890714
PNG	0x33e058	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021934197407776
PNG	0x33f3f0	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0124575311438277
PNG	0x33f764	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0132689987937273
PNG	0x33faa4	0x119e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002439024390244
PNG	0x340c44	0xa6	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x340cec	0x211	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.0207939508506616
PNG	0x340f00	0x2f7	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0144927536231885
PNG	0x3411f8	0x16e	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.030054644808743
PNG	0x341368	0x73	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	English	United States	0.9826086956521739
PNG	0x3413dc	0x117	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.021505376344086
PNG	0x3414f4	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	English	United States	0.9902912621359223
PNG	0x34155c	0xce	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.0242718446601942
PNG	0x34162c	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	English	United States	0.9733231707317073
PNG	0x34206c	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0171073094867806
PNG	0x3422f0	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0136054421768708
PNG	0x342384	0x96a	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.004564315352697
PNG	0x342cf0	0x99b	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.0044733631557543
PNG	0x34368c	0x2f7	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	English	United States	1.0144927536231885
PNG	0x343984	0x1ff	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0215264187866928
PNG	0x343b84	0x1f7	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.021868787276342
PNG	0x343d7c	0xb6	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	English	United States	1.010989010989011
PNG	0x343e34	0x94	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	English	United States	1.0135135135135136
PNG	0x343ec8	0x3e6	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.0110220440881763
PNG	0x3442b0	0x3e6	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.0110220440881763
PNG	0x344698	0x315	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0139416983523448
PNG	0x3449b0	0x259	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0183028286189684
PNG	0x344c0c	0x205	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0212765957446808
PNG	0x344e14	0x176	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0294117647058822
PNG	0x344f8c	0x124	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0136986301369864
PNG	0x3450b0	0xd7	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0
PNG	0x345188	0x28f	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.016793893129771
PNG	0x345418	0x225	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0200364298724955
PNG	0x345640	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	0.9960440802486578
PNG	0x346414	0x123	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0378006872852235
PNG	0x346538	0x10b	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	English	United States	1.0337078651685394
PNG	0x346644	0x83	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.0076335877862594
PNG	0x3466c8	0x12f	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	English	United States	1.0264026402640265
PNG	0x3467f8	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.009442060085837
PNG	0x346c88	0x261	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0180623973727423
PNG	0x346eec	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	English	United States	0.9752066115702479
PNG	0x346f68	0x1b5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9931350114416476
PNG	0x347120	0x293	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	English	United States	1.0166919575113809
PNG	0x3473b4	0x11a	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9716312056737588
PNG	0x3474d0	0xde	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	English	United States	1.027027027027027
PNG	0x3475b0	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.012101210121012
PNG	0x347940	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0179445350734095
PNG	0x347ba8	0x124	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0308219178082192
PNG	0x347ccc	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	English	United States	1.011764705882353
PNG	0x347d78	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.0268456375838926
PNG	0x347ea4	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.021113243761996
PNG	0x3480b0	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.0244897959183674
PNG	0x3481a8	0x9f	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	English	United States	1.0125786163522013
PNG	0x348248	0x148	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	English	United States	1.0335365853658536
PNG	0x348390	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0174418604651163
PNG	0x34843c	0x8b	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	English	United States	1.014388489208633
PNG	0x3484c8	0xa4	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.0
PNG	0x34856c	0x94	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.0067567567567568
PNG	0x348600	0x87	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.0
PNG	0x348688	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x348730	0xc5	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0203045685279188
PNG	0x3487f8	0xa54	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	English	United States	1.004160363086233
PNG	0x34924c	0x1eda	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	English	United States	1.001392757660167
PNG	0x34b128	0x1cb	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0239651416122004
PNG	0x34b2f4	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0082150858849888
PNG	0x34b830	0x4f3	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	English	United States	1.0086819258089976
PNG	0x34bd24	0x11a	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.024822695035461
PNG	0x34be40	0x5af	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0075601374570446
PNG	0x34c3f0	0x3ff	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.010752688172043
PNG	0x34c7f0	0x461	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0098126672613739
PNG	0x34cc54	0x4cc	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.008957654723127
PNG	0x34d120	0x474	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0096491228070175
PNG	0x34d594	0x3ef	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0109235352532273
PNG	0x34d984	0x44a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0100182149362478
PNG	0x34ddd0	0x41f	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0104265402843602
PNG	0x34e1f0	0x39b	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0119176598049837
PNG	0x34e58c	0x4a1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.009282700421941
PNG	0x34ea30	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.025287356321839
PNG	0x34ebe4	0xf9	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.036144578313253
PNG	0x34ece0	0x1bfa	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	English	United States	1.001535883831332
PNG	0x3508dc	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0038154699965314
PNG	0x351420	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0071197411003237
PNG	0x351a2c	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	English	United States	1.0017410572966128
PNG	0x3532dc	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	English	United States	1.0024602997092373
PNG	0x354454	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	English	United States	1.0011330861145447
PNG	0x356a40	0xac7	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0039869517941282
PNG	0x357508	0xa82	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.004089219330855
PNG	0x357f8c	0xac7	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0039869517941282
PNG	0x358a54	0x5d3	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0073775989268947
PNG	0x359028	0x575	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	English	United States	1.0078740157480315
PNG	0x3595a0	0x5ea	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0072655217965654
PNG	0x359b8c	0x222	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	English	United States	1.02014652014652
PNG	0x359db0	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	English	United States	1.0077683615819208
PNG	0x35a338	0x552	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0080763582966226
PNG	0x35a88c	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0082706766917293
PNG	0x35adc0	0x624	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.006997455470738
PNG	0x35b3e4	0xf6f	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0027841052898
PNG	0x35c354	0x98	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.013157894736842
PNG	0x35c3ec	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021752026893416
PNG	0x35d7b0	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0123180291153415
PNG	0x35db30	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0119956379498365
PNG	0x35dec8	0xbea	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0036065573770492
PNG	0x35eab4	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021808088818398
PNG	0x35fe68	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126002290950744
PNG	0x3601d4	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0113168724279835
PNG	0x3605a0	0xcb2	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0033846153846153
PNG	0x361254	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021842732327244
PNG	0x362600	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012672811059908
PNG	0x362964	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0115303983228512
PNG	0x362d20	0xbff	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0035818951481603
PNG	0x363920	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021899263388414
PNG	0x364cc0	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0122767857142858
PNG	0x365040	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0129411764705882
PNG	0x365394	0xbf8	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0035900783289817
PNG	0x365f8c	0x1e3	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.0227743271221532
PNG	0x366170	0x3d2	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0112474437627812
PNG	0x366544	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021838395870557
PNG	0x3678f4	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126582278481013
PNG	0x367c5c	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x367fd0	0xb9a	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0037037037037038
PNG	0x368b6c	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.028301886792453
PNG	0x368c40	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.00219473264166
PNG	0x369fd4	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x36a348	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0108695652173914
PNG	0x36a73c	0xc62	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0034700315457412
PNG	0x36b3a0	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021934197407776
PNG	0x36c738	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0124575311438277
PNG	0x36caac	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0132689987937273
PNG	0x36cdec	0xb84	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0003392130257802
PNG	0x36d970	0xb1	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0169491525423728
PNG	0x36da24	0x1da	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.0232067510548524
PNG	0x36dc00	0x375	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0124293785310734
PNG	0x36df78	0x1a5	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0261282660332542
PNG	0x36e120	0x71	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	English	United States	0.9911504424778761
PNG	0x36e194	0x11a	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0283687943262412
PNG	0x36e2b0	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	English	United States	0.9902912621359223
PNG	0x36e318	0xe0	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.03125
PNG	0x36e3f8	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	English	United States	0.9733231707317073
PNG	0x36ee38	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0171073094867806
PNG	0x36f0bc	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0136054421768708
PNG	0x36f150	0x985	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.00451374640952
PNG	0x36fad8	0x9ca	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.00438946528332
PNG	0x3704a4	0x339	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	English	United States	1.0133333333333334
PNG	0x3707e0	0x214	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0206766917293233
PNG	0x3709f4	0x22e	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0197132616487454
PNG	0x370c24	0xb3	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	English	United States	1.011173184357542
PNG	0x370cd8	0x95	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	English	United States	0.9932885906040269
PNG	0x370d70	0x414	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.010536398467433
PNG	0x371184	0x414	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.010536398467433
PNG	0x371598	0x1fb	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0216962524654833
PNG	0x371794	0x179	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0159151193633953
PNG	0x371910	0x179	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0053050397877985
PNG	0x371a8c	0x114	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0289855072463767
PNG	0x371ba0	0x10e	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.011111111111111
PNG	0x371cb0	0xb6	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0054945054945055
PNG	0x371d68	0x17e	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0287958115183247
PNG	0x371ee8	0x15c	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0201149425287357
PNG	0x372044	0xf6f	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0027841052898
PNG	0x372fb4	0x143	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0340557275541795
PNG	0x3730f8	0x110	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	English	United States	1.0294117647058822
PNG	0x373208	0x87	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.0074074074074073
PNG	0x373290	0x13b	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	English	United States	1.0253968253968253
PNG	0x3733cc	0x4a1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.009282700421941
PNG	0x373870	0x25e	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.018151815181518
PNG	0x373ad0	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	English	United States	0.9752066115702479
PNG	0x373b4c	0x167	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9972144846796658
PNG	0x373cb4	0x278	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	English	United States	1.0174050632911393
PNG	0x373f2c	0x11a	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9680851063829787
PNG	0x374048	0xd4	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	English	United States	1.0235849056603774
PNG	0x37411c	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.012101210121012
PNG	0x3744ac	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0179445350734095
PNG	0x374714	0x11a	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.0319148936170213
PNG	0x374830	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	English	United States	1.011764705882353
PNG	0x3748dc	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.0268456375838926
PNG	0x374a08	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.021113243761996
PNG	0x374c14	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	English	United States	1.0244897959183674
PNG	0x374d0c	0xa6	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	English	United States	1.0180722891566265
PNG	0x374db4	0x150	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	English	United States	1.0327380952380953
PNG	0x374f04	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0174418604651163
PNG	0x374fb0	0x8b	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	English	United States	1.0
PNG	0x37503c	0x98	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.006578947368421
PNG	0x3750d4	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	English	United States	1.006896551724138
PNG	0x375168	0x7d	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.008
PNG	0x3751e8	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x375290	0xbd	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0105820105820107
PNG	0x375350	0xa07	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	English	United States	1.004285157771718
PNG	0x375d58	0x1de1	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	English	United States	1.0014380964832004
PNG	0x377b3c	0x1be	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0246636771300448
PNG	0x377cfc	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0082150858849888
PNG	0x378238	0x46c	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	English	United States	1.0097173144876326
PNG	0x3786a4	0xaf	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.0171428571428571
PNG	0x378754	0x701	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0061349693251533
PNG	0x378e58	0x498	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0093537414965987
PNG	0x3792f0	0x5c1	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0074677528852682
PNG	0x3798b4	0x539	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0082273747195214
PNG	0x379df0	0x5c7	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0074374577417173
PNG	0x37a3b8	0x47f	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.009556907037359
PNG	0x37a838	0x585	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0077848549186128
PNG	0x37adc0	0x546	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0081481481481482
PNG	0x37b308	0x4e1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0088070456365092
PNG	0x37b7ec	0x5b0	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.007554945054945
PNG	0x37bd9c	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.025287356321839
PNG	0x37bf50	0xea	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0299145299145298
PNG	0x37c03c	0x1ad9	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	English	United States	1.0016004655899897
PNG	0x37db18	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0038154699965314
PNG	0x37e65c	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0071197411003237
PNG	0x37ec68	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	English	United States	1.0017410572966128
PNG	0x380518	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	English	United States	1.0024602997092373
PNG	0x381690	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	English	United States	1.0011330861145447
PNG	0x383c7c	0xad3	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0039696860339227
PNG	0x384750	0xbc8	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0036472148541113
PNG	0x385318	0xc2e	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0035279025016035
PNG	0x385f48	0x5dd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0073284477015323
PNG	0x386528	0x597	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	English	United States	1.0076869322152342
PNG	0x386ac0	0x5f8	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.007198952879581
PNG	0x3870b8	0x228	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	English	United States	1.019927536231884
PNG	0x3872e0	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	English	United States	1.0077683615819208
PNG	0x387868	0x38a	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0121412803532008
PNG	0x387bf4	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0082706766917293
PNG	0x388128	0x32f	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0134969325153373
PNG	0x388458	0xef8	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	0.9950417536534447
PNG	0x389350	0x7c	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	English	United States	0.9919354838709677
PNG	0x3893cc	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021752026893416
PNG	0x38a790	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0123180291153415
PNG	0x38ab10	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0119956379498365
PNG	0x38aea8	0x125e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023394300297745
PNG	0x38c108	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021808088818398
PNG	0x38d4bc	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126002290950744
PNG	0x38d828	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0113168724279835
PNG	0x38dbf4	0x1320	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002246732026144
PNG	0x38ef14	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021842732327244
PNG	0x3902c0	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012672811059908
PNG	0x390624	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0115303983228512
PNG	0x3909e0	0x1274	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023285351397122
PNG	0x391c54	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021899263388414
PNG	0x392ff4	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0122767857142858
PNG	0x393374	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0129411764705882
PNG	0x3936c8	0x1288	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002318718381113
PNG	0x394950	0x99d	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.004469727752946
PNG	0x3952f0	0x2e6	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0148247978436657
PNG	0x3955d8	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021838395870557
PNG	0x396988	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0126582278481013
PNG	0x396cf0	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x397064	0x126b	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0023329798515377
PNG	0x3982d0	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.028301886792453
PNG	0x3983a4	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.00219473264166
PNG	0x399738	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.012443438914027
PNG	0x399aac	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0108695652173914
PNG	0x399ea0	0x1304	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.0022596548890714
PNG	0x39b1a4	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	English	United States	1.0021934197407776
PNG	0x39c53c	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0124575311438277
PNG	0x39c8b0	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0132689987937273
PNG	0x39cbf0	0x119e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	1.002439024390244
PNG	0x39dd90	0xa6	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0120481927710843
PNG	0x39de38	0x99d	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	English	United States	1.004469727752946
PNG	0x39e7d8	0x2f7	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	English	United States	1.0144927536231885
PNG	0x39ead0	0x17e	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0287958115183247
PNG	0x39ec50	0x71	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	English	United States	0.9911504424778761
PNG	0x39ecc4	0x117	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	English	United States	1.021505376344086
PNG	0x39eddc	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	English	United States	0.9902912621359223
PNG	0x39ee44	0xd7	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	English	United States	1.0232558139534884
PNG	0x39ef1c	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	English	United States	0.9733231707317073
PNG	0x39f95c	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0171073094867806
PNG	0x39fbe0	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0136054421768708
PNG	0x39fc74	0x96a	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.004564315352697
PNG	0x3a05e0	0x99b	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	English	United States	1.0044733631557543
PNG	0x3a0f7c	0x2f7	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	English	United States	1.0144927536231885
PNG	0x3a1274	0x1d3	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.019271948608137
PNG	0x3a1448	0x1f8	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.0138888888888888
PNG	0x3a1640	0x67	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	English	United States	0.9514563106796117
PNG	0x3a16a8	0x95	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	English	United States	1.0
PNG	0x3a1740	0x39d	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.011891891891892
PNG	0x3a1ae0	0x39d	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	English	United States	1.011891891891892
PNG	0x3a1e80	0x1c1	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.024498886414254
PNG	0x3a2044	0x153	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.0324483775811208
PNG	0x3a2198	0x15f	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.0113960113960114
PNG	0x3a22f8	0x100	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.03515625
PNG	0x3a23f8	0x108	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.018939393939394
PNG	0x3a2500	0xb6	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.010989010989011
PNG	0x3a25b8	0x151	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.032640949554896
PNG	0x3a270c	0x135	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	English	United States	1.029126213592233
PNG	0x3a2844	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	English	United States	0.9960440802486578
PNG	0x3a3618	0x129	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	English	United States	1.0303030303030303
PNG	0x3a3744	0x10b	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	English	United States	1.0337078651685394
PNG	0x3a3850	0x87	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	English	United States	1.0074074074074073
PNG	0x3a38d8	0x12f	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	English	United States	1.0264026402640265
PNG	0x3a3a08	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.009442060085837
PNG	0x3a3e98	0xdd1	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.003109980209217
PNG	0x3a4c6c	0xd61	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0032116788321168
PNG	0x3a59d0	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	English	United States	1.0179445350734095
PNG	0x3a5c38	0xbb9	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	English	United States	1.0036654448517162
PNG	0x3a67f4	0xc66	PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.0034656584751103
PNG	0x3a745c	0xb90	PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced	English	United States	1.0037162162162163
PNG	0x3a7fec	0xb07	PNG image data, 5 x 5, 8-bit/color RGBA, non-interlaced	English	United States	1.003896563939072
PNG	0x3a8af4	0xb50	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	English	United States	1.0037983425414365
PNG	0x3a9644	0x2885	PNG image data, 42 x 348, 8-bit/color RGBA, non-interlaced	English	United States	1.0010604453870626
PNG	0x3abecc	0xd8e	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	English	United States	1.0031700288184437
PNG	0x3acc5c	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	English	United States	1.0082150858849888
PNG	0x3ad198	0x4f3	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	English	United States	1.0086819258089976
PNG	0x3ad68c	0x130f	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.0022545603607296
PNG	0x3ae99c	0xe74	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.002972972972973
PNG	0x3af810	0x11ba	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.002423975319524
PNG	0x3b09cc	0xece	PNG image data, 11 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0029023746701846
PNG	0x3b189c	0x11ba	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	English	United States	1.002423975319524
PNG	0x3b2a58	0xe74	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.002972972972973
PNG	0x3b38cc	0x1206	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0023840485478976
PNG	0x3b4ad4	0x11bc	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0024229074889868
PNG	0x3b5c90	0x112a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0025034137460174
PNG	0x3b6dbc	0x127a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0023255813953489
PNG	0x3b8038	0xd3e	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	English	United States	1.003244837758112
PNG	0x3b8d78	0xbac	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	English	United States	1.0036813922356091
PNG	0x3b9924	0x146a	PNG image data, 56 x 69, 8-bit/color RGBA, non-interlaced	English	United States	1.0021048603138156
PNG	0x3bad90	0x122f	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	English	United States	1.0023630504833512
PNG	0x3bbfc0	0xdec	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	English	United States	1.0030864197530864
PNG	0x3bcdac	0x1100	PNG image data, 42 x 228, 8-bit/color RGBA, non-interlaced	English	United States	1.0025275735294117
PNG	0x3bdeac	0x11ed	PNG image data, 42 x 140, 8-bit/color RGBA, non-interlaced	English	United States	1.0023970363913706
PNG	0x3bf09c	0x1864	PNG image data, 42 x 330, 8-bit/color RGBA, non-interlaced	English	United States	1.0003203074951954
PNG	0x3c0900	0x10b5	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	English	United States	1.0025718961889174
PNG	0x3c19b8	0x124b	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0023489216314327
PNG	0x3c2c04	0x1256	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	English	United States	1.0023434171282488
PNG	0x3c3e5c	0xf2c	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	English	United States	1.002832131822863
PNG	0x3c4d88	0xede	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	English	United States	1.0028901734104045
PNG	0x3c5c68	0xf69	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	English	United States	1.0027883396704689
PNG	0x3c6bd4	0xe20	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	English	United States	1.0030420353982301
PNG	0x3c79f4	0xdc7	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.0031187978451943
PNG	0x3c87bc	0xbae	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036789297658864
PNG	0x3c936c	0xd91	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.003167290526922
PNG	0x3ca100	0xb12	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	English	United States	1.003881439661256
PNG	0x3cac14	0xbc3	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036532713384259
PNG	0x3cb7d8	0xc9f	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.003404518724853
PNG	0x3cc478	0xd7d	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031856356791196
PNG	0x3cd1f8	0xbf7	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0035912504080966
PNG	0x3cddf0	0xc96	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0034140285536934
PNG	0x3cea88	0xd8c	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031718569780854
PNG	0x3cf814	0xbda	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036255767963085
PNG	0x3d03f0	0xca0	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0034034653465347
PNG	0x3d1090	0xd80	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031828703703705
PNG	0x3d1e10	0xbe2	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036160420775806
PNG	0x3d29f4	0xc8c	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0034246575342465
PNG	0x3d3680	0xd7b	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031874818893074
PNG	0x3d43fc	0xbe7	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036101083032491
PNG	0x3d4fe4	0xc94	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0034161490683229
PNG	0x3d5c78	0xd80	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031828703703705
PNG	0x3d69f8	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	English	United States	1.028301886792453
PNG	0x3d6acc	0xbd0	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.003637566137566
PNG	0x3d769c	0xc97	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.0034129692832765
PNG	0x3d8334	0xd7a	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031884057971014
PNG	0x3d90b0	0xbda	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	English	United States	1.0036255767963085
PNG	0x3d9c8c	0xc8f	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	English	United States	1.003421461897356
PNG	0x3da91c	0xd86	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0031773541305604
PNG	0x3db6a4	0x1908	PNG image data, 50 x 178, 8-bit/color RGBA, non-interlaced	English	United States	0.9887640449438202
PNG	0x3dcfac	0xb75	PNG image data, 3 x 61, 8-bit/color RGBA, non-interlaced	English	United States	1.0037504261847938
PNG	0x3ddb24	0xbd0	PNG image data, 9 x 51, 8-bit/color RGBA, non-interlaced	English	United States	1.003637566137566
PNG	0x3de6f4	0x1570	PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0020043731778425
PNG	0x3dfc64	0x1623	PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced	English	United States	1.0019410622904534
STYLE_XML	0x3e1288	0x4e01	HTML document, ASCII text, with CRLF line terminators	English	United States	0.1839851770243878
STYLE_XML	0x3e608c	0x4b09	HTML document, ASCII text, with CRLF line terminators	English	United States	0.20396689052006872
STYLE_XML	0x3eab98	0x4aa6	HTML document, ASCII text, with CRLF line terminators	English	United States	0.20460491889063318
STYLE_XML	0x3ef640	0x4a18	HTML document, ASCII text, with CRLF line terminators	English	United States	0.20397511598481655
STYLE_XML	0x3f4058	0x1955	HTML document, ASCII text, with CRLF line terminators	English	United States	0.1918272937548188
RT_CURSOR	0x3f59b0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4805194805194805
RT_CURSOR	0x3f5ae4	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	English	United States	0.7
RT_CURSOR	0x3f5b98	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	English	United States	0.36363636363636365
RT_CURSOR	0x3f5ccc	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	English	United States	0.35714285714285715
RT_CURSOR	0x3f5e00	0x134	data	English	United States	0.37337662337662336
RT_CURSOR	0x3f5f34	0x134	data	English	United States	0.37662337662337664
RT_CURSOR	0x3f6068	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	English	United States	0.36688311688311687
RT_CURSOR	0x3f619c	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	English	United States	0.37662337662337664
RT_CURSOR	0x3f62d0	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	English	United States	0.36688311688311687
RT_CURSOR	0x3f6404	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x3f6538	0x134	data	English	United States	0.44155844155844154
RT_CURSOR	0x3f666c	0x134	data	English	United States	0.4155844155844156
RT_CURSOR	0x3f67a0	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	English	United States	0.5422077922077922
RT_CURSOR	0x3f68d4	0x134	data	English	United States	0.2662337662337662
RT_CURSOR	0x3f6a08	0x134	data	English	United States	0.2824675324675325
RT_CURSOR	0x3f6b3c	0x134	data	English	United States	0.3246753246753247
RT_CURSOR	0x3f6c70	0x134	data	English	United States	0.20454545454545456
RT_CURSOR	0x3f6da4	0x134	data	English	United States	0.2857142857142857
RT_CURSOR	0x3f6ed8	0x134	data	English	United States	0.4675324675324675
RT_CURSOR	0x3f700c	0x134	data	English	United States	0.2532467532467532
RT_CURSOR	0x3f7140	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	English	United States	0.40584415584415584
RT_CURSOR	0x3f7274	0x134	data	English	United States	0.4383116883116883
RT_CURSOR	0x3f73a8	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_CURSOR	0x3f74dc	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	English	United States	0.39285714285714285
RT_CURSOR	0x3f7610	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	English	United States	0.4512987012987013
RT_CURSOR	0x3f7744	0x134	data	English	United States	0.37337662337662336
RT_CURSOR	0x3f7878	0x134	data	English	United States	0.4448051948051948
RT_CURSOR	0x3f79ac	0x134	data	English	United States	0.525974025974026
RT_BITMAP	0x3f7ae0	0xc3e8	Device independent bitmap graphic, 348 x 36 x 32, image size 0			0.37799090764077203
RT_BITMAP	0x403ec8	0x27a18	Device independent bitmap graphic, 966 x 42 x 32, image size 162288, resolution 3582 x 3582 px/m			0.32244591198068107
RT_BITMAP	0x42b8e0	0x62c	Device independent bitmap graphic, 324 x 9 x 4, image size 1476	English	United States	0.2430379746835443
RT_BITMAP	0x42bf0c	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	English	United States	0.5818965517241379
RT_BITMAP	0x42bff4	0x4a0	Device independent bitmap graphic, 144 x 15 x 4, image size 1080	English	United States	0.3783783783783784
RT_BITMAP	0x42c494	0x197a	Device independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/m	English	United States	0.380098129408157
RT_BITMAP	0x42de10	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	English	United States	0.51
RT_BITMAP	0x42ded8	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	English	United States	0.515
RT_BITMAP	0x42dfa0	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	English	United States	0.43
RT_BITMAP	0x42e068	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	English	United States	0.44
RT_BITMAP	0x42e130	0x182a	Device independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/m	English	United States	0.2924345295829292
RT_BITMAP	0x42f95c	0x468	Device independent bitmap graphic, 128 x 16 x 4, image size 1024	English	United States	0.3058510638297872
RT_BITMAP	0x42fdc4	0x528	Device independent bitmap graphic, 16 x 16 x 8, image size 256	English	United States	0.4803030303030303
RT_BITMAP	0x4302ec	0x528	Device independent bitmap graphic, 16 x 16 x 8, image size 256	English	United States	0.4765151515151515
RT_BITMAP	0x430814	0x158	Device independent bitmap graphic, 32 x 15 x 4, image size 240	English	United States	0.41569767441860467
RT_BITMAP	0x43096c	0x188	Device independent bitmap graphic, 48 x 12 x 4, image size 288	English	United States	0.39285714285714285
RT_BITMAP	0x430af4	0x1e8	Device independent bitmap graphic, 48 x 16 x 4, image size 384	English	United States	0.5081967213114754
RT_BITMAP	0x430cdc	0xad2	Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m	English	United States	0.18736462093862816
RT_BITMAP	0x4317b0	0xad2	Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m	English	United States	0.1844765342960289
RT_BITMAP	0x432284	0xb0a	Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m	English	United States	0.19497523000707714
RT_BITMAP	0x432d90	0x7e2	Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/m	English	United States	0.24033696729435083
RT_BITMAP	0x433574	0xb0a	Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m	English	United States	0.1935598018400566
RT_BITMAP	0x434080	0x134	Device independent bitmap graphic, 17 x 17 x 4, image size 204	English	United States	0.37337662337662336
RT_BITMAP	0x4341b4	0x928	Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 2834 x 2834 px/m	English	United States	0.533703071672355
RT_BITMAP	0x434adc	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	English	United States	0.7518518518518519
RT_BITMAP	0x434e08	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	English	United States	0.3790123456790123
RT_BITMAP	0x435134	0xc2a	Device independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/m	English	United States	0.42485549132947975
RT_BITMAP	0x435d60	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	English	United States	0.9367816091954023
RT_BITMAP	0x435f6c	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	English	United States	0.4482758620689655
RT_BITMAP	0x436178	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	English	United States	0.33524904214559387
RT_BITMAP	0x436384	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	English	United States	0.3371647509578544
RT_BITMAP	0x436590	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	English	United States	0.6320987654320988
RT_BITMAP	0x4368bc	0x2256	Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/m	English	United States	0.0608646188850967
RT_BITMAP	0x438b14	0x602a	Device independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/m	English	United States	0.2250385896498497
RT_BITMAP	0x43eb40	0x2028	Device independent bitmap graphic, 128 x 16 x 32, image size 0	English	United States	0.24708454810495628
RT_BITMAP	0x440b68	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.11570247933884298
RT_BITMAP	0x441f44	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.10999606454151908
RT_BITMAP	0x443320	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.11511216056670602
RT_BITMAP	0x4446fc	0xeb2	Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m	English	United States	0.13157894736842105
RT_BITMAP	0x4455b0	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.11983471074380166
RT_BITMAP	0x44698c	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.27371113734750097
RT_BITMAP	0x447d68	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.2699724517906336
RT_BITMAP	0x449144	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.2426210153482881
RT_BITMAP	0x44a520	0xeb2	Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m	English	United States	0.3413078149920255
RT_BITMAP	0x44b3d4	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	English	United States	0.23868555686737505
RT_BITMAP	0x44c7b0	0x5a66	Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/m	English	United States	0.046365914786967416
RT_BITMAP	0x452218	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	English	United States	0.44565217391304346
RT_BITMAP	0x4522d0	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	English	United States	0.37962962962962965
RT_ICON	0x452414	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584			0.37968768484561694
RT_ICON	0x462c3c	0xcd63	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.8166568401833432
RT_ICON	0x46f9a0	0x518c9	PC bitmap, Windows 3.x format, 42286 x 2 x 47, image size 334966, cbSize 334025, bits offset 54			0.9976259262031285
RT_ICON	0x4c126c	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336			0.3634124330561884
RT_ICON	0x503294	0x6841	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	Great Britain	1.0003746862003073
RT_ICON	0x509ad8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	Great Britain	0.3674273858921162
RT_ICON	0x50c080	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	Great Britain	0.5044559099437148
RT_ICON	0x50d128	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	Great Britain	0.6098360655737705
RT_ICON	0x50dab0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	Great Britain	0.7881205673758865
RT_ICON	0x50df18	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	Great Britain	0.6098360655737705
RT_ICON	0x50e8a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	Great Britain	0.7881205673758865
RT_ICON	0x50ed08	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.33198924731182794
RT_ICON	0x50eff0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.41216216216216217
RT_ICON	0x50f118	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.42905405405405406
RT_ICON	0x50f240	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.2661290322580645
RT_ICON	0x50f528	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.18010752688172044
RT_ICON	0x50f810	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.35135135135135137
RT_ICON	0x50f938	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.06092057761732852
RT_ICON	0x5101e0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.07658959537572255
RT_ICON	0x510748	0xca8	Device independent bitmap graphic, 32 x 64 x 24, image size 3072	English	United States	0.042901234567901236
RT_ICON	0x5113f0	0x368	Device independent bitmap graphic, 16 x 32 x 24, image size 768	English	United States	0.10550458715596331
RT_ICON	0x511758	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.6400709219858156
RT_ICON	0x511bc0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	United States	0.5
RT_MENU	0x511ce8	0x11c	data	English	United States	0.573943661971831
RT_DIALOG	0x511e04	0x140	data	English	United States	0.553125
RT_DIALOG	0x511f44	0x190	data	English	United States	0.475
RT_DIALOG	0x5120d4	0x134	data	English	United States	0.6038961038961039
RT_DIALOG	0x512208	0xf0	data	English	United States	0.6125
RT_DIALOG	0x5122f8	0x148	data	English	United States	0.5640243902439024
RT_DIALOG	0x512440	0x2fc	data	English	United States	0.39397905759162305
RT_DIALOG	0x51273c	0x1e2	data	English	United States	0.4979253112033195
RT_DIALOG	0x512920	0x198	data	English	United States	0.5416666666666666
RT_DIALOG	0x512ab8	0x1fe	data	English	United States	0.4666666666666667
RT_DIALOG	0x512cb8	0x190	data	English	United States	0.485
RT_DIALOG	0x512e48	0x198	data	English	United States	0.5416666666666666
RT_DIALOG	0x512fe0	0x222	data	English	United States	0.46886446886446886
RT_DIALOG	0x513204	0x276	data	English	United States	0.42063492063492064
RT_DIALOG	0x51347c	0x218	data	English	United States	0.42723880597014924
RT_DIALOG	0x513694	0x238	data	English	United States	0.3961267605633803
RT_DIALOG	0x5138cc	0x4fc	data	English	United States	0.26880877742946707
RT_DIALOG	0x513dc8	0x13c	data	English	United States	0.5949367088607594
RT_DIALOG	0x513f04	0x1a4	data	English	United States	0.5380952380952381
RT_DIALOG	0x5140a8	0xe6	data	English	United States	0.6347826086956522
RT_DIALOG	0x514190	0x390	data	English	United States	0.4418859649122807
RT_DIALOG	0x514520	0x21c	data	English	United States	0.5037037037037037
RT_DIALOG	0x51473c	0x390	data	English	United States	0.4692982456140351
RT_DIALOG	0x514acc	0x1dc	data	English	United States	0.5441176470588235
RT_DIALOG	0x514ca8	0x346	data	English	United States	0.46897374701670647
RT_DIALOG	0x514ff0	0x334	data	English	United States	0.43658536585365854
RT_DIALOG	0x515324	0x58	data	English	United States	0.8068181818181818
RT_DIALOG	0x51537c	0x23c	data	English	United States	0.5122377622377622
RT_DIALOG	0x5155b8	0x1c2	data	English	United States	0.5066666666666667
RT_DIALOG	0x51577c	0x160	data	English	United States	0.5994318181818182
RT_DIALOG	0x5158dc	0xb2	data	English	United States	0.7191011235955056
RT_DIALOG	0x515990	0x3d4	data	English	United States	0.3408163265306122
RT_DIALOG	0x515d64	0x19e	data	English	United States	0.6280193236714976
RT_DIALOG	0x515f04	0x1a2	data	English	United States	0.5741626794258373
RT_DIALOG	0x5160a8	0x34	data	English	United States	0.8076923076923077
RT_DIALOG	0x5160dc	0x2a8	data	English	United States	0.5338235294117647
RT_DIALOG	0x516384	0x382	data	English	United States	0.48552338530066813
RT_DIALOG	0x516708	0xe8	data	English	United States	0.6336206896551724
RT_DIALOG	0x5167f0	0x34	data	English	United States	0.9038461538461539
RT_STRING	0x516824	0x44	data	English	United States	0.6323529411764706
RT_STRING	0x516868	0x32c	data	English	United States	0.4125615763546798
RT_STRING	0x516b94	0x248	data	English	United States	0.5085616438356164
RT_STRING	0x516ddc	0x84	data	English	United States	0.5833333333333334
RT_STRING	0x516e60	0x2a8	data	English	United States	0.36176470588235293
RT_STRING	0x517108	0x20e	data	English	United States	0.3155893536121673
RT_STRING	0x517318	0x24c	data	English	United States	0.4370748299319728
RT_STRING	0x517564	0x3c	data	English	United States	0.65
RT_STRING	0x5175a0	0x16e	data	English	United States	0.39344262295081966
RT_STRING	0x517710	0xa6	Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0	English	United States	0.7228915662650602
RT_STRING	0x5177b8	0x184	data	English	United States	0.4742268041237113
RT_STRING	0x51793c	0x66	data	English	United States	0.696078431372549
RT_STRING	0x5179a4	0x1d6	Matlab v4 mat-file (little endian) S, numeric, rows 0, columns 0	English	United States	0.35319148936170214
RT_STRING	0x517b7c	0x186	data	English	United States	0.5384615384615384
RT_STRING	0x517d04	0xb2	data	English	United States	0.6179775280898876
RT_STRING	0x517db8	0x48	Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0	English	United States	0.7083333333333334
RT_STRING	0x517e00	0x18c	data	English	United States	0.398989898989899
RT_STRING	0x517f8c	0x82	StarOffice Gallery theme p, 536899072 objects, 1st n	English	United States	0.7153846153846154
RT_STRING	0x518010	0x2a	data	English	United States	0.5476190476190477
RT_STRING	0x51803c	0x184	data	English	United States	0.48711340206185566
RT_STRING	0x5181c0	0x4ee	data	English	United States	0.375594294770206
RT_STRING	0x5186b0	0x264	data	English	United States	0.3333333333333333
RT_STRING	0x518914	0x2da	data	English	United States	0.3698630136986301
RT_STRING	0x518bf0	0x8a	data	English	United States	0.6594202898550725
RT_STRING	0x518c7c	0xac	data	English	United States	0.45348837209302323
RT_STRING	0x518d28	0xde	data	English	United States	0.536036036036036
RT_STRING	0x518e08	0x4a8	data	English	United States	0.3221476510067114
RT_STRING	0x5192b0	0x228	data	English	United States	0.4003623188405797
RT_STRING	0x5194d8	0x2c	data	English	United States	0.5227272727272727
RT_STRING	0x519504	0x53e	data	English	United States	0.2965722801788376
RT_RCDATA	0x519a44	0x11dab	Delphi compiled form 'TfFolderProperties'			0.5081565956981308
RT_RCDATA	0x52b7f0	0xce6b	Delphi compiled form 'TFormMD'			0.5119126468974131
RT_RCDATA	0x53865c	0xa9cb	Delphi compiled form 'TfSHistory'			0.4406331239791106
RT_RCDATA	0x543028	0x1b681	Delphi compiled form 'TMsgBoxForm'			0.5739686611970746
RT_MESSAGETABLE	0x55e6ac	0x2840	data			0.5283385093167702
RT_GROUP_CURSOR	0x560eec	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x560f00	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f14	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f28	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f3c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f50	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f64	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f78	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560f8c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560fa0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560fb4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560fc8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x560fdc	0x22	Lotus unknown worksheet or configuration, revision 0x2	English	United States	1.0294117647058822
RT_GROUP_CURSOR	0x561000	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561014	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561028	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x56103c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561050	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561064	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561078	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x56108c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x5610a0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x5610b4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x5610c8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x5610dc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x5610f0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x561104	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x561118	0x68	data	English	Great Britain	0.6442307692307693
RT_GROUP_ICON	0x561180	0x22	data	English	United States	1.0588235294117647
RT_GROUP_ICON	0x5611a4	0x22	data	English	United States	1.0588235294117647
RT_GROUP_ICON	0x5611c8	0x5a	data	English	United States	0.7555555555555555
RT_GROUP_ICON	0x561224	0x22	data	English	United States	1.1176470588235294
RT_VERSION	0x561248	0x254	data	English	United States	0.4748322147651007
RT_ANIICON	0x56149c	0x36b6e	PC bitmap, Windows 3.x format, 28224 x 2 x 54, image size 224986, cbSize 224110, bits offset 54			0.9941144973450537
None	0x59800c	0x1f1	data	English	United States	0.17706237424547283
None	0x598200	0x1c	data	English	United States	1.2857142857142858
None	0x59821c	0x18	data	English	United States	1.2916666666666667

Imports

DLL	Import
KERNEL32.dll	GetDateFormatW, GetConsoleMode, GetConsoleOutputCP, SetFilePointerEx, GetTimeZoneInformation, ExitProcess, GetStdHandle, GetFileType, SetStdHandle, VirtualQuery, VirtualAlloc, GetSystemInfo, HeapQueryInformation, GetCommandLineW, GetCommandLineA, FreeLibraryAndExitThread, ExitThread, CreateThread, RtlUnwind, GetCPInfo, CompareStringEx, LCMapStringW, GetDriveTypeW, LCMapStringEx, GetStringTypeW, GetModuleHandleExW, CloseThreadpoolWork, SubmitThreadpoolWork, CreateThreadpoolWork, FreeLibraryWhenCallbackReturns, TryAcquireSRWLockExclusive, QueryPerformanceFrequency, InitOnceBeginInitialize, InitOnceComplete, AreFileApisANSI, FindFirstFileExW, FormatMessageA, RaiseException, GetTimeFormatW, IsValidLocale, EnumSystemLocalesW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsProcessorFeaturePresent, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetUserDefaultLCID, SearchPathW, GetProfileIntW, GetTickCount64, GetWindowsDirectoryW, ReadConsoleW, FindResourceExW, SetErrorMode, GetFileTime, GetFileSizeEx, GetFileAttributesExW, GetCurrentDirectoryW, GetFileAttributesW, VirtualProtect, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GlobalFlags, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, GlobalGetAtomNameW, InitializeCriticalSectionAndSpinCount, GetThreadLocale, lstrcmpiW, DuplicateHandle, WriteFile, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, FlushFileBuffers, CreateFileW, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, FileTimeToLocalFileTime, lstrcpyW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, lstrcmpA, GetCurrentThread, ResumeThread, SetThreadPriority, CompareStringW, GlobalFindAtomW, GlobalAddAtomW, lstrcmpW, GlobalDeleteAtom, LoadLibraryW, LoadLibraryA, LoadLibraryExW, GetProcAddress, GetModuleHandleA, FreeLibrary, GetSystemDirectoryW, GetCurrentThreadId, EncodePointer, OutputDebugStringA, GetCurrentProcessId, CopyFileW, MulDiv, GlobalSize, SetLastError, GetExitCodeProcess, IsWow64Process, GetModuleHandleW, CreateProcessW, GlobalFree, GetVersionExW, LocalAlloc, WaitForSingleObject, FindClose, GetModuleFileNameW, GetCurrentProcess, FindNextFileW, FindFirstFileW, GlobalMemoryStatusEx, SizeofResource, Process32FirstW, GetDiskFreeSpaceExW, Process32NextW, CreateToolhelp32Snapshot, GetUserDefaultLocaleName, GetLocaleInfoEx, GetTickCount, VerifyVersionInfoW, VerSetConditionMask, LocalFree, FormatMessageW, GlobalUnlock, GlobalLock, GlobalAlloc, MoveFileExW, CloseHandle, OutputDebugStringW, CreateMutexW, RemoveDirectoryW, GetTempFileNameW, DeleteFileW, MultiByteToWideChar, GetTempPathW, GetEnvironmentVariableW, CreateDirectoryW, WideCharToMultiByte, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, FindResourceW, LoadResource, HeapReAlloc, LockResource, GetLastError, Sleep, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, HeapFree
USER32.dll	GetKeyNameTextW, EnumDisplayMonitors, SystemParametersInfoW, LoadCursorW, SetLayeredWindowAttributes, MapDialogRect, SetWindowContextHelpId, SetCursor, ShowOwnedPopups, PostQuitMessage, DrawIconEx, IsRectEmpty, InflateRect, DrawFocusRect, GetSysColorBrush, SetWindowRgn, DrawFrameControl, DrawEdge, GetCursorPos, TranslateMessage, GetMessageW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, OffsetRect, SetRectEmpty, SendDlgItemMessageA, LoadMenuW, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamW, IsDialogMessageW, SetWindowTextW, CheckDlgButton, MoveWindow, LockWindowUpdate, MapVirtualKeyW, GetDoubleClickTime, GetIconInfo, CopyIcon, GetMenuDefaultItem, UnregisterClassW, EnableWindow, ShowWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetWindow, GetTopWindow, GetClassLongW, SetWindowLongW, PtInRect, EqualRect, CopyRect, MapWindowPoints, AdjustWindowRectEx, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, SetMenuDefaultItem, SetClipboardData, EmptyClipboard, SetParent, MonitorFromPoint, IsZoomed, SetCapture, ReleaseCapture, DeleteMenu, MessageBeep, WindowFromPoint, NotifyWinEvent, SetCursorPos, SetRect, UnionRect, BringWindowToTop, DestroyMenu, SetScrollRange, GetScrollPos, GetMenuItemInfoW, CharUpperW, IntersectRect, RealChildWindowFromPoint, CopyImage, GetAsyncKeyState, CreatePopupMenu, TrackMouseEvent, DestroyIcon, LoadImageW, OpenClipboard, EnableScrollBar, SendMessageW, IsIconic, AppendMenuW, GetClientRect, RemoveMenu, LoadIconW, DrawIcon, GetSystemMetrics, GetWindowRect, PostMessageW, GetSystemMenu, InvalidateRect, KillTimer, SetTimer, GetParent, GetMenuStringW, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuW, IsWindowEnabled, MessageBoxW, GetWindowLongW, GetWindowThreadProcessId, GetLastActivePopup, DrawTextW, DrawTextExW, GrayStringW, TabbedTextOutW, GetDC, GetWindowDC, ReleaseDC, BeginPaint, EndPaint, ClientToScreen, ScreenToClient, GetSysColor, FillRect, DrawStateW, UpdateWindow, GetClassNameW, LoadBitmapW, RegisterWindowMessageW, DispatchMessageW, PeekMessageW, GetMessagePos, GetMessageTime, DefWindowProcW, CallWindowProcW, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, IsWindow, IsMenu, IsChild, DestroyWindow, SetWindowPos, GetWindowPlacement, SetWindowPlacement, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, IsWindowVisible, GetDlgItem, GetDlgCtrlID, SetFocus, GetFocus, GetKeyState, GetCapture, GetMenu, SetMenu, TrackPopupMenu, SetActiveWindow, GetForegroundWindow, SetForegroundWindow, ValidateRect, RedrawWindow, ScrollWindow, SetScrollPos, ModifyMenuW, DestroyAcceleratorTable, SetClassLongW, GetUpdateRect, CloseClipboard, WaitMessage, CharNextW, CopyAcceleratorTableW, InvalidateRgn, GetNextDlgGroupItem, IsClipboardFormatAvailable, ToUnicodeEx, GetKeyboardLayout, GetKeyboardState, LoadAcceleratorsW, CreateAcceleratorTableW, UpdateLayeredWindow, HideCaret, InvertRect, FrameRect, SubtractRect, RegisterClipboardFormatW, CharUpperBuffW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, PostThreadMessageW, IsCharLowerW, MapVirtualKeyExW, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, GetComboBoxInfo, CreateMenu, DestroyCursor, GetWindowRgn, GetScrollRange
GDI32.dll	LineTo, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapMode, SetLayout, SetPolyFillMode, SetROP2, SetTextColor, SetTextAlign, MoveToEx, TextOutW, ExtTextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CombineRgn, CreateEllipticRgn, CreateRectRgnIndirect, Ellipse, GetBkColor, GetTextColor, GetTextExtentPoint32W, IntersectClipRect, CreatePolygonRgn, Polygon, Polyline, GetTextMetricsW, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, GetMapMode, SetRectRgn, DPtoLP, RealizePalette, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateRoundRectRgn, Rectangle, GetRgnBox, OffsetRgn, RoundRect, CreatePalette, GetPaletteEntries, EnumFontFamiliesExW, GetNearestPaletteIndex, GetSystemPaletteEntries, LPtoDP, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetViewportOrgEx, GetWindowOrgEx, SetPixelV, GetTextFaceW, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteObject, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, DeleteDC, CreateFontIndirectW, CreateSolidBrush, GetObjectW, CopyMetaFileW, CreateDCW, GetDeviceCaps, BitBlt, CreateBitmap, CreateCompatibleDC, PatBlt, GetLayout
MSIMG32.dll	AlphaBlend, TransparentBlt
WINSPOOL.DRV	DocumentPropertiesW, OpenPrinterW, ClosePrinter
ADVAPI32.dll	CryptDestroyHash, RegQueryValueExA, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteValueW, RegDeleteKeyW, CryptAcquireContextW, CryptCreateHash, CryptHashData, RegOpenKeyExA, CryptGetHashParam, CryptReleaseContext, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegGetValueW, RegQueryValueExW, RegCloseKey
SHELL32.dll	DragFinish, DragQueryFileW, SHAppBarMessage, SHGetFileInfoW, SHGetDesktopFolder, SHBrowseForFolderW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, SHGetKnownFolderPath, SHGetFolderPathW
COMCTL32.dll	InitCommonControlsEx
SHLWAPI.dll	PathRemoveFileSpecW, StrFormatKBSizeW, PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW, PathAppendW, PathIsDirectoryEmptyW, PathFileExistsW, PathIsDirectoryW
UxTheme.dll	DrawThemeText, IsAppThemed, OpenThemeData, CloseThemeData, GetThemePartSize, GetThemeSysColor, DrawThemeBackground, GetThemeColor, GetCurrentThemeName, DrawThemeParentBackground, GetWindowTheme, IsThemeBackgroundPartiallyTransparent
ole32.dll	RegisterDragDrop, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleUninitialize, OleInitialize, CoFreeUnusedLibraries, CoInitializeEx, OleLockRunning, RevokeDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop, OleIsCurrentClipboard, CreateILockBytesOnHGlobal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CoDisconnectObject, CLSIDFromProgID, CLSIDFromString, CoCreateGuid, ReleaseStgMedium, OleDuplicateData, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, CreateStreamOnHGlobal, CoTaskMemFree, CoRevokeClassObject, CoRegisterMessageFilter, OleFlushClipboard
OLEAUT32.dll	SafeArrayDestroy, VariantCopy, VariantTimeToSystemTime, SystemTimeToVariantTime, VariantChangeType, VariantClear, VariantInit, SysAllocStringLen, SysFreeString, SysAllocStringByteLen, SysAllocString, SysStringLen, OleCreateFontIndirect, LoadTypeLib, VarBstrFromDate
oledlg.dll	OleUIBusyW
gdiplus.dll	GdipSetInterpolationMode, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipCreateBitmapFromStream, GdiplusShutdown, GdiplusStartup, GdipLoadImageFromStream, GdipDeleteGraphics, GdipCreateFromHDC, GdipFree, GdipDisposeImage, GdipDrawImageRectI, GdipAlloc, GdipCloneImage
WINHTTP.dll	WinHttpQueryDataAvailable, WinHttpCloseHandle, WinHttpSetOption, WinHttpConnect, WinHttpCrackUrl, WinHttpSendRequest, WinHttpOpenRequest, WinHttpReadData, WinHttpQueryHeaders, WinHttpOpen, WinHttpReceiveResponse, WinHttpAddRequestHeaders
WININET.dll	InternetOpenW, HttpQueryInfoW, InternetCloseHandle, InternetReadFile, InternetOpenUrlW
VERSION.dll	VerQueryValueW
ntdll.dll	RtlGetVersion
OLEACC.dll	AccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
IMM32.dll	ImmReleaseContext, ImmGetOpenStatus, ImmGetContext
WINMM.dll	PlaySoundW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 11:44:34.879254103 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:34.884056091 CET	30203	49769	181.71.216.203	192.168.2.5
Jan 10, 2025 11:44:34.884187937 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:34.963329077 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:34.968118906 CET	30203	49769	181.71.216.203	192.168.2.5
Jan 10, 2025 11:44:34.968172073 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:34.972989082 CET	30203	49769	181.71.216.203	192.168.2.5
Jan 10, 2025 11:44:56.245397091 CET	30203	49769	181.71.216.203	192.168.2.5
Jan 10, 2025 11:44:56.245469093 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:56.261015892 CET	49769	30203	192.168.2.5	181.71.216.203
Jan 10, 2025 11:44:56.265888929 CET	30203	49769	181.71.216.203	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 11:44:34.861082077 CET	52714	53	192.168.2.5	1.1.1.1
Jan 10, 2025 11:44:34.875950098 CET	53	52714	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 10, 2025 11:44:34.861082077 CET	192.168.2.5	1.1.1.1	0xca5e	Standard query (0)	newstaticfreepoint24.ddns-ip.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 10, 2025 11:44:34.875950098 CET	1.1.1.1	192.168.2.5	0xca5e	No error (0)	newstaticfreepoint24.ddns-ip.net		181.71.216.203	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	05:44:10
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\AdobeReaderPDFonline.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\AdobeReaderPDFonline.exe"
Imagebase:	0x400000
File size:	5'835'776 bytes
MD5 hash:	AF1D0F01B01DA4DA3A9A54B2BEE820E9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:44:30
Start date:	10/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Imagebase:	0x670000
File size:	2'141'552 bytes
MD5 hash:	EB80BB1CA9B9C7F516FF69AFCFD75B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3948989892.0000000009820000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3948395260.0000000008023000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3948000354.0000000006E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	18.3%
Total number of Nodes:	82
Total number of Limit Nodes:	5

Executed Functions

Function 00B31939 Relevance: 38.9, APIs: 1, Strings: 21, Instructions: 447
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
O4:2, xrefs: 00B41553
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
R, xrefs: 00B413E5
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
_V, xrefs: 00B4139B
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M$MIMK$O4:2$P$R$R$_V$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 0-127553305
Opcode ID: 4b91097f457b63b63a7f751f9f8793481fcf1dab363cf3a22e310d5746cf24c4
Instruction ID: d978fc5caeb2348f31db89af8105a7cdeee8399bab81cfd142386dd30a7f1060
Opcode Fuzzy Hash: 4b91097f457b63b63a7f751f9f8793481fcf1dab363cf3a22e310d5746cf24c4
Instruction Fuzzy Hash: 5FF153A2D085A49EF7208B28DC94BEB7BB5EF91310F0441FAD44D97281E6791FC5CB62

Function 00B40B6E Relevance: 33.7, APIs: 1, Strings: 18, Instructions: 415
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 4f9abf4db52cd044cb545b692a2a7a2cf35f04f166506c23455d59c779f8689a
Instruction ID: 5383640e400eee59a75d10373e8a79ed88b384a476a92e8458ad8f4f25c183e8
Opcode Fuzzy Hash: 4f9abf4db52cd044cb545b692a2a7a2cf35f04f166506c23455d59c779f8689a
Instruction Fuzzy Hash: A9E167A1D046949FF7208A28DC98BEB7BB9EF81310F0445FAE44C97281D6794FC5DB62

Function 00B40E2E Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 393
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 0-3061001137
Opcode ID: e1c221bc52062d45e6f046c7828969b7b4cb86fda0cae94f55a7e19a11ddb90a
Instruction ID: 7c4d10002fab8b0f3a886cbc7e14ba6393235b19578c8790cd7bc5f43b04d2dc
Opcode Fuzzy Hash: e1c221bc52062d45e6f046c7828969b7b4cb86fda0cae94f55a7e19a11ddb90a
Instruction Fuzzy Hash: DEE121A1D085A48BE720CA28DC94BEB7BB5EF91301F0841FAD44D9B281D6794FC5DF62

Function 00B40BB0 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 376
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 9faf7a50581138339ae4a081f12b030bfce7dc37ba3eb101fa84b815c36da5d7
Instruction ID: dd4b31eeed773459acca306e4c23ead65e1f6470cc8d2294e27a82f224b60962
Opcode Fuzzy Hash: 9faf7a50581138339ae4a081f12b030bfce7dc37ba3eb101fa84b815c36da5d7
Instruction Fuzzy Hash: 12E1E0B1D086948AF7208A28DC94BEB7BB5EF81310F0441FAD84D97281D67A5FC5DF62

Function 00B40A21 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 341
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 844acb77baab3334217359fd4bd7146508c1f0573df98ef6f0fcbd0fdb792f02
Instruction ID: 86eb79fb4d32694e13e1c8ea107eba15c7ae63cfb876dbf2604e4a898cf7ae14
Opcode Fuzzy Hash: 844acb77baab3334217359fd4bd7146508c1f0573df98ef6f0fcbd0fdb792f02
Instruction Fuzzy Hash: 2FD12371D086A88AE7218B28CC54BEBBBB5EF91304F0441FAD44C67291D67A4BC5DF62

Function 00B41199 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 329
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: ad9246120097d03c1fcde15b0df210fc02c864022a60e2cdd9f72abdb5056d98
Instruction ID: a58ee178a8ae25bf8f89dad68b9114dbbca300450a4f301ce52d2baf63ca39e2
Opcode Fuzzy Hash: ad9246120097d03c1fcde15b0df210fc02c864022a60e2cdd9f72abdb5056d98
Instruction Fuzzy Hash: B1C136A1E086948EF7208628DC98BEB7BB5EF91300F0441FAD44D97281D67A5FC5DF62

Function 00B411A6 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 321
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: ec17dff62597b6a56d606bb1627ea0af0afdf44167222fee6fc6000b538e854d
Instruction ID: 873002cae4db1be10e1a632d369a04cc087865b7888ac07ef5ae4ebe085f4e98
Opcode Fuzzy Hash: ec17dff62597b6a56d606bb1627ea0af0afdf44167222fee6fc6000b538e854d
Instruction Fuzzy Hash: 98C137A1E086948EF7208628DC58BEB7BB5EF91300F0441FAD44D97281D67A5FC5DF62

Function 00B41221 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 77100f7d9f386dfce3410828bc7566292ac64bea5d821fc376af2cac4c212ac8
Instruction ID: 2a2d3a8d6984c9387cfb169436e5744a84e52ff133f20671b5c3095620f95a2a
Opcode Fuzzy Hash: 77100f7d9f386dfce3410828bc7566292ac64bea5d821fc376af2cac4c212ac8
Instruction Fuzzy Hash: B4B125A1D086948EF720C728DC54BEB7BB5EF91300F0441FAD44D97281D67A5BC5DB62

Function 00B412C3 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 284
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 450a28ff0971309f2bcbee9528c331083f677f107c0e6b732b32f2ed8d4abd08
Instruction ID: 56ed0f4b0752d0bd429c523cb735928d026eff1f5dea8692eb336a5d337b0ba6
Opcode Fuzzy Hash: 450a28ff0971309f2bcbee9528c331083f677f107c0e6b732b32f2ed8d4abd08
Instruction Fuzzy Hash: 4CB143A1D086948EF720CB28DC98BEB7BB5EF91300F0440FAD44D97281D67A5BC5DB62

Function 00B41559 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 284
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6b352f522020a5d3b62cd0d01a9c5dbe7ac3a43daff5323f8a211830601bc714
Instruction ID: 47e23dc0f3f69c35d86b593a03efe186e5ad0f331742eac51f673a67cad039b1
Opcode Fuzzy Hash: 6b352f522020a5d3b62cd0d01a9c5dbe7ac3a43daff5323f8a211830601bc714
Instruction Fuzzy Hash: E5B132A1D086A48EF720CB28DC94BEB7BB5EF91300F0441FAD44D97281D67A4BC5DB22

Function 00B412CE Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 283
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 7ae49a5e9895490fa8d78dc0634f2fba44b2f46e4b7574fb95dbbe602f4080e3
Instruction ID: d435bde24fc2990162eed4638117fb21681b442c829b1f87bd77db08028e577b
Opcode Fuzzy Hash: 7ae49a5e9895490fa8d78dc0634f2fba44b2f46e4b7574fb95dbbe602f4080e3
Instruction Fuzzy Hash: D1B133A1D086948EF720CB28DC94BEB7BB5EF91300F0441FAD44C97281D67A5BC5DB62

Function 00B40C1F Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: a68b88ba80c756c6d3376b203e6367bb91a31999e76156b31795c67d9675c94e
Instruction ID: 75f01a3b0208b4f66c089315b522d728b2fc94331ef721f5e2db1a3ddb6385ab
Opcode Fuzzy Hash: a68b88ba80c756c6d3376b203e6367bb91a31999e76156b31795c67d9675c94e
Instruction Fuzzy Hash: 28A123A1D086948AF7208B28DC94BEB7BB5EF91310F0440FAD44D9B281D67E5BC5DF62

Function 00B41568 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 279
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 4dc115ffeb37aafbb2e463a6b0d351b07e23a2d30ee89e178fb50e0f0a8d98e4
Instruction ID: 1148b68274cb2640d8e0be0aab37f70b17b8444ab749eb59b6a034ab8e19b63e
Opcode Fuzzy Hash: 4dc115ffeb37aafbb2e463a6b0d351b07e23a2d30ee89e178fb50e0f0a8d98e4
Instruction Fuzzy Hash: 2FB112A1D086948EF720CB28DC94BEB7BB5EF91300F0441FAD44D97281D67A5BC5DB62

Function 00B41011 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 272
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: eb602ab7a5bd0a0f96ed443d38e08708acdc1dc6f3f35ce2c2f0980cf2525c6a
Instruction ID: d826e19dd109e296e70c1e42fe2f041f6678694114e5260cf669bba77a06ef2b
Opcode Fuzzy Hash: eb602ab7a5bd0a0f96ed443d38e08708acdc1dc6f3f35ce2c2f0980cf2525c6a
Instruction Fuzzy Hash: B7A124A1D086948AF7208B28DC94BEB7BB5EF81311F0444FAD44D9B281D67A4FC5DF62

Function 00B4102F Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 267COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 428ac052a11de3c078f9d5d5212d8a1d832b49f95c74f54b736ba9323b8c0072
Instruction ID: 40048bf3d22b4a8573cdd72d2d0cd67050d3ec7dea98c82701c9dd44087aa4d6
Opcode Fuzzy Hash: 428ac052a11de3c078f9d5d5212d8a1d832b49f95c74f54b736ba9323b8c0072
Instruction Fuzzy Hash: B0A124A1D086988AF7208728DC54BEB7BB5EF91301F0445FAE44D9B281D67A4FC5DF22

Function 00B41038 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 261COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 03ab64d6063661881393cc00a5524f68bbb2e81e346ac86748cd5ec091c39a41
Instruction ID: f18ddc185583b737e93f09f20f50e32ba2b2a354cdc209c01ed8dd8fad27a14a
Opcode Fuzzy Hash: 03ab64d6063661881393cc00a5524f68bbb2e81e346ac86748cd5ec091c39a41
Instruction Fuzzy Hash: BFA112A1D086948AF7208B28DC54BEB7BB5EF81301F0444FAE44D9B281D67A4BC5DF62

Function 00B40B2C Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 255COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6b39e11121b392127d06cf377709e9d89d143386aba3d7696546a4fe9b077b66
Instruction ID: 5d603a8e91defc66613658403790766d532483356b76cc81e930f6afc722064b
Opcode Fuzzy Hash: 6b39e11121b392127d06cf377709e9d89d143386aba3d7696546a4fe9b077b66
Instruction Fuzzy Hash: D4A123A1D086A48AF720CB28DC54BEB7BB5EF81310F0445FAD44D9B281D67A4BC5DF62

Function 00B40B3F Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 252COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6ccafa5a5aee1c6d9ed91c0494dc628e9c5212c18d4d6f9c060404cd3aaaa9c1
Instruction ID: e50012ff21920cbe02efea40ecb0b04a43a142504fb80df0a5276e30dc794914
Opcode Fuzzy Hash: 6ccafa5a5aee1c6d9ed91c0494dc628e9c5212c18d4d6f9c060404cd3aaaa9c1
Instruction Fuzzy Hash: 4EA115A1D086948AF720CB28DC54BEB7BB5EF91301F0444FAD44D9B281D67A4BC5DF62

Function 00B40BF7 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 251COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: c3ba95c9985a528c8395025ee777458acef502c17568c998b85545f98975520e
Instruction ID: 43f6acff152571fdb1ca656a2f479b103766545165788aa5e85b6f7b453d923e
Opcode Fuzzy Hash: c3ba95c9985a528c8395025ee777458acef502c17568c998b85545f98975520e
Instruction Fuzzy Hash: DEA104A1D086A48AF720CB28DC54BEB7BB5EF91301F0444FAD44D9B281D67A4BC5DF62

Function 00B4176D Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 226threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 262c9e69a9af4f7a6771bf3a41cd071edb71207ecbf4ae50d51cc4e12f1610d1
Instruction ID: 3e38a6cc6763a88c22856edc5de94234952e37624125b6d85e655341b521cd4d
Opcode Fuzzy Hash: 262c9e69a9af4f7a6771bf3a41cd071edb71207ecbf4ae50d51cc4e12f1610d1
Instruction Fuzzy Hash: 2C91D3A1D086988AF720C728DC547EB7BB5EF91300F0441FAD48D9B291D67A5BC5DF22

Function 00B41BDF Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 215threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: f4366d7d480c33f4f1ba2575da66eff30d07d3e7dccff87c809ef680102040f6
Instruction ID: 58a417ad56ec8b95657ff7e8225f7fba2c04ae505a5362f8582ce85503ba0e56
Opcode Fuzzy Hash: f4366d7d480c33f4f1ba2575da66eff30d07d3e7dccff87c809ef680102040f6
Instruction Fuzzy Hash: EA8102A1D086A48AFB21C728DC547EB7BB5EF91300F0440FAD44D9B281E67A5BC5DF62

Function 00B9D9D8 Relevance: 21.4, APIs: 1, Strings: 13, Instructions: 378COMMON

Download Yara Rule

Strings

e, xrefs: 00B9E0F8
t, xrefs: 00B9E0F1
a, xrefs: 00B9E0EA
H8=C, xrefs: 00B9DA44
C, xrefs: 00B9E0D5
l, xrefs: 00B9E10D
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: C$F$H8=C$W$^S$a$e$e$e$i$l$r$t
API String ID: 0-237805612
Opcode ID: 00c59835e8e1050ecda41eeea107b807dfeafe649c26c04a9c72a3e119238141
Instruction ID: 09c7d1a55222eedaee16180a197b697f91aa35535bd80dab9ed576288c0fc7f1
Opcode Fuzzy Hash: 00c59835e8e1050ecda41eeea107b807dfeafe649c26c04a9c72a3e119238141
Instruction Fuzzy Hash: 90D179B2D041645FEB208A24DC857EB7BB9EF92310F1840FAD84D52281EA795EC5CB63

Function 00B9D635 Relevance: 21.2, APIs: 1, Strings: 13, Instructions: 233COMMON

Download Yara Rule

Strings

e, xrefs: 00B9E0F8
t, xrefs: 00B9E0F1
a, xrefs: 00B9E0EA
C, xrefs: 00B9E0D5
l, xrefs: 00B9E10D
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
F;G=, xrefs: 00B9D636
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$F;G=$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-3879827509
Opcode ID: 6a0874f6a96ba9ad920a94acfb1c6de61c696c6c3bd7bfc6a37e03b425dc2eea
Instruction ID: 6d4e3d2316037885f764a82c13fbb50278a734f80ad804a065faec5f071dec9c
Opcode Fuzzy Hash: 6a0874f6a96ba9ad920a94acfb1c6de61c696c6c3bd7bfc6a37e03b425dc2eea
Instruction Fuzzy Hash: B0817CB2D041649FFB20CA24DC89BEB7BB8EB52310F1841FAD84D56241D6399FC58B63

Function 00B9CFF4 Relevance: 20.1, APIs: 1, Strings: 12, Instructions: 564COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-2762100914
Opcode ID: c2660635d0efa29323aea206999c3c5358ab896eddd1afe683cc5fb7140cfaa0
Instruction ID: f2333efeb2488e04c67b9239104be7b0781ad0aa61886a159a78a68e1aa6b415
Opcode Fuzzy Hash: c2660635d0efa29323aea206999c3c5358ab896eddd1afe683cc5fb7140cfaa0
Instruction Fuzzy Hash: 161206B2D041649FFB24CA25DC95BFB7BB8EB42310F1441FAD84D56281D6389EC5CE62

Function 00B9D740 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 340COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 0-2762100914
Opcode ID: 3d8f094e8f90a333e05ed6f011ed24216db16322cda782de8138d18670aabaff
Instruction ID: ead7c931a32cbc5b75ae8629117f3a809314c5d841a1b07baedd582201695530
Opcode Fuzzy Hash: 3d8f094e8f90a333e05ed6f011ed24216db16322cda782de8138d18670aabaff
Instruction Fuzzy Hash: D8C148B2D041545FFB248A24DC85BEB7BB9EF91310F1480FAD84D16281E6795FC5CB62

Function 00B9D777 Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 329COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 0-2762100914
Opcode ID: 9fdbb2f0118defb4edc0d81d104ee07fa9c9432a95b9f09d5718fd3e8c55a5fa
Instruction ID: 3ab0a26efabf91259cf7daf037c4e9c1180cd79958b88e68cf06bda8aececcda
Opcode Fuzzy Hash: 9fdbb2f0118defb4edc0d81d104ee07fa9c9432a95b9f09d5718fd3e8c55a5fa
Instruction Fuzzy Hash: E2B156B2D041545FFB248A24DC85BEB7BB9EF91310F1880FAD84D16281E6795EC5CFA2

Function 00B9D8FE Relevance: 19.8, APIs: 1, Strings: 12, Instructions: 315COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 0-2762100914
Opcode ID: 9fefafab28df8df4b5e843904999e313636231e0d8ddd652684e5b72142e3c68
Instruction ID: 795f1a93635b4fc88e2e46c12be4a30af9b22beee2988a625a4d853cb22ef7a4
Opcode Fuzzy Hash: 9fefafab28df8df4b5e843904999e313636231e0d8ddd652684e5b72142e3c68
Instruction Fuzzy Hash: 4DB159A2D041645FFB208A24DC85BFB7BB9EB91310F1880FAD84D12681E6395FC5CB63

Function 00B9D93C Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 236COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 0-2762100914
Opcode ID: 96b7814d178f63d1576fa13cf4ae031935ecf2038c7d45d255c394c1c043f7cb
Instruction ID: b5d375667c3c780a7cefcc2740b174de9005c06fe224cf1011d69b0f12396b8a
Opcode Fuzzy Hash: 96b7814d178f63d1576fa13cf4ae031935ecf2038c7d45d255c394c1c043f7cb
Instruction Fuzzy Hash: DD816AB2D041649FFB208624DC49BEB7BB8EB52314F1841FAD84D16681D6395FC58B63

Function 00B9D643 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 233COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-2762100914
Opcode ID: 34729be37f6c3bd406fd90a105da1bcf0d4d4435e21c33022e09b02d02dc0367
Instruction ID: b62aef1361b0354ee19dc88387776b87c2efc76f27caa66bc2f44c10aec6893a
Opcode Fuzzy Hash: 34729be37f6c3bd406fd90a105da1bcf0d4d4435e21c33022e09b02d02dc0367
Instruction Fuzzy Hash: 8D817AB2D041649FFB20CA25DC49BEB7BB8EB52310F1841FAD84D56241D6399FC58B63

Function 00B9D6E3 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 228COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-2762100914
Opcode ID: 2e23f332cf63429ca4a26cfec203cd53bf8d6e816ebed2cc19355ed3ad1b9437
Instruction ID: abd44695b399d53e3b06bfd1e0c6fde4edc41b2c41f115ca792a0269443b3098
Opcode Fuzzy Hash: 2e23f332cf63429ca4a26cfec203cd53bf8d6e816ebed2cc19355ed3ad1b9437
Instruction Fuzzy Hash: 067159B2D041649FFB20C624DC89BEB7B68EB52314F1841FAD84D56241D6399FC5CBA3

Function 00B9D68A Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 215COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-2762100914
Opcode ID: f805b92a8df69b882ac700561a16d1355f248f72cbfa867d9881f1a808b9ef1a
Instruction ID: 45aa27862a20417b4d90e118a5a0595cd0e6de7e71918431be1daf47edf4bbd1
Opcode Fuzzy Hash: f805b92a8df69b882ac700561a16d1355f248f72cbfa867d9881f1a808b9ef1a
Instruction Fuzzy Hash: 69716BB2D081649FFB20CA24DC497EB7F68EB52314F1841FAD88D56241D6399EC5CB63

Function 00B9D6A3 Relevance: 19.7, APIs: 1, Strings: 12, Instructions: 204COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5
^S, xrefs: 00B9DAF7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$^S$a$e$e$e$i$l$r$t
API String ID: 2962429428-2762100914
Opcode ID: ff6721c2aa13f1da27ba2afcfea939601ae9df158979821c7f65d3d399faf5d2
Instruction ID: f822fcdfb1914f4d0839a1b6d2b069c5419270a4ef8c8887127b840cd736280b
Opcode Fuzzy Hash: ff6721c2aa13f1da27ba2afcfea939601ae9df158979821c7f65d3d399faf5d2
Instruction Fuzzy Hash: 6A6159B2D081649FFB20C624DC49BEB7BA8EB52314F1841FAD84D56241D6399FC58BA3

Function 00B9D3F8 Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 217COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 12d4ac92812902d35f11563bf134e8cec607426211f35c7d6c45573c4d62ab76
Instruction ID: f0e1121fbb77fcd253194fc196d88a9d05884d58121e9b37f2cb48bb3c024856
Opcode Fuzzy Hash: 12d4ac92812902d35f11563bf134e8cec607426211f35c7d6c45573c4d62ab76
Instruction Fuzzy Hash: 527129B2D045649EFB20C625DC88BEB7BB9EB81314F1481FAD84C66681D63C5FC58F62

Function 00B9CF4C Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 209COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 0963571aca47cc684f492eecebc47fdd7829cf7d167129590bc02a9dfd95ca83
Instruction ID: 3dd1115fd32dae5fcd62c26925b809457b5ce1ec925cce1427378b8132fee0f8
Opcode Fuzzy Hash: 0963571aca47cc684f492eecebc47fdd7829cf7d167129590bc02a9dfd95ca83
Instruction Fuzzy Hash: 2F7115B2D041649EFB20C625DC88BEB7B78EB91314F1481FAD84C66681D6395FC5CF62

Function 00B9D3A3 Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 206COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: d748881329fcc699b7eff3dbd0337168da592cad4379649b7d7258a8b5b846e7
Instruction ID: 082f59c71accd51f5ac4e070a0ef4ef3d74f153fcc509d9ab43f750b8be49cea
Opcode Fuzzy Hash: d748881329fcc699b7eff3dbd0337168da592cad4379649b7d7258a8b5b846e7
Instruction Fuzzy Hash: 1D714AB2D085649EFB20C625CC88BEB7B79EB91304F1481FAD84D66681D6385FC5CF62

Function 00B9CFFF Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 198COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: e07dcfd96d2cdcffd84f4207917f34735266ddea4115ee044be62df936208b28
Instruction ID: 512dc142b8fc285bc9d3a10cf279c91056e7e18a0ff0c9a5ac9a29423af45bbf
Opcode Fuzzy Hash: e07dcfd96d2cdcffd84f4207917f34735266ddea4115ee044be62df936208b28
Instruction Fuzzy Hash: E36137B2D041649EFB24C624DC88BEB7B78EB51314F1481FAD84C66681D63C9FC58F62

Function 00B9CF51 Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 193COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 4f5e601d6170a687474205e62f0dd72f00cc7031b49dcb9bd09c47f6c99f16a2
Instruction ID: 3ad628b42674e7fa4cb81d069ed51ad3736fd55927e1a432c21ab3930ec692d1
Opcode Fuzzy Hash: 4f5e601d6170a687474205e62f0dd72f00cc7031b49dcb9bd09c47f6c99f16a2
Instruction Fuzzy Hash: 646115B2D045649AFB20C625DC88BEB7B78EB91310F1481FAD84C66681D63D5FC5CFA2

Function 00B3AA05 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 401processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

e|, xrefs: 00B3AAF8
jjjj, xrefs: 00B3BE2E
3, xrefs: 00B3AB49

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: e|$jjjj$3
API String ID: 963392458-3664671931
Opcode ID: 3dba41fc32f6e05c665d24cecdc361cbec0803541761e3f51412b788bc7c96c6
Instruction ID: 91ecb3f30613c236b2deea02a789bf59256603b7f3be9187000d45c5d26f65c5
Opcode Fuzzy Hash: 3dba41fc32f6e05c665d24cecdc361cbec0803541761e3f51412b788bc7c96c6
Instruction Fuzzy Hash: E9F1BFB2D041699BEB24CB18DC95BEAB7B5EF85300F2481FAE84DA3240D6795FC18F51

Function 00B34863 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 391COMMON

Download Yara Rule

Strings

HOK8, xrefs: 00B4938B
Qj@h, xrefs: 00B49A90

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: HOK8$Qj@h
API String ID: 0-1820051497
Opcode ID: c7aff2d1236d7e88610a91171504af3979652f6d5e6f6fdfdc99b12935a21c3c
Instruction ID: 514b7efa8c62a5b885dd9a3beccd13df3557c49f0eca91a762f21eabc854f8ac
Opcode Fuzzy Hash: c7aff2d1236d7e88610a91171504af3979652f6d5e6f6fdfdc99b12935a21c3c
Instruction Fuzzy Hash: E1E1F5B2D011649BE7248B15DC94BEBBBB5EF81310F1441FAE80D66681E6786FC1CFA1

Function 00B3A76F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON

Download Yara Rule

Strings

48G7, xrefs: 00B4F852
[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: 48G7$[W
API String ID: 0-2613270748
Opcode ID: a6b5139e280069978d9ca34c33c6342866b36cd27806f56c680c101bf1cfd011
Instruction ID: f547cdbfa8d49955437aaa37ab8ce4317f04e98727e171b224085b2027d24854
Opcode Fuzzy Hash: a6b5139e280069978d9ca34c33c6342866b36cd27806f56c680c101bf1cfd011
Instruction Fuzzy Hash: 0C8157B2D006149EF7148A64DC95BFB77B9EB80310F1441FAD80DA7680E67D6FC5CA62

Function 00B348D4 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240COMMON

Download Yara Rule

Strings

HOK8, xrefs: 00B4938B
Qj@h, xrefs: 00B49A90

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: HOK8$Qj@h
API String ID: 0-1820051497
Opcode ID: 98066c8ae52f604843d6b1fd0d87446528c330490a37089092e9a8eb25c32d44
Instruction ID: e18058e8810211cc5a1fad6e5fdbc36af1e111778e8ecf3b247ea0ee3950a5b2
Opcode Fuzzy Hash: 98066c8ae52f604843d6b1fd0d87446528c330490a37089092e9a8eb25c32d44
Instruction Fuzzy Hash: AF91E1B1D051699BEB248A14DC94BEBBBB5EB81304F1441FAD44E66281E6386FC1CF51

Function 00B983D9 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7
APMD, xrefs: 00B983D9

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: APMD$Qh?
API String ID: 71445658-3826885610
Opcode ID: 167adee28c880babfaa74f7941a2c221eba143b42238af1e88efce5925f70ed0
Instruction ID: 844778379aad5edcf2c8ee255d718ee6c7da0b683ccf349fa855c199bf195976
Opcode Fuzzy Hash: 167adee28c880babfaa74f7941a2c221eba143b42238af1e88efce5925f70ed0
Instruction Fuzzy Hash: 9A7145A2D146249BFB208A24DC84BE77B79EF91310F1040FAD84D97281D67D5FC5CBA2

Function 00B96AD6 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 444COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Strings

:O=O, xrefs: 00B972DF

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID: :O=O
API String ID: 4241100979-1235163547
Opcode ID: b7490c10584c8ba5c28c84b1d3d716211eac9895d26977e3e5d13635d7d9961f
Instruction ID: a82025febe786430143fc1b7e5441af37cd98368dd748ae59579abd26f4f5db5
Opcode Fuzzy Hash: b7490c10584c8ba5c28c84b1d3d716211eac9895d26977e3e5d13635d7d9961f
Instruction Fuzzy Hash: 74F1D6F2D581249FFB248B14DC95BEBB7B4EF81310F1441FAE94D66241EA385FC28A91

Function 00B4E508 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 419COMMON

Download Yara Rule

Strings

[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: [W
API String ID: 0-2887293924
Opcode ID: 135efd5f9b170df56fc45e8e61961e0456c4ac0460e2d60b1f62092de0cd6adc
Instruction ID: 20d50b4310b94022deecff2cbe7a459d200dd2cfe4e0b5f5fc758f5309eaf7e3
Opcode Fuzzy Hash: 135efd5f9b170df56fc45e8e61961e0456c4ac0460e2d60b1f62092de0cd6adc
Instruction Fuzzy Hash: CED137A2D04214AAF7248A24EC85AFB7779EF90310F0441FAE80D97680E6795FC59A63

Function 00B986F9 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 328COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: b43673e0d0d64f63a420768b71839fe48d162405696a74acec7a03a0c9f5c81c
Instruction ID: 409bc521ec370af42b395b41967c6cc213555b97cc821a3725e01ce0c82bef91
Opcode Fuzzy Hash: b43673e0d0d64f63a420768b71839fe48d162405696a74acec7a03a0c9f5c81c
Instruction Fuzzy Hash: E8B12BA2D146289BFB208A24DC84BFB77B9EF91310F1440FAD84D97281D67D5EC5CB62

Function 00B9854F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: 48fd78297c41da2610b927695faf6bd15d34286bcc2f98b97441e76f891340ee
Instruction ID: e3a65c6bca4d2a49c0e6a7672ee8dc71ffdc834dd3ff2cb4b18d3627e553f20e
Opcode Fuzzy Hash: 48fd78297c41da2610b927695faf6bd15d34286bcc2f98b97441e76f891340ee
Instruction Fuzzy Hash: 2CB139A2D046289AFB204B24DC84BFB7BB5EF91310F1441FAD84D97281E67D5EC5CB62

Function 00B535B9 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

MA=5, xrefs: 00B5347E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: MA=5
API String ID: 0-87635094
Opcode ID: a6312808692b1f1b699c53d0535f4c5b76d37a8d75a27af7a8ae56b2ded731da
Instruction ID: 9a5514b52854bb26807557c34a72640610d05b16242c9b93a9b14992b7edc318
Opcode Fuzzy Hash: a6312808692b1f1b699c53d0535f4c5b76d37a8d75a27af7a8ae56b2ded731da
Instruction Fuzzy Hash: 34B102F2D051249BE7208A14DC84BFBB7B5EBD5711F1481FAE80E96340E6785FC9CA52

Function 00B983C8 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 268COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: f4f81889b03a9f5161e3f212acfe2d5f51fc9e55ad3ba89e5638efb347f5b5ae
Instruction ID: 4898d35cc00d09de3fbc9b37bd930a3dd5ffbd90e4b7bfd2643edf63d1adb86f
Opcode Fuzzy Hash: f4f81889b03a9f5161e3f212acfe2d5f51fc9e55ad3ba89e5638efb347f5b5ae
Instruction Fuzzy Hash: E39107A2D146249BF7208A24DC84BE77BB9EF91310F1480FAD84D97281D67D5FC5CBA2

Function 00B4E98E Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 261COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Strings

LL<P, xrefs: 00B4EA74

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: LL<P
API String ID: 1726664587-2443076662
Opcode ID: 140d349709f0c188a45a753ea468bdd23ee5d111cf0563b88cae3c81dbf1d2af
Instruction ID: 75a2b71f86e2439faef2d395d9e373e83fd17d053c5cfc0449e7050ff2c6b582
Opcode Fuzzy Hash: 140d349709f0c188a45a753ea468bdd23ee5d111cf0563b88cae3c81dbf1d2af
Instruction Fuzzy Hash: 8F9147B1C052659EE7208B60CC95AFAB7B4FF41310F1480FED84997681E6396EC5DB62

Function 00B982A4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: c3f54e879e29621184847182744fdc9b3c4e75ffabb6fa9adb560d714531102d
Instruction ID: 761b6880ea75f88ae37752d6331d9a9fa0c99d4eee9103fce3ee41bf83bc8256
Opcode Fuzzy Hash: c3f54e879e29621184847182744fdc9b3c4e75ffabb6fa9adb560d714531102d
Instruction Fuzzy Hash: 6B8158A2D142249BF7208A24DC84BE77A78EF91310F1440FAD94D972C1E63D5FC6CBA2

Function 00B99A2F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 253registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 5aa22d61769fb6425d8b90f67b7e038c0045611de96a62be7ff71977fbe81d6c
Instruction ID: 5dced532ed4892bff048ebc5b61e99d9e62a9153c5bcec554d52c6f58a2b32df
Opcode Fuzzy Hash: 5aa22d61769fb6425d8b90f67b7e038c0045611de96a62be7ff71977fbe81d6c
Instruction Fuzzy Hash: 4B8124B2C146249FFB648A28DC85BFB77B8EF45310F1441FED94E66681E6381EC1CA52

Function 00B9835C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: cc4ac58f0ea004a15037403d0605ae9a7d8642fae7b2974e8debeb759e1155f7
Instruction ID: e428239bb28adf84092e74f994c14036445a5df9648bb615b349403767537298
Opcode Fuzzy Hash: cc4ac58f0ea004a15037403d0605ae9a7d8642fae7b2974e8debeb759e1155f7
Instruction Fuzzy Hash: 468107A2D146249BFB208A24DC84BE77B79EF92310F1440FAD84D97281D67D5FC5CBA2

Function 00B997AE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: f188b4904d59c0088afb34655b009d17616b34ac658a029cb1d9d615047c51d4
Instruction ID: 4b7c93f803892e9e643688aba8c0cd8f7e8626ea9aef3c7f56d796b21fe3ce95
Opcode Fuzzy Hash: f188b4904d59c0088afb34655b009d17616b34ac658a029cb1d9d615047c51d4
Instruction Fuzzy Hash: F87105B2D146249EFB648A19DC84BFBB7B4EF45311F0041FED90D66680E6781EC0CB52

Function 00B985B2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: 4d9858ad6bbb029d9ab5dbe0eaaf46d71c6d0f0bd1886e624933c3c2f9b6954d
Instruction ID: ec408269550edaaea6ac9571a0edd61562c85db4e5ea6b284ac21ecb0d84d747
Opcode Fuzzy Hash: 4d9858ad6bbb029d9ab5dbe0eaaf46d71c6d0f0bd1886e624933c3c2f9b6954d
Instruction Fuzzy Hash: 0D7129A2D042289BFB208A64DC84BF77AB9EF51310F1040FAD54D971C1D6795EC5CB62

Function 00B98337 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: cdf9eb6f4b8743255cdc78b4b680ae2e7960c797c81e83628a7952e3ad9dd269
Instruction ID: 733754b16dcc3719daa38eb63026ed82d5a97e2abfa9a655ad80c96672b943f3
Opcode Fuzzy Hash: cdf9eb6f4b8743255cdc78b4b680ae2e7960c797c81e83628a7952e3ad9dd269
Instruction Fuzzy Hash: 2F7127A2D042689BFB208A24DC84BE77B75EF92310F1440FAD54D572C1E6795FC6CBA2

Function 00B997B8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: ef1f894bd7de6b5c5357bded858276bcb0d49cf3a38b8bbd6c22435cb5206894
Instruction ID: 0ffaf4fef716f051950e428e42d0d90c4e82ca7ba74de6825a28814505ea4a5b
Opcode Fuzzy Hash: ef1f894bd7de6b5c5357bded858276bcb0d49cf3a38b8bbd6c22435cb5206894
Instruction Fuzzy Hash: 7371F4B2D146249EFB648A18DC84BFBB7B4EF45310F0441FED94D66681E6781EC0CB52

Function 00B997C5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: dbc7fcbb021754ba02121b2d7054a2945ad6d210af2909f92f1353d23594d1a3
Instruction ID: 64ca026f86c77a38798402c13a8fe28eb965353409328faa87e2e2864f61cf70
Opcode Fuzzy Hash: dbc7fcbb021754ba02121b2d7054a2945ad6d210af2909f92f1353d23594d1a3
Instruction Fuzzy Hash: A17104B2D146249EFB648A18DC84BEBB7B8EF45310F0041FED94D66680E6785EC0CF52

Function 00B99955 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: 7df50ef1ead95016a3011bea91cbca48bf0bc159ba4a31cac764b7adb977cd33
Instruction ID: 30fb9938bca00a7a513b702769dda6caad56dc967e20d13fed431e658020d3c7
Opcode Fuzzy Hash: 7df50ef1ead95016a3011bea91cbca48bf0bc159ba4a31cac764b7adb977cd33
Instruction Fuzzy Hash: C7711BB2D046249EEB648B59DC847EBBBB4EF45311F0041FED84D66281E6381EC0CFA2

Function 00B98689 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 64e73b324a754662f6397a4c49ee7515b7ee6af3abf85df74695dbba4c72fa27
Instruction ID: 425b565eee330b5cd333b7700f6b4a00f7f78ebe005109fff09465280e96a652
Opcode Fuzzy Hash: 64e73b324a754662f6397a4c49ee7515b7ee6af3abf85df74695dbba4c72fa27
Instruction Fuzzy Hash: 876137A2D042649BFB208A64DC84BE77A79EF92310F1040FAD54D972C1D6795FC5CB62

Function 00B98743 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: bdc32cf3d8bb217a39d6c2c2d29b6ab9e2e8835a8293f2f266288eec2ff1c12e
Instruction ID: 34508f97176f7071279a7d81a2181fad300353ab755fff6b194acec965d0e05a
Opcode Fuzzy Hash: bdc32cf3d8bb217a39d6c2c2d29b6ab9e2e8835a8293f2f266288eec2ff1c12e
Instruction Fuzzy Hash: 546147A2D042649BFB208A24DC84BE77A78EF92310F1040FAD94D972C1D67A5FC5CB63

Function 00B495B4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

VirtualProtectEx.KERNELBASE(?,?,00001000,00000040,?), ref: 00B49AA6

Strings

Qj@h, xrefs: 00B49A90

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ProtectVirtual
String ID: Qj@h
API String ID: 544645111-2762301250
Opcode ID: 3717cbc6e8c0853333f6f627db32d5dcb435c8902d2bf3379e64c43ca49130ac
Instruction ID: e7253fb6703290b6fcd3052f4f3c210ac3b9fadbca956c707990c6a58d490735
Opcode Fuzzy Hash: 3717cbc6e8c0853333f6f627db32d5dcb435c8902d2bf3379e64c43ca49130ac
Instruction Fuzzy Hash: 3D71E3B1D091189FE714CA28DCD0AEBB7B9EB85310F1580FAD84D97685D6386EC1CE61

Function 00B97155 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Strings

:O=O, xrefs: 00B972DF

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID: :O=O
API String ID: 4241100979-1235163547
Opcode ID: 8648a33ec8c010cb08e916d5a6a5ee664dab7af7847df3e183da176a33de1e3d
Instruction ID: c87502775978705edfd5e406132e2a2875cf40f89bfb4a207defbec3899f2505
Opcode Fuzzy Hash: 8648a33ec8c010cb08e916d5a6a5ee664dab7af7847df3e183da176a33de1e3d
Instruction Fuzzy Hash: 35512BF2D581545FFB208A24DC85AEB7BF4EF81310F1440FAE84D96640E938ABC58A62

Function 00B98B7F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 173registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 613611480924e13e69686bd9e5aadd932961cdc189dc9b231654ba47b64b8a74
Instruction ID: 44e4a42bc15a8ec7d121381c5ebf9414fdedc85db77745b404e56cc74673af17
Opcode Fuzzy Hash: 613611480924e13e69686bd9e5aadd932961cdc189dc9b231654ba47b64b8a74
Instruction Fuzzy Hash: F5514BB2D04224AAEB208B25CC95BFB77B9EF92300F1440FDE94D56241E6795EC1CF62

Function 00B995FC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: fa11ac3b6f2baedc44f03ad66f4aeb87b5c5fc57b0ad4d4cf41d8eec483e9db4
Instruction ID: eb8c333f6f0b1db0c5608441cb586e3de4ee00e9149202432c6970c66c8ffee1
Opcode Fuzzy Hash: fa11ac3b6f2baedc44f03ad66f4aeb87b5c5fc57b0ad4d4cf41d8eec483e9db4
Instruction Fuzzy Hash: 205115F3D106246FF7208A24EC85BE77668EB91314F1540BAE90D66680D57D5FC18EA2

Function 00B94AFD Relevance: 3.2, Strings: 2, Instructions: 677COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36
BE?@, xrefs: 00B94B51

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: BE?@$uCV
API String ID: 0-1269530686
Opcode ID: 7e20158170f11d7449429adae57f0f38aa0d1dbe5898be55dc8d1b8f63c02f0a
Instruction ID: c056113b05097de3477fda7b8f355d03e49b5201ba521f76f2a66685154eb1c4
Opcode Fuzzy Hash: 7e20158170f11d7449429adae57f0f38aa0d1dbe5898be55dc8d1b8f63c02f0a
Instruction Fuzzy Hash: F252B512E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704AC99B0A

Function 00B94A58 Relevance: 1.9, Strings: 1, Instructions: 678COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: 23d58b488787481adfdcf1e5d9fb0c6fd92abbf23af05cb47b6cb62d2484896d
Instruction ID: 44d82cd791b1a2d53d9d103d1daa12f1fa1aa74ffe28012ec46dc557cb8b531f
Opcode Fuzzy Hash: 23d58b488787481adfdcf1e5d9fb0c6fd92abbf23af05cb47b6cb62d2484896d
Instruction Fuzzy Hash: B452B512E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704AC99B0A

Function 00B949EA Relevance: 1.9, Strings: 1, Instructions: 670COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: 74a83ff51e6cb037361ef7cd7d432925d8366120107e6349fb4a6035ecb5944b
Instruction ID: 0b0b56057fda353f4e532cda0b2204ad98f7fa54b1065358fb6a54166795ed53
Opcode Fuzzy Hash: 74a83ff51e6cb037361ef7cd7d432925d8366120107e6349fb4a6035ecb5944b
Instruction Fuzzy Hash: 9752C412E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704AC99B0A

Function 00B9481A Relevance: 1.9, Strings: 1, Instructions: 664COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: 4d4103673ccb6d33ac9df3bb48d9cfd2c2432435b8c4ba2e8ade471748871692
Instruction ID: a9052c1c225ec4a177a6e764db9d057c94f5fcde544d97e5a74b609b48db5c29
Opcode Fuzzy Hash: 4d4103673ccb6d33ac9df3bb48d9cfd2c2432435b8c4ba2e8ade471748871692
Instruction Fuzzy Hash: B652B412E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704AC99B0A

Function 00B9479B Relevance: 1.9, Strings: 1, Instructions: 664COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: c3de9c4c0d85e25a716f76ce3e7cb6f307d614f17d08f5a3893c167765f33851
Instruction ID: 6ccbbc6d15ac835fd6f44bf2a5382b34b91dc99ed90c79bd681e561c422e2a3d
Opcode Fuzzy Hash: c3de9c4c0d85e25a716f76ce3e7cb6f307d614f17d08f5a3893c167765f33851
Instruction Fuzzy Hash: 7252C512E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704A899B0A

Function 00B947BA Relevance: 1.9, Strings: 1, Instructions: 651COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: 892c261b7b1d5bb0688400d1fff9cba0ae01cce9dd37d30fa1fe7d070eeec8b8
Instruction ID: 8b96a897ba67b16ffc15ca766535c8ed3c6c3ad4654c3ee8701b38a5b313f5c8
Opcode Fuzzy Hash: 892c261b7b1d5bb0688400d1fff9cba0ae01cce9dd37d30fa1fe7d070eeec8b8
Instruction Fuzzy Hash: 9352B412E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704A899B0E

Function 00B94B81 Relevance: 1.9, Strings: 1, Instructions: 645COMMON

Download Yara Rule

Strings

uCV, xrefs: 00B94C36

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: uCV
API String ID: 0-3959665651
Opcode ID: 8be073f0a1baad99046e8a43ec4a45ab7dc1f7d127048612cfb83b5a67bbf133
Instruction ID: c3822885012941feb7d79497cdbee3d0c2769cccc7076c532d5d59a355d3a00d
Opcode Fuzzy Hash: 8be073f0a1baad99046e8a43ec4a45ab7dc1f7d127048612cfb83b5a67bbf133
Instruction Fuzzy Hash: 4852B512E2466987DB78CB39DC1169FA2B3EF58300F05D8FD940DE7664F6704A899B0E

Function 00B9788D Relevance: 1.7, APIs: 1, Instructions: 209COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: e4060d40adc3fd9f9ed1e4c773bfb6e8265e28c089cea169c4f019777d9c2072
Instruction ID: 289c9268a9daa5e4a701f1f6cd5815d948d8cd46ff83a03e4901cb3939f159cc
Opcode Fuzzy Hash: e4060d40adc3fd9f9ed1e4c773bfb6e8265e28c089cea169c4f019777d9c2072
Instruction Fuzzy Hash: 6881B0B1D146289BEB24CB14DC94BFA7BB5EF44310F1881FAD909A7641DA38AFC1CE51

Function 00B53955 Relevance: 1.7, APIs: 1, Instructions: 177threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: abcf63d8226c3dbeb080eb768e63af40779c3bb78f66a8427a3b78640d74467b
Instruction ID: ab03536f03d753de1ff0c40a89941ab621ab5fbd23b7015cfb93dab9bce4395f
Opcode Fuzzy Hash: abcf63d8226c3dbeb080eb768e63af40779c3bb78f66a8427a3b78640d74467b
Instruction Fuzzy Hash: 0A51C3B1D042285BE764CA18CC94AEBB7B5EB85315F0481FADD0D62780DA386FC5CE91

Function 00B53A1D Relevance: 1.7, APIs: 1, Instructions: 157threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 341ff460e2f77d12f63157f66db0c08ed40ac0c723c1733ba32e94161a2d06eb
Instruction ID: e8916d44f613e4aa982695ea11c813ea62a9098ae822849e1083d68abc5d0e5f
Opcode Fuzzy Hash: 341ff460e2f77d12f63157f66db0c08ed40ac0c723c1733ba32e94161a2d06eb
Instruction Fuzzy Hash: A151D3B2D041188BEB24CA14CC91BEAB7B5EB81301F1481FADD0D63780D6786F86CE51

Function 00B365E7 Relevance: 1.6, APIs: 1, Instructions: 315memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 93444332c1aa5a8f9d50233748abbb2f679c7cd79ccba3a6c88cbf5bd95cd00f
Instruction ID: 0b55f70c4f483c84cc34927ad7f73f47152f87332465565a34d935effacc043c
Opcode Fuzzy Hash: 93444332c1aa5a8f9d50233748abbb2f679c7cd79ccba3a6c88cbf5bd95cd00f
Instruction Fuzzy Hash: F2B104B2D00524AFF7248A04DC95FFBBBB9EB80315F2481FAD90D56680DA395EC5CE91

Function 00B35992 Relevance: 1.5, APIs: 1, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 11af34889a470fcc8d3430187de7d69d5551f8e1e489104c391bd929b849914f
Instruction ID: 84c68f9aaa25ce58bdb168038553c45f2c91f621a48dd66511b9869aa1eaeff3
Opcode Fuzzy Hash: 11af34889a470fcc8d3430187de7d69d5551f8e1e489104c391bd929b849914f
Instruction Fuzzy Hash: C17134B2C04514AFF7248A14DD99BFB77B8EB80315F2481FAD90A96180D6795FC5CE12

Function 00B3573A Relevance: 1.4, APIs: 1, Instructions: 199memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fc6b240b6f351846ffd7a7794550524a6f3ac805bb9cb14504d8c3c7ee1fbdb1
Instruction ID: b93ae233d0d25929321e96afcef25720dd3913533b6b1a47374187d7641019cf
Opcode Fuzzy Hash: fc6b240b6f351846ffd7a7794550524a6f3ac805bb9cb14504d8c3c7ee1fbdb1
Instruction Fuzzy Hash: CE6126B2C04119AFF7248A14ED99BF777B8EB40315F2481FAD80996580EB7D5EC8CE52

Function 00B9464D Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6cd54db9be411a05a742f554497d9800039274be18cd1bdd1adc06b5a97e37
Instruction ID: 8e5d3af7b2a8b2161885f0fc2fcd276486c63a88abc2da78f2012928cf531110
Opcode Fuzzy Hash: fb6cd54db9be411a05a742f554497d9800039274be18cd1bdd1adc06b5a97e37
Instruction Fuzzy Hash: 6D42A512A2466987DB78DB79DC1129FA2B3EF58300F04D8FD940DE7664F6704AC99B0E

Function 00B94C48 Relevance: .6, Instructions: 589COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498e567e7dbefb98ab3da0dd403db206ebe1e9db4f5ba87e310e0d4cf3e87e22
Instruction ID: 61469dd34fa3595d219ead0ca9b840ae288713e333912bd36228527e34274eb4
Opcode Fuzzy Hash: 498e567e7dbefb98ab3da0dd403db206ebe1e9db4f5ba87e310e0d4cf3e87e22
Instruction Fuzzy Hash: FC429412A2466987DB78DB79DC1129FA2B3EF58300F04D8FD940DF7664F6704A899B0E

Function 00B94D11 Relevance: .6, Instructions: 584COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ff73659fe7e3f0c7468fab5d9e9dcf90faffb637ec7c4c2459f30e688cc82c
Instruction ID: 7ed3b97577faa815597450ac848df86d85b6f746f0892203296eb4e381ef07b2
Opcode Fuzzy Hash: 07ff73659fe7e3f0c7468fab5d9e9dcf90faffb637ec7c4c2459f30e688cc82c
Instruction Fuzzy Hash: 85429312A2466987DB78CB79DC1169FA2B3EF58300F04D8FD940DE7664F6704A899B0E

Function 00B94D22 Relevance: .6, Instructions: 582COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5aeab3714a05b3a0dae3d9a99c49b617bd5c1769e61475138dde2c4926b365
Instruction ID: 8a11acfb2a3a2fd665a1f4e20f4c1d36d01907196aaa094950eae4cc87a47547
Opcode Fuzzy Hash: 9e5aeab3714a05b3a0dae3d9a99c49b617bd5c1769e61475138dde2c4926b365
Instruction Fuzzy Hash: 7442A312A2466987DB78CB79DC1129FA2B3EF58300F04D8FD940DF7664F6704A899B0E

Function 00B94C5A Relevance: .6, Instructions: 580COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2102b9983f4e5aad6f780c3bb305f90e62864f9985524531b830f2548971782
Instruction ID: 991268ae38103f3caecf239dfdb02cd3195c1471a5b779bb24b4d7b28cb30c13
Opcode Fuzzy Hash: f2102b9983f4e5aad6f780c3bb305f90e62864f9985524531b830f2548971782
Instruction Fuzzy Hash: 33429412A2466987DB78DB79DC1129FA2B3AF58300F04D8FD940DF7664F6704AC99B0E

Function 00B94DA7 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b8f89c78f365d4ba023b48e339609bc778936a7baa0c0225d04682052b6e89
Instruction ID: 087076ef2d803cecb2c5dc504e8a390918adcba150b80f8de4f44a28a29f20eb
Opcode Fuzzy Hash: 37b8f89c78f365d4ba023b48e339609bc778936a7baa0c0225d04682052b6e89
Instruction Fuzzy Hash: 20429312A2466987DB78CB79DC1129FA2B3AF58300F04D8FD940DF7664F6704A899B0E

Function 00B94672 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa28c16bd5c256e6bb1e9407130cf279fec226ada43d4b248d4ca1568f9c8d07
Instruction ID: e06387b0b161f763d2ca8c253258adfbd945d88f10f0e3e2521826b5f87a9690
Opcode Fuzzy Hash: fa28c16bd5c256e6bb1e9407130cf279fec226ada43d4b248d4ca1568f9c8d07
Instruction Fuzzy Hash: 49429412A2466986DB78DB79DC1129FA2B3EF58300F04D8FD940DE7664F6704AC99B0E

Function 00B94DAC Relevance: .6, Instructions: 578COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 470462819948c91e2f6baf302f4ac4256563253d9730faf572d35be2f27591d7
Instruction ID: f07cb07ff74367e3e31a8d2da01a188bf8f61a8949fb179760f808721638e374
Opcode Fuzzy Hash: 470462819948c91e2f6baf302f4ac4256563253d9730faf572d35be2f27591d7
Instruction Fuzzy Hash: 42429312A2466987DB78DB79DC1129FA2B3EF58300F04D8FD940DF7664F6704A899B0E

Function 00B95172 Relevance: .6, Instructions: 578COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fac0700508e457a88d76806ff6e9a546318000cdd52a18213e7c793b4d9c6468
Instruction ID: 5171007e8187d3e4cdb27764f32f2dbb6acef601b95b96aa9e1c6c6278791a7a
Opcode Fuzzy Hash: fac0700508e457a88d76806ff6e9a546318000cdd52a18213e7c793b4d9c6468
Instruction Fuzzy Hash: 92429312A2466987DB78DB79DC1129FA2B3AF58300F04D8FD940DF7664F6704AC99B0E

Function 00B94C92 Relevance: .6, Instructions: 576COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6431742f447d855927a9c7bea5268b0ba3367f8daed63d1cfa17a3f6bf0ef4
Instruction ID: 793f9aa45d953b5db80d9457cb2c1c26f150a2961b4a3bc39cca9d908cc82020
Opcode Fuzzy Hash: 3e6431742f447d855927a9c7bea5268b0ba3367f8daed63d1cfa17a3f6bf0ef4
Instruction Fuzzy Hash: D1429312A2466987DB78DB79DC1129FA2B3EF58300F04D8FD940DF7664F6704A899B0E

Function 00B93E0B Relevance: .6, Instructions: 575COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ea489bf442f2e2140d18fc83fb3d288ef5cbf678d14eca11dcdfaa47c780e6a
Instruction ID: 80489232814032adbf2801fda5aa594b3d568ff66a7fbb4afe4c70fe3a5e6eb1
Opcode Fuzzy Hash: 4ea489bf442f2e2140d18fc83fb3d288ef5cbf678d14eca11dcdfaa47c780e6a
Instruction Fuzzy Hash: EA429312A2466986DB78DB79DC1129FA2B3EF58300F04D8FD940DF7664F6704AC99B0E

Function 00B416BF Relevance: 35.2, APIs: 1, Strings: 19, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

7C=X, xrefs: 00B416C1
M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: 7C=X$M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3634595442
Opcode ID: bf5b08b61f1f49335c4ba1961894fdaa3af5ef3f80f58a27d04ca77409556135
Instruction ID: ebe66a5a0f239fec280a50e03414ed6acdba81d7d331fe9b73090c7aa5760c6c
Opcode Fuzzy Hash: bf5b08b61f1f49335c4ba1961894fdaa3af5ef3f80f58a27d04ca77409556135
Instruction Fuzzy Hash: 4591F1A1D086A88EE721CB28DC547EB7BB5EF51301F0440FAD44D9B281D6BA5BC5DF22

Function 00B410A8 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 230COMMON

Download Yara Rule

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: db7eb60b99b1cdce69def50a63989aa54ac694bb237113558e5e1f59828d6909
Instruction ID: eb1cf22d95279868f9a37fe2f43ee3a4e8b04c4c88124540c978bcdd3f40d7be
Opcode Fuzzy Hash: db7eb60b99b1cdce69def50a63989aa54ac694bb237113558e5e1f59828d6909
Instruction Fuzzy Hash: 189103A1D086948AF720CB28DC54BEB7BB5EF91300F0444FAD44D9B281D67A5BC5DF62

Function 00B416F0 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 216threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: eb34d95d95800202ab416b5984b4af080cc07e3db2fcd57dd2615fdc96d9259e
Instruction ID: 0d7680c103dd8caefa362d16878cfe605124dbd34a16c770b677252c0c78a780
Opcode Fuzzy Hash: eb34d95d95800202ab416b5984b4af080cc07e3db2fcd57dd2615fdc96d9259e
Instruction Fuzzy Hash: 178122A0D086988EE721CB28DC547EB7BB5EF91300F0441FAD44C9B291D67A5BC5DF22

Function 00B40864 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 215threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 23c4838bbbab62424123fe109bb222c9ea99670f931ba2b2bea959848843be8a
Instruction ID: 8165b1efe594d90679e206bfa2a7a23ad062bc301cbffb26d5aeecf405b446f3
Opcode Fuzzy Hash: 23c4838bbbab62424123fe109bb222c9ea99670f931ba2b2bea959848843be8a
Instruction Fuzzy Hash: A781F3A1D086948AF720CA28DC547EB7BB5DF91301F0440FAD44D9B281D6BE5BC5DF62

Function 00B4183E Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 208threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 2ce7c5bcb4186651efda36c16a3f51d79a116bc30f7e7bf0a099a578f207d204
Instruction ID: 9a471e7bd1d5a848a740359b2c04b0cd4be86b1f3e7e692bebb681b7b7ef7f29
Opcode Fuzzy Hash: 2ce7c5bcb4186651efda36c16a3f51d79a116bc30f7e7bf0a099a578f207d204
Instruction Fuzzy Hash: C78102A1D086948AF720CB28DC54BEB7BB5EF91301F0441FAD44D9B281D6BA5BC5DF22

Function 00B417B2 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 208threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6cf07029c6afb5e60930422e282b57c01c388124ddf09f8b1a2e7bf0a2b2e766
Instruction ID: 85f90e6f87ed51e4fcfb1ecba65701c7b855e1556915e17b1a5e1a680ccc05fa
Opcode Fuzzy Hash: 6cf07029c6afb5e60930422e282b57c01c388124ddf09f8b1a2e7bf0a2b2e766
Instruction Fuzzy Hash: 678102A1D086988AF721CB28DC947EB7BB5EF91300F0440FAD44D9B291D67A5BC5DF22

Function 00B417BB Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 206threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 0ff6de46a3414543cb7f0df893307e144931cbdfd716928f3cd0b777ba6b7b2f
Instruction ID: 4fdaf3b9f37a66449ac68eb2457a29d41402e20648f30b8404902c7cd63733ec
Opcode Fuzzy Hash: 0ff6de46a3414543cb7f0df893307e144931cbdfd716928f3cd0b777ba6b7b2f
Instruction Fuzzy Hash: 178100A0D08A988AF720CB28DC547EB7BB5EF91301F0441FAD44D9B281D67A5BC5DF22

Function 00B410FF Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 205threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6c0707995ebd23d25e52c71895fac481955ae37f310cd51f85951da0009297ef
Instruction ID: a86901dd8d0da0350279801b24f7377092e534c4675c3fee79da868bed521cc0
Opcode Fuzzy Hash: 6c0707995ebd23d25e52c71895fac481955ae37f310cd51f85951da0009297ef
Instruction Fuzzy Hash: D581E0A1D086948AFB20C628DC547EB7BB5EF91301F0440FAD44D9B281D6BE5BC5DF22

Function 00B41703 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 204threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: b4628df3ade875b58f57b8968671842ecf493c8174b45dc6aa282c95754c1a57
Instruction ID: 199d19d5ce57a2eec0af30f42be1b1e918bf21bde1ee28acc9cbaddf5b71bad8
Opcode Fuzzy Hash: b4628df3ade875b58f57b8968671842ecf493c8174b45dc6aa282c95754c1a57
Instruction Fuzzy Hash: 5281F2A1D086948AF720CB28DC547EB7BB5EF91301F0440FAD44D9B281D67A5BC5DF22

Function 00B41735 Relevance: 33.4, APIs: 1, Strings: 18, Instructions: 200threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,?), ref: 00B41C52

Strings

M, xrefs: 00B41CFC
r, xrefs: 00B41CD2
c, xrefs: 00B41CE0
e, xrefs: 00B41CB6
e, xrefs: 00B41D03
s, xrefs: 00B41CF5
P, xrefs: 00B41CCB
e, xrefs: 00B41CE7
R, xrefs: 00B41CAF
r, xrefs: 00B41D18
o, xrefs: 00B41D11
MIMK, xrefs: 00B41DBD
m, xrefs: 00B41D0A
d, xrefs: 00B41CC4
y, xrefs: 00B41D1F
a, xrefs: 00B41CBD
o, xrefs: 00B41CD9
s, xrefs: 00B41CEE

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: M$MIMK$P$R$a$c$d$e$e$e$m$o$o$r$r$s$s$y
API String ID: 983334009-3061001137
Opcode ID: 6c549fdd83ce4fa6faef8d5ee1ebda0060369e573b31a995d64be48a2a7bdf62
Instruction ID: 558add2836eae40382770f0a51e2fef26777492bc3a2a3e43c7e5267446be3da
Opcode Fuzzy Hash: 6c549fdd83ce4fa6faef8d5ee1ebda0060369e573b31a995d64be48a2a7bdf62
Instruction Fuzzy Hash: 4D81F2A1D086988AF721CB28DC547EB7BB5EF91301F0440FAD44D9B281D67A5BC5DF22

Function 00B9C145 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,?,00000000,00000001,?,?,?,?,?,00B9BA35,?,?,?), ref: 00B9C1BF

Strings

l, xrefs: 00B9C204
C, xrefs: 00B9C1C5
s, xrefs: 00B9C1DA
d, xrefs: 00B9C1FD
l, xrefs: 00B9C1CC
e, xrefs: 00B9C1E1
H, xrefs: 00B9C1E8
n, xrefs: 00B9C1F6
o, xrefs: 00B9C1D3
a, xrefs: 00B9C1EF
e, xrefs: 00B9C20B

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Value
String ID: C$H$a$d$e$e$l$l$n$o$s
API String ID: 3702945584-2848555115
Opcode ID: cbef2520bba153b37245a345eb1ee0d53128b10a4a4e7e34548f024ea34203ee
Instruction ID: 7a459a0ff42584846fb0d932b1f550f66d10440dd19907c7138d3918c0018a3b
Opcode Fuzzy Hash: cbef2520bba153b37245a345eb1ee0d53128b10a4a4e7e34548f024ea34203ee
Instruction Fuzzy Hash: 6F319671C04AA88EDB25CB18CC54BDBBBB5EB41306F0440EAD58DA7281D67A4FC6CF21

Function 00B9DB24 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 144COMMON

Download Yara Rule

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 1bc4ff69569e447e81788698f77d4a667e7364999969ad586fae02f950d619ca
Instruction ID: 88e9ebc628276e6c1c63e485b8528515f16c2c34faafb84e6c92b98897d1ee93
Opcode Fuzzy Hash: 1bc4ff69569e447e81788698f77d4a667e7364999969ad586fae02f950d619ca
Instruction Fuzzy Hash: E3412772D085A49FEB20C624DC487EB7FB4EB92310F1841FAD48D56242D6399FC58B63

Function 00B9E025 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 143COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 8c84eb2498c86c831e44ad618b3076780d47a53b7a973434160624bcbf70a3fd
Instruction ID: 3302cf98a3649130d547ec4280fd321687df7bc54c20f2c1114fb6dc5b68b19f
Opcode Fuzzy Hash: 8c84eb2498c86c831e44ad618b3076780d47a53b7a973434160624bcbf70a3fd
Instruction Fuzzy Hash: AD513AB2D081989FFB20C624DC487EB7B78DB52314F1841FAD84C16681D6799FC58B63

Function 00B9DBE6 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 142COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 9aeb634126e464a417390af33ae9a276c8398577c5f151e692fc43bb257f99b8
Instruction ID: fc0d6b64e587a100f0936fb2812a4f4f44d31371a6320cbef317fe779233fc48
Opcode Fuzzy Hash: 9aeb634126e464a417390af33ae9a276c8398577c5f151e692fc43bb257f99b8
Instruction Fuzzy Hash: 264105B2D081A49FFB20C624DC48BEB7F68EB52314F1841FAD84C26641D6799FD58B63

Function 00B9DBDF Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 142COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: a5389604e7e75adf474e2d26d3ac21f29f28ff98541596f2f3c9b5f9bcc8bc35
Instruction ID: 6eddd92fd1684494c966bef60e28a94e4fdb6e87e79868e79d04f6c5da5ca78f
Opcode Fuzzy Hash: a5389604e7e75adf474e2d26d3ac21f29f28ff98541596f2f3c9b5f9bcc8bc35
Instruction Fuzzy Hash: 7F4105B2D081649FFB20C624DC48BEB7F68EB52314F1841FAD84C26641D6399FD58BA3

Function 00B9CCBF Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 140COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 555ebb2c78ca7e751645a3c70289a98963d1babe1acb9d1b93f300c726800cf5
Instruction ID: 310c7334f11d946eec6257754050147741532e0150fb9138a341d486fa879f46
Opcode Fuzzy Hash: 555ebb2c78ca7e751645a3c70289a98963d1babe1acb9d1b93f300c726800cf5
Instruction Fuzzy Hash: A4414A72D085A49BFB20C624DC48BEB7F64EB52314F0841FAD84C26681D67D9FC58BA3

Function 00B9E04C Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 131COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: bd52a6b4f6fe0edd6ff13beabf53667afb404ee7a5e905785d05ab6062f3e9f8
Instruction ID: 15bda8c7f8eb57960520692fff15c4888acf2fc6b0cbfd7239b524f2791ecda1
Opcode Fuzzy Hash: bd52a6b4f6fe0edd6ff13beabf53667afb404ee7a5e905785d05ab6062f3e9f8
Instruction Fuzzy Hash: 36412772D085A49FEB20C624DC487EB7F75EB92310F1441FAD44C26681D6799FC58F62

Function 00B9DB4C Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 131COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: f57878aa0251c2b76495e3a0355d15fdbd722b7843ba6bdf00a1748985cce884
Instruction ID: 57851ed280ee1e7ae29cb36bb729c40e8d04f634458dbca50d4c2359dfc81641
Opcode Fuzzy Hash: f57878aa0251c2b76495e3a0355d15fdbd722b7843ba6bdf00a1748985cce884
Instruction Fuzzy Hash: B8411672D085A89FEB20C624DC487EB7FB8EB52310F1441FAD88C66641D6799FC58F62

Function 00B9DC92 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 130COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: d29299a2858a487889b8c10b5bc62c567a88827b6e0d4df4337995951086fa90
Instruction ID: 60051891f9c480089674c44f8712a806e9a5b6e44a4902889035d935e89ba221
Opcode Fuzzy Hash: d29299a2858a487889b8c10b5bc62c567a88827b6e0d4df4337995951086fa90
Instruction Fuzzy Hash: D5410572D085A89FEB20C624DC487EB7F74EB52310F1841FAD48D26642D6799FC58F62

Function 00B9DC87 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 129COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: a9f0259b580f5ddedbd784bdd0bddb6f1970d8d654decb34d67e0f31ea2598a9
Instruction ID: 432255f3d15eeb9eec7407a9d963d8cb117ab1aea6424787f5d1d60e1f45d454
Opcode Fuzzy Hash: a9f0259b580f5ddedbd784bdd0bddb6f1970d8d654decb34d67e0f31ea2598a9
Instruction Fuzzy Hash: 1C410672D081A49FEB20C628DC487EB7B74EB52310F1441FAD44D26642DA799FC58B63

Function 00B9E05B Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 129COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: f9e346c2e89f0537d4b5c67fb704638c1b343bb696ac10321ff18a756b12a826
Instruction ID: a2573a294643c59fd858c86160b0827a2489dc0eb78c6a72618a6f3367bc1518
Opcode Fuzzy Hash: f9e346c2e89f0537d4b5c67fb704638c1b343bb696ac10321ff18a756b12a826
Instruction Fuzzy Hash: B5412772D085A89FEB20C624DC487EB7F74EB52310F1441FAD88C66641D6399FC58F62

Function 00B9DB7B Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 125COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00B9E09D

Strings

l, xrefs: 00B9E10D
e, xrefs: 00B9E0F8
i, xrefs: 00B9E106
F, xrefs: 00B9E0FF
t, xrefs: 00B9E0F1
e, xrefs: 00B9E114
W, xrefs: 00B9E11B
a, xrefs: 00B9E0EA
e, xrefs: 00B9E0E3
r, xrefs: 00B9E0DC
C, xrefs: 00B9E0D5

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CloseHandle
String ID: C$F$W$a$e$e$e$i$l$r$t
API String ID: 2962429428-2654231525
Opcode ID: 186b481fa8fff59492b683387c446c8e19f02964b8e9c8b2395c442cf51e0ebd
Instruction ID: 865afc337128dcb9ca28b0ddcb7b5918245defb992f93adfffdeb39677c89958
Opcode Fuzzy Hash: 186b481fa8fff59492b683387c446c8e19f02964b8e9c8b2395c442cf51e0ebd
Instruction Fuzzy Hash: 2A410572D081A89FEB20C624DC487EB7F74EB52314F1841FAD48C66642D6799FC58F62

Function 00B4EB1C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Strings

3, xrefs: 00B4EC37
e|, xrefs: 00B4EBE6
23HP, xrefs: 00B4EDA7

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: 23HP$e|$3
API String ID: 1726664587-2865655517
Opcode ID: 885aeaa3b46716b2708c94a56eb1deb35aa8dc26139e4152923be4ed88c0baa8
Instruction ID: c0b492154a22b51362af512a3843f0d1122ab8d034450b0ae139f6c78b87ab42
Opcode Fuzzy Hash: 885aeaa3b46716b2708c94a56eb1deb35aa8dc26139e4152923be4ed88c0baa8
Instruction Fuzzy Hash: E06146B4D097688AEB25CB18DC996E9B7B1FF58300F1081EAE84DA2201E7355FC5DF51

Function 00B98CED Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7
3, xrefs: 00B98E32
e|, xrefs: 00B98DE1

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?$e|$3
API String ID: 71445658-1848868468
Opcode ID: 43adf9ce3df25287de86ff1f92c1a20395fa8c7c4a7a0c0e2f1928a3ddad7e39
Instruction ID: 341ca9715766c2a6f005585db81fd5f52cb637bf818f2e1c697e7db463a2ca2d
Opcode Fuzzy Hash: 43adf9ce3df25287de86ff1f92c1a20395fa8c7c4a7a0c0e2f1928a3ddad7e39
Instruction Fuzzy Hash: DE615CB5D056688AEB25CF28CC516E9BBB5AF59344F0482E9E44CA3341EB314FC5CF51

Function 00B34A3F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197COMMON

Download Yara Rule

Strings

HOK8, xrefs: 00B4938B
Qj@h, xrefs: 00B49A90

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: HOK8$Qj@h
API String ID: 0-1820051497
Opcode ID: 5797d47e3d45096d2ab2e2a3f614386586d4d7beb0c27eb8db74e82377ebf8cd
Instruction ID: 24cd405d979dcfe4f08fa89c578e1f39567ec292bd0b8c3200e8c7d70e15e1dd
Opcode Fuzzy Hash: 5797d47e3d45096d2ab2e2a3f614386586d4d7beb0c27eb8db74e82377ebf8cd
Instruction Fuzzy Hash: 906126B2D055685BE7248A14DC94BEBBBB4EB81314F1440FAE84E66281E6386FC1DF51

Function 00B4CC3F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Strings

e|, xrefs: 00B4CD0F
3, xrefs: 00B4CD60

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: e|$3
API String ID: 3559483778-1726640827
Opcode ID: 37a8176889d54da0810ae87b4cd2c319062a7f4580416b6c1f5b7cec5845b3c7
Instruction ID: 80484ae0d8b98d12bb04a44713e49b3542536dcd0fa9f6810752c9dd7ae52d71
Opcode Fuzzy Hash: 37a8176889d54da0810ae87b4cd2c319062a7f4580416b6c1f5b7cec5845b3c7
Instruction Fuzzy Hash: CC6135B5D096698BDB25CB18CC94AE9BBF1EF88300F1041EAA80DA2300E7745FC6CF55

Function 00B4F376 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 226COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Strings

[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: [W
API String ID: 1726664587-2887293924
Opcode ID: bec1b086f5ef79acea4f300e557c00f465b246422cf87361c0fa5fcc1a3c6acc
Instruction ID: ebe011a499d813c2155a72a83ae117b658e2cc12b38353ffd666b7437b5b02e4
Opcode Fuzzy Hash: bec1b086f5ef79acea4f300e557c00f465b246422cf87361c0fa5fcc1a3c6acc
Instruction Fuzzy Hash: E4612CF2D041146FF7108625EC85AFB7BB8EBC5310F1441F6E80D96680E67D5FD58A92

Function 00B3A82E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 30402d284302e3696be83f5c15edeeb3d8aa04938408c520dbf496c2bd36f427
Instruction ID: debdb14e6b78b1edeba083c161b663d74df8d3c706b3d4ba93378056aeb42764
Opcode Fuzzy Hash: 30402d284302e3696be83f5c15edeeb3d8aa04938408c520dbf496c2bd36f427
Instruction Fuzzy Hash: 837158B2E002559BE724CA18DC95BFB7778EF80300F3041FAE94E66680E6785EC1CE52

Function 00B4CABD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Strings

=EHN, xrefs: 00B4CBDD

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: =EHN
API String ID: 3559483778-4237302225
Opcode ID: b2dccd75884a243e7b0995a71ce5a884080f2bad788a15255211fc85f831127a
Instruction ID: c3440f1be0052f2d57de60273de4ac6ef0cf6ebc8c9b4e3ec904423c0b82894d
Opcode Fuzzy Hash: b2dccd75884a243e7b0995a71ce5a884080f2bad788a15255211fc85f831127a
Instruction Fuzzy Hash: 085138F2D041299AE7648B15DC45AFF77B4EB84710F1482FEE90E92241E6385FC1DBA2

Function 00B983A2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: ca80d1b092c2e76a4f8d3a268542948fc67f50f55c68a78ff0f554b05843d91e
Instruction ID: c11a939b22e2656ba5388a0bbbf3cea0ff88adf1a355d0c5bc27b39e375d28bc
Opcode Fuzzy Hash: ca80d1b092c2e76a4f8d3a268542948fc67f50f55c68a78ff0f554b05843d91e
Instruction Fuzzy Hash: 375148A2D042689BFB208A24DC84BE77A79EF92310F1040FAD54D972C1D6795FC6CB63

Function 00B5331A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

MA=5, xrefs: 00B5347E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: MA=5
API String ID: 0-87635094
Opcode ID: 3484a149acf8b9bd23113b7725f1a6915742a1557b31e80e80e80d6ee415ba19
Instruction ID: ab5539825a68f1a0f2bbc8525020245f355d2296f639dd52d1f81ec0522f5b2e
Opcode Fuzzy Hash: 3484a149acf8b9bd23113b7725f1a6915742a1557b31e80e80e80d6ee415ba19
Instruction Fuzzy Hash: F551E1F2D051249FF7108A14DC88BEAB7B5EBD1711F2881FAEC0D56780D6785FC98A92

Function 00B99854 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 172registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 769dfc5479b34093fbd938f5462167455917f8c90236e24adc20cd1ec19a95f1
Instruction ID: f5061b36215508f6aa9c2adcbd6df5125597f15bd4db3e81d0067871b66a11f1
Opcode Fuzzy Hash: 769dfc5479b34093fbd938f5462167455917f8c90236e24adc20cd1ec19a95f1
Instruction Fuzzy Hash: B95115B2D146289EEB248A18DC84BEBBB74EF55311F0440FAD94D67281E6781EC0CF92

Function 00B99862 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 1b2f2cc62cb6aceb973296cc5bf960a721fc72d89e47e12a65d62f3e97bed3e8
Instruction ID: 7e07186e5e474b1346e076a2b521104522ef2644e886503e54fcc15d1d41f002
Opcode Fuzzy Hash: 1b2f2cc62cb6aceb973296cc5bf960a721fc72d89e47e12a65d62f3e97bed3e8
Instruction Fuzzy Hash: 295107B2D146249EFB248A18DC85BEBBB74EF55311F0440FAD94D63281E6785EC0CF92

Function 00B3A838 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 558ad554517b06e62e993fea7c0cdb79856e6adc527f4ed2bb4ae7f17f870b95
Instruction ID: dd700b70dc725c3fbabc4994bb73e6068086a58ecc2422da2ac9e8b67b04b938
Opcode Fuzzy Hash: 558ad554517b06e62e993fea7c0cdb79856e6adc527f4ed2bb4ae7f17f870b95
Instruction Fuzzy Hash: 415118B2E051659ADB248B15CC85BFFB7B4EF80701F3441FAE54E66280E6780EC1CA52

Function 00B988C7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 943dea929cea9a30c71205d9528983141f2eed110c22b70dfa04f79cf7ee7929
Instruction ID: 092ac406361fc5a89e3066175f325b4af2363f28e35fb1f3a7510fe049733b75
Opcode Fuzzy Hash: 943dea929cea9a30c71205d9528983141f2eed110c22b70dfa04f79cf7ee7929
Instruction Fuzzy Hash: 665128B2D046249FFB148A24DC85BEB7B74FB81310F1481FAD90D26281D6795EC1CE92

Function 00B4E886 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

LL<P, xrefs: 00B4EA74

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: LL<P
API String ID: 1726664587-2443076662
Opcode ID: 9d20e80ca32713fc7ea563ad6e6067c3dd0679396dcfb8f15a763a49a1d29f54
Instruction ID: 3cc4aebd84189403ec373b0621afa916f4bac83f660bb42cc983a020fd61f903
Opcode Fuzzy Hash: 9d20e80ca32713fc7ea563ad6e6067c3dd0679396dcfb8f15a763a49a1d29f54
Instruction Fuzzy Hash: 395113A2D052699AE7208B60DC80BFAB7B4FF55300F1440FED89D93280E6795FC5DB62

Function 00B4F52A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: [W
API String ID: 1726664587-2887293924
Opcode ID: cbd1dc4e7e2db0a78cbfb5d415d084fd2644671992db45e4a98cd2c9aa232a99
Instruction ID: 5b33e992f5a7b42c5904c93fb59752cdc5ae8a432c3494a00ab8566d4e10e6d9
Opcode Fuzzy Hash: cbd1dc4e7e2db0a78cbfb5d415d084fd2644671992db45e4a98cd2c9aa232a99
Instruction Fuzzy Hash: EA41F6F2D14115AFF7108A14EC95BFB77A8EB50310F1442FAEC0D97281E67A6FC49A62

Function 00B99983 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: a1d1f61210c74bcc7e4e048a86169ac3897476971b913546bc833e5342df15fa
Instruction ID: e74ba041770fb811591903f6f4458ceec4bfe5573cf63a62a68be317c7b4fd3a
Opcode Fuzzy Hash: a1d1f61210c74bcc7e4e048a86169ac3897476971b913546bc833e5342df15fa
Instruction Fuzzy Hash: 624106B2D146389EEB248A18DC84BEBBBA4EB55310F0041FAD94D22181D6781FC0CF92

Function 00B9998E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: Qh?
API String ID: 0-2306691335
Opcode ID: fd2a86186ef3ded7bca25fd179ccf78587e938a036ed516a57fa69dcf5f17430
Instruction ID: 6d9e3fb41c4b01cca878abeb0368fb8b63986769ed19fa07ede663bd68746dfa
Opcode Fuzzy Hash: fd2a86186ef3ded7bca25fd179ccf78587e938a036ed516a57fa69dcf5f17430
Instruction Fuzzy Hash: 244107B6D106389FEB248A18DC84BEBBBA4EF55311F0041FAD94D22181D6785FC1CF91

Function 00B99720 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 92930af427c3645a1dd84830d59a085b58162def3d1eb16d9d2f5ad841d19811
Instruction ID: d30cadb2897ea7517d09b0a5d0728bd986eb69af2d584ef5f3cdb6bdb80af342
Opcode Fuzzy Hash: 92930af427c3645a1dd84830d59a085b58162def3d1eb16d9d2f5ad841d19811
Instruction Fuzzy Hash: 3941E4B6C14638AFE7648A54DCC4BE7BBA8EB05311F1440FADD4D26180DA7D5EC1CEA2

Function 00B9991E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 0bdfb7418cfcd304e516a12610c02201f39009fb654208a06b519eeb2c8b895b
Instruction ID: 2a52bfff6e3f7ea45b156484e0b6efce1f31a9b9279dbe04417ddc846c42a30e
Opcode Fuzzy Hash: 0bdfb7418cfcd304e516a12610c02201f39009fb654208a06b519eeb2c8b895b
Instruction Fuzzy Hash: 264139B2D146389FEB248658DC84BEBBBA4EF55311F0541FED94D22181E6785FC0CE92

Function 00B98882 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 67461d5f78eb5148845866bd8ba2a5a8ecc51fad9fe4c54c56f53f6087bf46e6
Instruction ID: 09d2e60e5d6a5bb0a9b057bbd13b9b24212529009ae9ac21194e5095cba76115
Opcode Fuzzy Hash: 67461d5f78eb5148845866bd8ba2a5a8ecc51fad9fe4c54c56f53f6087bf46e6
Instruction Fuzzy Hash: E8314CB2D046549FFB208A24CC85BF77BB8EF92310F1041FAD98956582D6384AC6CF62

Function 00B99773 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 1b7ef68ceb34b8b185dbc36cf90a250f94183f321910802406ded164342d8e13
Instruction ID: 2050f869f08784ac93ffa9cb2aba61c695e5b0a27478b0a0c3d1b35328cf44eb
Opcode Fuzzy Hash: 1b7ef68ceb34b8b185dbc36cf90a250f94183f321910802406ded164342d8e13
Instruction Fuzzy Hash: 3C3148B2C146286FE7148A54DCC4BE7BBA4EB01311F0440FAD98E26181DA795EC1CEA2

Function 00B98889 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 7b1aed36e4f6648ac15c7e0b9e2ab4c3d32a383bb103470a92bfad966952cf7a
Instruction ID: af776b2ee43508d51e8e297633d7b4f62ceaf96df1a859ee241166218029a5f8
Opcode Fuzzy Hash: 7b1aed36e4f6648ac15c7e0b9e2ab4c3d32a383bb103470a92bfad966952cf7a
Instruction Fuzzy Hash: E2314CB2D046549FFB208A24CC85BF77BB8EF82310F1041FAD989565C2D6384AC6CF62

Function 00B4F803 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: [W
API String ID: 1726664587-2887293924
Opcode ID: d5544b00bc3a20930a5eeec20deb0d4fb9ecfefdfe6b5d3149f44d7d8d8e2af8
Instruction ID: 74cbb0b5a565e2ece8a7dbefc007d1767dac02c5dbe8e35feaeff8a71495b272
Opcode Fuzzy Hash: d5544b00bc3a20930a5eeec20deb0d4fb9ecfefdfe6b5d3149f44d7d8d8e2af8
Instruction Fuzzy Hash: 773128F2D14504AEF7108624EC95BFB77A9EB40310F1446FAEC0CD6280E639AFC48A62

Function 00B4E91E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

LL<P, xrefs: 00B4EA74

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: LL<P
API String ID: 1726664587-2443076662
Opcode ID: 7f802a30c2e25667122b528bbb034c5eca29c66ba90d7536cb3ca7ed7c1fb0e9
Instruction ID: 3e5c55ba762c7d3d61d688586def448e3f06c259236cad29bdaadda9c9c96097
Opcode Fuzzy Hash: 7f802a30c2e25667122b528bbb034c5eca29c66ba90d7536cb3ca7ed7c1fb0e9
Instruction Fuzzy Hash: 663108B1C05229AAE7348B50DC81BFAB7B4FF55300F1440FED85A92280E6799FD5DB62

Function 00B999DA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: dbb9490b557edc37c87d883943e31b85d57583aa1f50c3fc47fcdec5c3b86081
Instruction ID: bf62247f6b8e64fd453066fe4c4bc480dc393536cf9707b3c569eefe15126cda
Opcode Fuzzy Hash: dbb9490b557edc37c87d883943e31b85d57583aa1f50c3fc47fcdec5c3b86081
Instruction Fuzzy Hash: CB3124B7D106286FFB248664DC84BE7BBA8EB51310F0540FAD94D23181E6785FC1CEA2

Function 00B99A85 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 023a3a73e499194d867a955f35edb11dc2da50ab6cfd0ff680d9f287f221b1da
Instruction ID: c94decfe88b2e5582bb3e3183f3913a1b47a6f684568ab835fc5c252ec741085
Opcode Fuzzy Hash: 023a3a73e499194d867a955f35edb11dc2da50ab6cfd0ff680d9f287f221b1da
Instruction Fuzzy Hash: 2D3138F2C146246FF7248A14DC84BE7B7A4EB41310F0580FADA4D62180D67D5FC1CEA2

Function 00B4F81A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

[W, xrefs: 00B4F8DA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID: [W
API String ID: 1726664587-2887293924
Opcode ID: 084eb78004c2125f89bf9b6f988016031bfcc04ea0150d6885918fc362b36e38
Instruction ID: af1c2554cf8cd91d606336af0613ec85352900b8e27d1f025075c7a3c3f2677f
Opcode Fuzzy Hash: 084eb78004c2125f89bf9b6f988016031bfcc04ea0150d6885918fc362b36e38
Instruction Fuzzy Hash: 3031D4F2D14514AEF7108A24ECD5BFB77A9E740310F1442FAEC0DD6280E679AFD48A62

Function 00B99769 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: b9a7ebc8fd64bad2885d8b455ba278d9c71992c015b376a4c5bc19adede32528
Instruction ID: 9dfb0de6941ada8bc7abd03ebdcd881f1378561e44a0442559039f69aa460775
Opcode Fuzzy Hash: b9a7ebc8fd64bad2885d8b455ba278d9c71992c015b376a4c5bc19adede32528
Instruction Fuzzy Hash: 8F3106B6C146286FF7148A64DCC4BE7BBA4EB01315F0440FADD8E66181DA795FC1CEA2

Function 00B9977C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: a7875312b4e34521d017ecf491e3a63468339a6a369db67c94ad885a0606a3c6
Instruction ID: a18fa9e554ee731eda59eb159179d1c847c047e8ae5ea20986e6923e0b81ce3c
Opcode Fuzzy Hash: a7875312b4e34521d017ecf491e3a63468339a6a369db67c94ad885a0606a3c6
Instruction Fuzzy Hash: 3831F3B6D106286FF7248A54DCC4BE7BBA8EF01315F0440FAE94D26180E6795FC0CEA2

Function 00B988B4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 5c38d01b89e9604197e0aa0dda88d903d72c0a2ff538e24851c6b0f437aaff93
Instruction ID: 5ab01b4a7de19932939a4f1a151462ac7141064f9baa545019f2d1c278799706
Opcode Fuzzy Hash: 5c38d01b89e9604197e0aa0dda88d903d72c0a2ff538e24851c6b0f437aaff93
Instruction Fuzzy Hash: C6312BB2D04614AEFB109A24CC85BFB77B8EF52310F1041FAD549561C1D6795BC5CE63

Function 00B96C61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

8:6L, xrefs: 00B96C63

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID: 8:6L
API String ID: 4241100979-3411145690
Opcode ID: bea7cdc8f0d48112c5a7bd4519dcd82ec1b75920ed7dd749a99f66d16b9c35d9
Instruction ID: 33f92b157243587c707fdda0d45680139569e93dd6bd9d988cdd49afffea36f1
Opcode Fuzzy Hash: bea7cdc8f0d48112c5a7bd4519dcd82ec1b75920ed7dd749a99f66d16b9c35d9
Instruction Fuzzy Hash: 0831D5F2C141249FEB248A20DC95BEA77B4EB44310F1445FEE94DE6641EA385EC5CE51

Function 00B98BE9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 04ef872a5672946a00a5e7fb1c4ecf82b76187ad5f682f67ec3230b4f0eaabce
Instruction ID: a8be823ba0d042046a0ad91cd8cb471814c20f613df1fdf9fc83ebbe6be8d81f
Opcode Fuzzy Hash: 04ef872a5672946a00a5e7fb1c4ecf82b76187ad5f682f67ec3230b4f0eaabce
Instruction Fuzzy Hash: 83212CB1D006686EEB209A24DCC4BFB7B79EF42310F5480F5E98D56181D6794FC9CE62

Function 00B3A88A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: e2e89f894d7ccd57c86a926372e6d4a7d22ef590d37698632ca266af40e3dbe1
Instruction ID: da9773eaf62e212ec6cbb070cbcb82bb809bf20e29446bd66832c394953c6f9f
Opcode Fuzzy Hash: e2e89f894d7ccd57c86a926372e6d4a7d22ef590d37698632ca266af40e3dbe1
Instruction Fuzzy Hash: 18213B72E042199AEB348A15CD85FFAB7B4EB81701F3481F9E94A25180E2741AC0DE52

Function 00B3A911 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: d58d6050f6131b8cb9a4588b3c616b91ba8bfa38f688f9e758cbf4a689221903
Instruction ID: 06af9d2373c30c8c2d90e273cb3aaac29c1bf46cd26db5512bf112d26cb76c64
Opcode Fuzzy Hash: d58d6050f6131b8cb9a4588b3c616b91ba8bfa38f688f9e758cbf4a689221903
Instruction Fuzzy Hash: 5B21E7B2E042199ADB348A01CC85FFAB7B4EB81711F3041F9E98E255C0E7751AC0DE52

Function 00B988FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 8912f77004fc56047085964ed70859d903cbafa1e544fdee7e0268db15693c38
Instruction ID: 519a2fe7b2b3cec652d327164bb7cf6b035ecc13e77a06333f7b8cec8d827ec2
Opcode Fuzzy Hash: 8912f77004fc56047085964ed70859d903cbafa1e544fdee7e0268db15693c38
Instruction Fuzzy Hash: 562129B2D041686EFB149620DC85BEB7BB8EF41310F1081FAE54952082D6794BC5CEA3

Function 00B98BFA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 447510e471d8e653604afe92ea0f52fbf9ccd84cdaeaa3ae9f8466ce23e4547c
Instruction ID: b1f84673d82098e41d48d76016bfa70237db0bdd0d0458dfce3befb0791c6430
Opcode Fuzzy Hash: 447510e471d8e653604afe92ea0f52fbf9ccd84cdaeaa3ae9f8466ce23e4547c
Instruction Fuzzy Hash: DD210BB1D006286EEB208615DC84BFB77B8EF42314F1080F5D94D56180D6790FC5CEA3

Function 00B99AFE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 6745c9b35739f10d83bc45156d748d8edbc216264f4a3d2847c90588b9d6c374
Instruction ID: d41a7ae41e6a080dd84b474fcf0870ee5442531658605a44ac178f619f8ca4fc
Opcode Fuzzy Hash: 6745c9b35739f10d83bc45156d748d8edbc216264f4a3d2847c90588b9d6c374
Instruction Fuzzy Hash: 4D2138F6C50A686FE7248654DCC0BE7B7A8EB11301F0440FADD4962180E6795FC1CFA2

Function 00B3B8FD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 0af62815f5a79fa1b5caa5a4adaa1903241c72d9eb15825178db34137f4e1766
Instruction ID: bf4ceb8084ff606e14c387774b561a5d528e66d3534caf3f6be14093bb9c5082
Opcode Fuzzy Hash: 0af62815f5a79fa1b5caa5a4adaa1903241c72d9eb15825178db34137f4e1766
Instruction Fuzzy Hash: DE21D7B2E402189AFB388A15CC56FB9B7B5E790301F2041FEEA0A665C0E6745F859E51

Function 00B97B8A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Strings

FO2I, xrefs: 00B97BED

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID: FO2I
API String ID: 4241100979-109952837
Opcode ID: 28a76ae94ecfc523ec208d1e8aeabd4dd53b1e28abc2de5d7a16b2706a787514
Instruction ID: 414179284a4c0d5a00fac710f856faf675071f3a992a55d45b270c376ee3ff87
Opcode Fuzzy Hash: 28a76ae94ecfc523ec208d1e8aeabd4dd53b1e28abc2de5d7a16b2706a787514
Instruction Fuzzy Hash: A421C5B1D18658AFEB28CB14DC94BEB7BF5EF81301F1040FAE10996241DA385BC0CE12

Function 00B99BF2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 465a664ed79c1796c8153db21da7dad2b7587b2afe758822aa71124ac86f34c6
Instruction ID: adec5da9ebeb390fb236b26890eba5980151696a3eb5b073cd8f5586a80a39a7
Opcode Fuzzy Hash: 465a664ed79c1796c8153db21da7dad2b7587b2afe758822aa71124ac86f34c6
Instruction Fuzzy Hash: B52102B1D046649FDB289A24CC507EAB7F4EB45310F2090FED98AA6542DA354AC2CF93

Function 00B3A956 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 884852042968d472e06b90c661e6c219fd68666ce7b0dcea05e54b1664578eda
Instruction ID: 3a4ecf4b880469f71af79cce695daf36a9fa942e6047e86f0807764bdb40753c
Opcode Fuzzy Hash: 884852042968d472e06b90c661e6c219fd68666ce7b0dcea05e54b1664578eda
Instruction Fuzzy Hash: FC112B72F44219AAEB348955CDC5FFAB7B4E781702F3080FAEA4A251C0E2741BC09E52

Function 00B9955A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: e58d26c821afaca48e1837d20c3534c1c078d5945edf79eeed687231f7ade99e
Instruction ID: 91cf53eacaafc7668fe4de6bc8b14398fdd7d49d7b3b8213ab00ea11c0135014
Opcode Fuzzy Hash: e58d26c821afaca48e1837d20c3534c1c078d5945edf79eeed687231f7ade99e
Instruction Fuzzy Hash: 5E110AF1C006246FEB158A10CC847FA7AB8EF50300F1480FAE94D66981E6795FC9CFA2

Function 00B4DBC6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

;8<E, xrefs: 00B4DBD2

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID: ;8<E
API String ID: 3559483778-1498667124
Opcode ID: 83c522e124519b2576fb96f6802b9d2247139f4be6003f6f8d40d18d60e4b216
Instruction ID: e07e3d67fc7b928197015257a2fb20c5196f59ac9cc6f3966bf5fc9f03aa0cd5
Opcode Fuzzy Hash: 83c522e124519b2576fb96f6802b9d2247139f4be6003f6f8d40d18d60e4b216
Instruction Fuzzy Hash: 9711D672D051288BDF30CB14CD846E6B3F9EF85301F1081EAD54D66241E6355FC1CE52

Function 00B99C8C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 2920202b9100f2fbf9e256c5c8f69290b928c8b2e4da5a0fc9b73d5f878e602c
Instruction ID: b985bba1157ddbd8bf59e519e4459bad8a03ee999dc27379ae1cd5691f7373b6
Opcode Fuzzy Hash: 2920202b9100f2fbf9e256c5c8f69290b928c8b2e4da5a0fc9b73d5f878e602c
Instruction Fuzzy Hash: C211E9B6C141285FEB148B10CC95BFAB6B8EB01300F4091FAD94AA2581EB755FC18F52

Function 00B30BD7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 0f7a587f9bebe1680b2e4bda51bcb12b890d158bce2842984c073a4b94f6e194
Instruction ID: cc6ed6757648e84ee8939abb9308d852ffebaf6ff4f647458c4e8cecde34bc7c
Opcode Fuzzy Hash: 0f7a587f9bebe1680b2e4bda51bcb12b890d158bce2842984c073a4b94f6e194
Instruction Fuzzy Hash: 8A118871A452699BEB34CA45CC91FF9B7B4EB80701F3041FAE7055A184E7715F819F90

Function 00B3BDA5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: ad5ab85afbabe5c9927960b5048d7b2e556ce489564152368fb7e9c33ee39519
Instruction ID: d26fe48562ff24fc5d233455c16737325509564a07221e641f14cda6ce9a1f7e
Opcode Fuzzy Hash: ad5ab85afbabe5c9927960b5048d7b2e556ce489564152368fb7e9c33ee39519
Instruction Fuzzy Hash: DF01D671E442589AEB358A05CC51FF9B7B4EB81701F2041EBEA456A180D7741F80DF90

Function 00B3BD93 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 190dfb89c2f5b2b5214b9178c61f1a6bcd29ec48627ddc76a38eff377c497469
Instruction ID: 0e45737ca9cf11655d533413dc1edd0d9d301ac5a8ec88c98666abeec5c90dd8
Opcode Fuzzy Hash: 190dfb89c2f5b2b5214b9178c61f1a6bcd29ec48627ddc76a38eff377c497469
Instruction Fuzzy Hash: 3011C871E452599BDB38CA55CC81FE9B7B4EB40701F3041FAEB056A1C0E7711B809F90

Function 00B9894D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: c6a9b5a49fbb2ed3f238918e29ca6f3fb0b356dbb50a44f5f1bdcb43daf9e752
Instruction ID: 827d1ade97904eedba551108a4d0e872d81e86b62b8119369711a4948ad3baa9
Opcode Fuzzy Hash: c6a9b5a49fbb2ed3f238918e29ca6f3fb0b356dbb50a44f5f1bdcb43daf9e752
Instruction Fuzzy Hash: 9201D2B2C005686EFB108520DC94BFB7AB8EF41300F1080FAE98D66081D6794BC9CEA3

Function 00B3B88F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 57e0e39b7af198fdd2f1940dead677eda914dbc41397ef33ceaecf5d066ade67
Instruction ID: cec126f50f9bcadea91b644e91b39729f1cf48ebb80a68050a24eedd27f43c49
Opcode Fuzzy Hash: 57e0e39b7af198fdd2f1940dead677eda914dbc41397ef33ceaecf5d066ade67
Instruction Fuzzy Hash: 6801B9B2F40218AAFB38C905CC52FFA73B8E784711F2480FAEB0A661C0D6755B809F51

Function 00B989E2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 84fd88272bbf54c76785662682db57004640d6bd7b98009543c9d657c2e0db14
Instruction ID: 1ff93229fea064d38c76096dbe55bee8a315fddff00852322dbeec4e2c82f31a
Opcode Fuzzy Hash: 84fd88272bbf54c76785662682db57004640d6bd7b98009543c9d657c2e0db14
Instruction Fuzzy Hash: 8901FCB2C005646EFB109511DC95BF77AB8EF41314F5480F9E98D65081D6794BC5CEB3

Function 00B3BD9E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 9b5a409d5f21339a04df0fb112713fe01b70773addd509ee3419bf0b62dd1f4d
Instruction ID: f34d512685d5f7b55e891d44ad33a82e2c11993aeed2a6c9aa6b95ea7dcdf8d0
Opcode Fuzzy Hash: 9b5a409d5f21339a04df0fb112713fe01b70773addd509ee3419bf0b62dd1f4d
Instruction Fuzzy Hash: AE019671E45259ABEB34CA55CC81FE9B7B4AB80701F3041EAE6056A180E7715B80DF94

Function 00B3B9EB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 49c9454b0a8f7b6d6400761cabe18a6722f7851e0abb5c0a255e32d12ee65501
Instruction ID: 9d6aed8c9c25540eb3ef2a33889210f9ba4e13a08b52928e39782218414f399c
Opcode Fuzzy Hash: 49c9454b0a8f7b6d6400761cabe18a6722f7851e0abb5c0a255e32d12ee65501
Instruction Fuzzy Hash: 39018471A442699ADB34CE54CC95FA8B3B4EB01702F2041EAEA09AA180E7711B84DF51

Function 00B3AA3D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 6605e9a65e9b0995115a8765ad675870b4a60d7628556fee09434a6b22ac97f7
Instruction ID: c3f75d39d817f85df8db22ce9158e1a711570c5b7e10fbb07af655f3c487279a
Opcode Fuzzy Hash: 6605e9a65e9b0995115a8765ad675870b4a60d7628556fee09434a6b22ac97f7
Instruction Fuzzy Hash: C501A772F45295AAEB348501CC85FFD73B4E781701F3480E6EA4A6A1C0E7751F84AA91

Function 00B989EB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: e4948841e146847b7892702a3ba53391e232a3fb7d1c2cf4fa8e76654a1f52a7
Instruction ID: 7d88cfa4bcb83ab99222c8f154601e89a2371ccd3a9bc4458600114c3b7434b0
Opcode Fuzzy Hash: e4948841e146847b7892702a3ba53391e232a3fb7d1c2cf4fa8e76654a1f52a7
Instruction Fuzzy Hash: 0701A7B2D045686EFB109651DC94BFB7AB8EF51304F5080F9E98D61081D6794BC5CEB3

Function 00B3BDBC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 8974cdee5f4309174262b650528cd6e5d96a0b53257b28daa40a9c364071a2b0
Instruction ID: 8d8a1bb60c832c68d6fd821e658f4f292f67b495664fd63b8525959fc63cd1ac
Opcode Fuzzy Hash: 8974cdee5f4309174262b650528cd6e5d96a0b53257b28daa40a9c364071a2b0
Instruction Fuzzy Hash: F8018B71F452299AEB34CA45CC91FE9B7B4EB40701F2041EAEA096A1C4E7715F809F94

Function 00B3BDB7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 3ee9aff3615a1e9f2655ff5586982b845b17a383a03afed9a88a0de0ca05b107
Instruction ID: e718e66d86024705b5cfe92cc922c49a36c67014f18fe694a9f9594d869004ef
Opcode Fuzzy Hash: 3ee9aff3615a1e9f2655ff5586982b845b17a383a03afed9a88a0de0ca05b107
Instruction Fuzzy Hash: 83016771F452599AEB34CA45CC96FE9B7B4EB40701F3040EAEA096A180E7715F809F95

Function 00B3B972 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 6aa474a68c517cea3b7c2707b72907d931bf483dd5f4404c0a8d4b473e13df34
Instruction ID: f1dcc4c85cec7d5afae1d93d7504cce45b6f1883d4230fe34b717eb8f5c42148
Opcode Fuzzy Hash: 6aa474a68c517cea3b7c2707b72907d931bf483dd5f4404c0a8d4b473e13df34
Instruction Fuzzy Hash: 8D01D671B442699AEB34CA44CC82FEDB7F4EB40702F3085DAEA096A180D3701F809F91

Function 00B3AA51 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 0c0db9ad6520692e47a99f350c12272abfa75d40149ff8300014f7bb69d8b5df
Instruction ID: 1945fcd9841d2faf49ca696f11553895eec8721905cbad1ea6bd5ebb33391ecd
Opcode Fuzzy Hash: 0c0db9ad6520692e47a99f350c12272abfa75d40149ff8300014f7bb69d8b5df
Instruction Fuzzy Hash: 90F0C872B44258A6EB34C941CC86FF9B3B4EB41701F3040E9FA4A6A1C0E7712B44AF91

Function 00B9A07C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 5013b31e68d0e3dacbee03726d172abf77e5a551457c8a9ae9ea04ab40c315dc
Instruction ID: cc31bda590fb5ed9e05b40e27385900d3bc823725679d458a4337ef8ad8ec8ae
Opcode Fuzzy Hash: 5013b31e68d0e3dacbee03726d172abf77e5a551457c8a9ae9ea04ab40c315dc
Instruction Fuzzy Hash: 7C012675D04668AFDF119A20CC40BFAB6B4EF81301F1081FAA58962582E7754FC1CF93

Function 00B3B9FE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 2d869a87a9432875386d20bb4a128d66437bff56a3fdff17328c89d610dfa849
Instruction ID: 329610845afcff030d935805b403aa40383e08781a7f14c1bec2cb65b8912171
Opcode Fuzzy Hash: 2d869a87a9432875386d20bb4a128d66437bff56a3fdff17328c89d610dfa849
Instruction Fuzzy Hash: 2201A971F4422C9ADB34CA44CC91FE9B3B4EB44701F3044E9EA09661C0E7715F809F90

Function 00B9A093 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 72430d2a72336538967316c6b49b0ad372e8b77a4fa4b76e9517d87c59e9bc9f
Instruction ID: 3d9f7a6e43933f910aa6e68cbcfae59a158040bcd181f3f6b32d9f63b47599af
Opcode Fuzzy Hash: 72430d2a72336538967316c6b49b0ad372e8b77a4fa4b76e9517d87c59e9bc9f
Instruction Fuzzy Hash: 99F0F471D006686FEB109A50CC44BFAB6B8EF81301F4080FA958962541E6710FC1CFA2

Function 00B99CD2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: c62228ed11c07527b4682aafd3d5cfa691f441b594b33f4b8ed5e4f747459ccc
Instruction ID: 1110050f0be79bc500a0aa00136ddd82e57c87b1c3fd08b942090648a52ef199
Opcode Fuzzy Hash: c62228ed11c07527b4682aafd3d5cfa691f441b594b33f4b8ed5e4f747459ccc
Instruction Fuzzy Hash: CEF0F475C04628AEDB149A10CC507FAB7F4EB01300F50A1E9958A62081DA710BC0CF51

Function 00B3B8E9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: 0088f9c9e97fdce36b44278cc3f7b21b271c927ad6c2899e1025e02ce64d1710
Instruction ID: b05bd32f795d9fcde9649b551ec585f20410f8da74813f3902b476ce28b6b04c
Opcode Fuzzy Hash: 0088f9c9e97fdce36b44278cc3f7b21b271c927ad6c2899e1025e02ce64d1710
Instruction Fuzzy Hash: 23F04F71B4422DAAEB34CA45CC82FE9B7B4EB44701F2085D9AA096A180E7716F809F94

Function 00B3B2D2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000002,00000000,00000000,?,?), ref: 00B3BE3D

Strings

jjjj, xrefs: 00B3BE2E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateProcess
String ID: jjjj
API String ID: 963392458-48926182
Opcode ID: d1784a182fe4fc0f76f1ead8a2cdc31c09633cbbc542e615999e33711cf0bcfa
Instruction ID: 81c09f868af96b7cb6018141c2a84c0537e3dff6aab0ea8e897de6ab41da5415
Opcode Fuzzy Hash: d1784a182fe4fc0f76f1ead8a2cdc31c09633cbbc542e615999e33711cf0bcfa
Instruction Fuzzy Hash: 16F0BB71B4426896EB34C941CC96FF973B4EB00701F7044E9EB096A1C0E7716F449F81

Function 00B99C4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: b7d204fcefa36bf6091c6081d17b1d2fac2f58ca29226cad36e8a09dbb2e8084
Instruction ID: b2e12f598b95ebc8b322d8b322ce6183235b5dbd9dd0b2ad415b9d586502b982
Opcode Fuzzy Hash: b7d204fcefa36bf6091c6081d17b1d2fac2f58ca29226cad36e8a09dbb2e8084
Instruction Fuzzy Hash: 1FF0A475C00268AEEB159A50CC557FBB6B8EF00300F5091FA958A62181EA715FC1CFA2

Function 00B9A0A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: cc5b4f80057970750d651b21fd8dae9fafab2b7c90477c308b0c4f99a8933433
Instruction ID: 2e1762a51e5cbae33783ee8b09d3afb3da58f6b44a65884a308eb857e2029856
Opcode Fuzzy Hash: cc5b4f80057970750d651b21fd8dae9fafab2b7c90477c308b0c4f99a8933433
Instruction Fuzzy Hash: 8BF0C275C00678AFDB25DB50CC54BEAB7B4EF10301F5091FA958966581E6714BC1CF92

Function 00B99CD9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: d26aec081cc13689d014647cf177262627ebc10dba551f4c44104b54e1a9ccc7
Instruction ID: 56f1126b1264fe60b17acc82b9c7a857f2e26908503f2a3c4ea59b2161c3e85b
Opcode Fuzzy Hash: d26aec081cc13689d014647cf177262627ebc10dba551f4c44104b54e1a9ccc7
Instruction Fuzzy Hash: E8F0C275C14638AFDB19DB50CC517FABBB4EF01300F4091EAAA8A66181DA751FC0CF91

Function 00B99C63 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: cae05b065dc31734be6012c4aee8e06e05f5f217a8910526f3c4f3538a5d8e36
Instruction ID: 70eb39cad5f778cab7b6d330297cccdaafd2a0a2cc15ec04f5ce8a4ea2d08894
Opcode Fuzzy Hash: cae05b065dc31734be6012c4aee8e06e05f5f217a8910526f3c4f3538a5d8e36
Instruction Fuzzy Hash: 5AF09A75D04668AFCB25DA50CC417EABBB4EF01301F5091EA998972141E6714FC1CFA2

Function 00B99BD2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,?,00000000,000F003F,?), ref: 00B9A0FB

Strings

Qh?, xrefs: 00B9A0E7

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: Open
String ID: Qh?
API String ID: 71445658-2306691335
Opcode ID: 6b6ddf504ceeb00984e906d8a74b42f68c153ac5e15e1fd6d503070b52e846b2
Instruction ID: 02d7a3f15fef4c65afec2ed93e7f348eff154faab97c1147f07149a2e7efe5ef
Opcode Fuzzy Hash: 6b6ddf504ceeb00984e906d8a74b42f68c153ac5e15e1fd6d503070b52e846b2
Instruction Fuzzy Hash: 3FF05E75C04278AFDB259B50CC447EABAB4AF05341F4091E9A989B2541E6715FC0CFA2

Function 00B39048 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 126memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Strings

@>L8, xrefs: 00B3F2B0

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID: @>L8
API String ID: 4275171209-3765172012
Opcode ID: 27e5f61869a4cc2918a222878dff6a466a1542e61b0d5a565d71aa4ab99d49b4
Instruction ID: 520fe949a895301fae80b6fa91423848820f0f5ca0e0f70a8d7ecaac3b80884c
Opcode Fuzzy Hash: 27e5f61869a4cc2918a222878dff6a466a1542e61b0d5a565d71aa4ab99d49b4
Instruction Fuzzy Hash: 25318CF2C44616AEF3204620FC99FF776ACEB81324F2400FAED0956280E56D5EC186A2

Function 00B4CBE3 Relevance: 1.7, APIs: 1, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae1c07eafdd42a009318edd91fee17cde6048e6b9dacafe7ceddd7d8d873c87
Instruction ID: 5441495071af979d4ee75075ac91b8821ca7bb10b1f369a7b0a1553bbb536d5e
Opcode Fuzzy Hash: 5ae1c07eafdd42a009318edd91fee17cde6048e6b9dacafe7ceddd7d8d873c87
Instruction Fuzzy Hash: 656147F2D145199BE7648B24DC85AFB77B4EF84310F1442FEE90E92241E6386FC19A62

Function 00B979E7 Relevance: 1.7, APIs: 1, Instructions: 161COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 723d354e8e14d1830cb4a01a312809bf6096ce1868144c218cebd151a4dc6ff7
Instruction ID: 7d1dd23125c7a8726f2c1fc630c18b09f4280b1dd952c54b8ee8b28a44a8579f
Opcode Fuzzy Hash: 723d354e8e14d1830cb4a01a312809bf6096ce1868144c218cebd151a4dc6ff7
Instruction Fuzzy Hash: AB51D4B1D186685BEB24CB18DDA4BFA7BF5EF80301F1841F9D90996642DA386FC08E51

Function 00B97746 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: c0d37c860bd6b7e204c85832fc1e0f2da8956581ca43c1923b7ff5af58578889
Instruction ID: f2d48c30d0798f1f8ae9a7d2681f397b05ba23cdfd85ee78bcd7ba9be700a301
Opcode Fuzzy Hash: c0d37c860bd6b7e204c85832fc1e0f2da8956581ca43c1923b7ff5af58578889
Instruction Fuzzy Hash: C341DAB1D682699BEB20CA14DCC5EE67BF8EB41310F1041FAD40EA7241DA385EC5CAA1

Function 00B4DCB7 Relevance: 1.6, APIs: 1, Instructions: 137injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1e38d38803093b57ec7c45ae60c7a66d8ea75c025a5f47934377517ab0958d9f
Instruction ID: 55c0f4cad013c96687eef7fbc1f70b68f153e19a3d5ce4dafe5aa02350bde715
Opcode Fuzzy Hash: 1e38d38803093b57ec7c45ae60c7a66d8ea75c025a5f47934377517ab0958d9f
Instruction Fuzzy Hash: 4A51E6B2E045189BE724CB18DC95AEBB7B5FB85300F1441EAE40D67281E779AFC1CE51

Function 00B96B1C Relevance: 1.6, APIs: 1, Instructions: 121COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 33c390bc7514d1fb132dbb0ff143a4eb5538bbe36bd32670e38a7ecf0b4442a0
Instruction ID: fe8d966c032d11259180eeb5bb4964d164a31d2277623c246186bb5d3c2978d4
Opcode Fuzzy Hash: 33c390bc7514d1fb132dbb0ff143a4eb5538bbe36bd32670e38a7ecf0b4442a0
Instruction Fuzzy Hash: AC419EB2C146789BEB258B14DC56BEAB7B4FF54350F0441FAE94CA2251EB385FC18E90

Function 00B53BC9 Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94acdd7046306cc1ce09bae373ce67f23892ec8a636ae381fee8c1b49d8fbb82
Instruction ID: 859689b951b079b1799b45b47176c19449972cf36f66fba11ea02bf9b3ea9ebc
Opcode Fuzzy Hash: 94acdd7046306cc1ce09bae373ce67f23892ec8a636ae381fee8c1b49d8fbb82
Instruction Fuzzy Hash: 7041B3B1D085684BDB24CA14CC91BFEB7F5EB42302F1881EADD4DA2241D5749FC68F91

Function 00B97B1F Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5818ab04ed411e793b0510a8010452a450c48c20be4c262f8d5b2e4fdd7745d0
Instruction ID: 6aeb50e1e594a2adce4c689b4d3f5eb62ffd49770fdd4fedb567fdd1ef9c4abd
Opcode Fuzzy Hash: 5818ab04ed411e793b0510a8010452a450c48c20be4c262f8d5b2e4fdd7745d0
Instruction Fuzzy Hash: 794191719186A85BDF24CB28DDE0BFA7BF5EF81301F1441FAD50996542DA346FC08E12

Function 00B4C8BC Relevance: 1.6, APIs: 1, Instructions: 110injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 32e49de105c81fb51075cff88d018bf37409175de985f16f9ca2d53a5a95fa28
Instruction ID: 1b6aaff5cab60cb86a806d078e0e64b9ca0a67661666bf3b0341510b9188a82d
Opcode Fuzzy Hash: 32e49de105c81fb51075cff88d018bf37409175de985f16f9ca2d53a5a95fa28
Instruction Fuzzy Hash: 973146B2D05518AFE7648A10CC84BE77BB8FB84310F0441FAD80E92241D679AFC1DEA2

Function 00B96C3A Relevance: 1.6, APIs: 1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3f7d287a3b7927d639a2d31eff373e4bb324ef36486d9b5db45e1e7c755321dd
Instruction ID: 543e1f3bdc6fe910c3fefe249c7c51e730c863a0b1ed224806b9f7ea086ed8cc
Opcode Fuzzy Hash: 3f7d287a3b7927d639a2d31eff373e4bb324ef36486d9b5db45e1e7c755321dd
Instruction Fuzzy Hash: 8831C6F2C141249FEB248A14DC99BEA77B4EB44310F1441FAE94EE6641EA389EC5CA51

Function 00B4DA92 Relevance: 1.6, APIs: 1, Instructions: 105injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0db9b6d82796771e3f271b1e8e29c12adbd45e18244651b25d4b1e5c7abf94fa
Instruction ID: 9b4d1776febe6946585ccb15a2987dcb27a6383b02267b8186d4da87768e97a8
Opcode Fuzzy Hash: 0db9b6d82796771e3f271b1e8e29c12adbd45e18244651b25d4b1e5c7abf94fa
Instruction Fuzzy Hash: 1E41C4B1E081688FEB24CB10DC84BEAB7F4EB49301F1441EAE94D97241E6356F85DF92

Function 00B531F7 Relevance: 1.6, APIs: 1, Instructions: 102threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7e36b43588be708a25aec69ed8f2cb46dbd332646b8490b3e2100b1a845ff098
Instruction ID: 928cb30394b6a663f452a0d27a0ece612d530ce0ac094e319c9551c44997f716
Opcode Fuzzy Hash: 7e36b43588be708a25aec69ed8f2cb46dbd332646b8490b3e2100b1a845ff098
Instruction Fuzzy Hash: 543159B3D045945BF7288A24DC55EF777B8D740311F1402FEE90A91280E97C9FC58E61

Function 00B4C7CC Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: a86dc6dab49da26fd5ba1de83926fa8b1ace01b2958d74b230ff90915db49d64
Instruction ID: e300238db5093c92b8e96bdb6b48a54279927fa7ef34780ea4721694563db971
Opcode Fuzzy Hash: a86dc6dab49da26fd5ba1de83926fa8b1ace01b2958d74b230ff90915db49d64
Instruction Fuzzy Hash: E13129B3D051189BEB648A14DC84BF7BBB8EB84710F1441FAE80D52240E77D5FC59EA2

Function 00B97D28 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: abe88195ec8b41b1911ea0e4fda6955d6ad2a301614a5b0557240996d269dcb0
Instruction ID: 0e3442365a957ecdb1c573c37e644fd9feb3acfeeb0179b09672d1fe78632b04
Opcode Fuzzy Hash: abe88195ec8b41b1911ea0e4fda6955d6ad2a301614a5b0557240996d269dcb0
Instruction Fuzzy Hash: 0131ABB2D116249BEB248B24DC41AEAB7B6FFC8320F1441FAD80C67240EA355ED4CF51

Function 00B53C3A Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ab2cf5e0a99862d331bbe021ba7a88fadd7a32d487754110311e38ccc6509099
Instruction ID: 1b7b302f30b1753be33f6584d0e1980e96110453c7635d1116598042a0b6f3b6
Opcode Fuzzy Hash: ab2cf5e0a99862d331bbe021ba7a88fadd7a32d487754110311e38ccc6509099
Instruction Fuzzy Hash: 9231C1B2E045589BE724CA25DC94AEABBF1EB81311F2441FAD80DA3281C6785BD68F51

Function 00B96BCF Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3202789951141966e755cfd2f3ef133e5af9111a6fede2649fdff73d4b5cff84
Instruction ID: 3b40b0ba1290f9ffd736f8406fdd373546ed65fb42eb9424cc3c43cfb79d56a6
Opcode Fuzzy Hash: 3202789951141966e755cfd2f3ef133e5af9111a6fede2649fdff73d4b5cff84
Instruction Fuzzy Hash: 9E21D3B3C241249FEB358B64CC85BEA7BB4EF45310F1441FAD94DA6541EA385AC1CE91

Function 00B4C83E Relevance: 1.6, APIs: 1, Instructions: 81injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 358a9df255d67324d74783619c77a96e8d7b979100947e1adf5cb8a9a06656d2
Instruction ID: 5ea3d649b0d33bb464853a1c4aec4ca9e9c1f67b77cb24b57b7111cf3de94aa9
Opcode Fuzzy Hash: 358a9df255d67324d74783619c77a96e8d7b979100947e1adf5cb8a9a06656d2
Instruction Fuzzy Hash: 4A2128B2E051249BE7648600DCC5BF77BF8EB84715F2401EAE90E52141D2795FC59EA2

Function 00B4DBD8 Relevance: 1.6, APIs: 1, Instructions: 80injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: f4de6fa07ef37c4819f24d0e7d6f64d81a65eeda84d1293568a9ea3f0661aac8
Instruction ID: a6046bfd41fa52848f0f8ab4f9626ffc901932386775aeb6a4fa4165bffcebf3
Opcode Fuzzy Hash: f4de6fa07ef37c4819f24d0e7d6f64d81a65eeda84d1293568a9ea3f0661aac8
Instruction Fuzzy Hash: 1E3182B2D055289BEB24CA18DD84AE6B7F5EF85310F1082E9D80D63241E6366F81DE92

Function 00B96C92 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 64e8709f401173f9cbb12c563574c390a167f0c520ac7dc832b31b20ad8a43c9
Instruction ID: 8776bbb24a98543a3721572cfbaf558a196685f3bddf916fb34cbd949346bb12
Opcode Fuzzy Hash: 64e8709f401173f9cbb12c563574c390a167f0c520ac7dc832b31b20ad8a43c9
Instruction Fuzzy Hash: 8421A3F2C245249FDB288B10DC95BEA77B4EB44310F1445FED90DA6680EE385BC1CE51

Function 00B97BF2 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 30be580cdf52eae77c0960a9245593c5e9d32fb04f59a24812dcec7a3ab022c2
Instruction ID: e080a45ff53f04e147e4ffd98020ac0461c2d0a7fcd0282f87bf8cbe1fa90edf
Opcode Fuzzy Hash: 30be580cdf52eae77c0960a9245593c5e9d32fb04f59a24812dcec7a3ab022c2
Instruction Fuzzy Hash: 2C21D6B1D186585BEB20CB24CC84BEB7BF5EB81311F1445F6D40CD6280DA7C5BC58E11

Function 00B97105 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: df5f891e5f78035c49b4ab2e7dfb5fd7ba64a41a09bfb88992be4ddde27fd011
Instruction ID: d6f6236d91b5a77add4ed7c958525a7917074b93eef4631329e3f902421d2658
Opcode Fuzzy Hash: df5f891e5f78035c49b4ab2e7dfb5fd7ba64a41a09bfb88992be4ddde27fd011
Instruction Fuzzy Hash: 6C2192B2C646249FEB248B20DC85BEA7BB4EB45310F1441FEE50DA6580EE385BC5CE51

Function 00B96D41 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 8a7c076b87e03250fc692d9ffa9021332041326df9547bb99610c17aed8dd365
Instruction ID: 3485103ba5b8772928373537cb4a27ebafdafef4a1f526b95eab5b00fe681b57
Opcode Fuzzy Hash: 8a7c076b87e03250fc692d9ffa9021332041326df9547bb99610c17aed8dd365
Instruction Fuzzy Hash: AF2192F2C646249FEB248B20DC85BEA7BB4EB45310F1441FED50DA6540EE385BC5CE51

Function 00B53CB6 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: de3c6c2439602a0da0f8c27fdfbf8945bb086daf06633c0c52689965facca623
Instruction ID: ec331f5f7f4d13f8c8a9d0e4d80fff84782d01407b593f78e3a97b84269b8bca
Opcode Fuzzy Hash: de3c6c2439602a0da0f8c27fdfbf8945bb086daf06633c0c52689965facca623
Instruction Fuzzy Hash: F321B6B2E045585BF7248A15DC94AEBB7B6EBC1311F1441FADC0D62280D6785F86CF51

Function 00B538B3 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 4efca36d41d4855e17f93d7c2c100251c4119793ba10525e669df14ae59c90a1
Instruction ID: 487808c168a17580780af7d64fa4bba0c5143934e68d6a3661babcc95b02f98d
Opcode Fuzzy Hash: 4efca36d41d4855e17f93d7c2c100251c4119793ba10525e669df14ae59c90a1
Instruction Fuzzy Hash: B42126F2C081189FE7288A10DCD9AEBB3B4EB44310F1082FDED0E52381E6385F858E51

Function 00B436E3 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 304b19aa56b8399ecd2dcb29679e5a0db0c72aac571b488797fed343e23cb299
Instruction ID: e1dcdac98a72e4329e945c4f5d5ea7542c3912f5c3a0a7c9d4d4d4300ba1eeb8
Opcode Fuzzy Hash: 304b19aa56b8399ecd2dcb29679e5a0db0c72aac571b488797fed343e23cb299
Instruction Fuzzy Hash: 07112CB1E042559BF7248A11DC91FE7B7B5EB80310F1441FED94996280E6756FC0CF91

Function 00B977EE Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: a6994a2b9e0bdf6e37d0b2ee0df14fff032b5f44f7d7760caa6eb1df44289159
Instruction ID: 169a239c88bf58340687237fe20a561642e3ebdb9949f80d71134f0e271a192b
Opcode Fuzzy Hash: a6994a2b9e0bdf6e37d0b2ee0df14fff032b5f44f7d7760caa6eb1df44289159
Instruction Fuzzy Hash: 9B11EBB1E146689BEB34CA15CC88FEA77B4FFC0310F0042FBD409A7241DA344AC6CA90

Function 00B9780C Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: ff20238f9ee6342f8d40886462b2f367549671c602fc6ff715d23fc856d6eb58
Instruction ID: 92c9002609ee27797d4d183cf1e1253a23de69e90758d2841c87580464722845
Opcode Fuzzy Hash: ff20238f9ee6342f8d40886462b2f367549671c602fc6ff715d23fc856d6eb58
Instruction Fuzzy Hash: 4F1193B5D056699BDB24DB24CC84BE9BBB4FB80311F0046FAD449A6241DA348EC6CE90

Function 00B97807 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 5f0f3c811927c4dada9d89e16870849aa04028c22023c5e6b54821fedcbb4dc4
Instruction ID: e6ba7d42e98b6dc8195dd6643167d11496e2dfca81b85bc4fc57097fece8b4c9
Opcode Fuzzy Hash: 5f0f3c811927c4dada9d89e16870849aa04028c22023c5e6b54821fedcbb4dc4
Instruction Fuzzy Hash: 9D11B2B1D146699BDB24DB24CC84BE9B7B4FF84310F1086FAD40AA7241DA348EC6CE90

Function 00B97BA1 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3f02ce8d9ba885e2862fcbeb5f61a37b5d8d2c257a8c487e60a92c7360c8b0c3
Instruction ID: e550491e3018f86771db9da275e774a77f81efb79b233d2fa70ef860e0df7a36
Opcode Fuzzy Hash: 3f02ce8d9ba885e2862fcbeb5f61a37b5d8d2c257a8c487e60a92c7360c8b0c3
Instruction Fuzzy Hash: 9F116DB0D186A8AFDF24CB14CC94BEABBF5EF81301F1045FAE109A6241DA385BC1CE11

Function 00B97BA8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: f6359761f0532f0b9835c76b7dd74dd981b85c5cbe7c898436c898bb3f9faa03
Instruction ID: 5ae8e48ec36e90142a43909633094dd4a07bdff3be5ab9da36e4b1b62cdd4efb
Opcode Fuzzy Hash: f6359761f0532f0b9835c76b7dd74dd981b85c5cbe7c898436c898bb3f9faa03
Instruction Fuzzy Hash: DC113D70D186689FDF24CB24CD94BEABBB5EF85301F1045FAD549A6241DA385BC1CE11

Function 00B97701 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 2b58670b13de16a26b8b85da5f995baedbc91b2613fcce4dd04bc8033a8e34f7
Instruction ID: 4fd602a1ccc58b8a10f67825f41c6d81750e3452f03da1e55e7a1a23d874b0cb
Opcode Fuzzy Hash: 2b58670b13de16a26b8b85da5f995baedbc91b2613fcce4dd04bc8033a8e34f7
Instruction Fuzzy Hash: 7C1173B1D68268DFDB20CB54CCC4AEA7BF8EB45310F2081FAD40DA6250DE384EC58E51

Function 00B97753 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 149edab8be7ea5483773db2512c14c6bcce0db8b677506ff7d10478b95b2a08d
Instruction ID: 750b8f0eb3d2c8050d5436df8d8f9329c3c3626a17c687bc3e143247522ce512
Opcode Fuzzy Hash: 149edab8be7ea5483773db2512c14c6bcce0db8b677506ff7d10478b95b2a08d
Instruction Fuzzy Hash: 0D11A1B2D142689FEB24CB64CC84BEA7BB4EB45310F1082FAD54DA6241DA384FC5CE51

Function 00B9774D Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: ce9257200bfee343aeda19c206c26eebacd43fa020076e48b88178fe13b63558
Instruction ID: 40717e7b140851be6c67c306e1a99a50eb4505234f4238539fe46660ec9c5a16
Opcode Fuzzy Hash: ce9257200bfee343aeda19c206c26eebacd43fa020076e48b88178fe13b63558
Instruction Fuzzy Hash: 1D1182B1D586689FEB20CB54DC84BEA7BF4EB45310F1082FAD40DA6244DA384FC58E91

Function 00B4E7E3 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 9ae0ce748537884bf816f1c404bfc4f6111eca96ad8e15d905ae31a03cf23b5d
Instruction ID: 4316265a9d2e07fdf18a6e5399a602146ca8a6286e56f5fe4aa0b26cac0001df
Opcode Fuzzy Hash: 9ae0ce748537884bf816f1c404bfc4f6111eca96ad8e15d905ae31a03cf23b5d
Instruction Fuzzy Hash: FA0104F29091459FE7208A60CC85BF673F8EB95312F1441FAD849D6180E2799B849A13

Function 00B9775D Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3f946bfb4987aee25611bd27198e5fa45b27c04ce6e48d3efe2fc0d941b96548
Instruction ID: b4b4b627ed4c23f61c91574a1b52a77f7d61bc5871690bec5c97b062d6919dae
Opcode Fuzzy Hash: 3f946bfb4987aee25611bd27198e5fa45b27c04ce6e48d3efe2fc0d941b96548
Instruction Fuzzy Hash: 121184B1D156689FEB24CB64DC84AEA7BB4EF45310F1082FAD50DA6241DA384EC5CF50

Function 00B4EA7B Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 214d091fa04b46cd2d0b0a60b5621f12d55b3461e985066842f8b9f179ce5eb3
Instruction ID: 521a37b289357b00344efc84fe47e8dfeebfedf45e130efd51acb91bb248e2cb
Opcode Fuzzy Hash: 214d091fa04b46cd2d0b0a60b5621f12d55b3461e985066842f8b9f179ce5eb3
Instruction Fuzzy Hash: 7A018FF2D191199BE720CA40DC85BF572B9EB94312F1441EAE90992280F279AB849E52

Function 00B4E76A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 11cb8807eb17062f059065f5fafddf635ff116c78eed47c7567a87d90a97826b
Instruction ID: be3abd007bf88bf4d485661f87b9e41de6fd08ab89872ba20ad770bae999922d
Opcode Fuzzy Hash: 11cb8807eb17062f059065f5fafddf635ff116c78eed47c7567a87d90a97826b
Instruction Fuzzy Hash: 74018FF2D09108ABF720C640DC85BF572B4E794316F1441FAE909D2280E2B9ABC49E52

Function 00B4E7FE Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00B4FF17

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: b8b706ce64710e60c3f347da5b988c7a2e6aac3aa857b0ec478af8fd37546913
Instruction ID: 734a97bd7ef96aede8eff9b0d2c8ceab33452c47047fea4363cfb73cbc046d7e
Opcode Fuzzy Hash: b8b706ce64710e60c3f347da5b988c7a2e6aac3aa857b0ec478af8fd37546913
Instruction Fuzzy Hash: B501A2F2D091089BF720C640DC85BF572B4EB94312F1441FAE80DD2180F379ABC49E52

Function 00B96919 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: bcae67c3d9b9acdf09f8975b3812972c845503f0829d52fce55444e68ba6f908
Instruction ID: b84ed5d32ccfab25a2d953e838b8cf56b73fa61a73e71a19f5355320ce380710
Opcode Fuzzy Hash: bcae67c3d9b9acdf09f8975b3812972c845503f0829d52fce55444e68ba6f908
Instruction Fuzzy Hash: ABF044F18147586FEB289A24DD99AEA7B74FF44310F0042FED549551C1EA791AC18E11

Function 00B4D4E0 Relevance: 1.5, APIs: 1, Instructions: 34injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 135e001c787a82d035a94c887df20ab25cafb799b5ad27b119333aac90e82db9
Instruction ID: f430893352f497f726437b75b849c16ac23c94cf49242a75a8c2e9460cba148b
Opcode Fuzzy Hash: 135e001c787a82d035a94c887df20ab25cafb799b5ad27b119333aac90e82db9
Instruction Fuzzy Hash: 0EF068B2A050189BE724CA54DC95BF6B3F4EF48300F1441DDA50E52240EA715F809E93

Function 00B437CC Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 83f8953fb278223d6eb01589413b0805e1ebe4477ef4b99c4dc3caea40f87506
Instruction ID: 139f3ee26c5ce2be6a4b9cff0abd589b1eefd98d886ee625a557e0cfa2aa1e44
Opcode Fuzzy Hash: 83f8953fb278223d6eb01589413b0805e1ebe4477ef4b99c4dc3caea40f87506
Instruction Fuzzy Hash: 05F096B1E442599BE720CE15CC81FB9B3F5FB84701F1481FAEC0956240E5356F909E51

Function 00B97CA7 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 68c5489cf6d1d8e22ae64941a9d19762e68c9932267ce05407d5b74b5735c244
Instruction ID: 61c40ebb1eaafe212450b71fcfd78ae712925d970e1ff3c0030351181b54166d
Opcode Fuzzy Hash: 68c5489cf6d1d8e22ae64941a9d19762e68c9932267ce05407d5b74b5735c244
Instruction Fuzzy Hash: B1F06DB0D10768AFDB24CB20CC84BE9BBB4FF84301F0085EAE549EA240DA354BC18F10

Function 00B978D6 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: fe7e609af3292c3546857f3cf121255dc13b01611b01fd423a6f311fc9692a3b
Instruction ID: 01160c37b81ec3c4b50039e59a8852b6568c8587f183beab748c2c868fe44eed
Opcode Fuzzy Hash: fe7e609af3292c3546857f3cf121255dc13b01611b01fd423a6f311fc9692a3b
Instruction Fuzzy Hash: A9F04FB0D14268AFDB24DB15CC88AEABBB8EF44310F1085EBD50DA6241EA745AC5CF60

Function 00B97793 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 448d189ead53b3def959def02216cc2e1f4d3aa8ebab3d5930795281ddf1cd26
Instruction ID: 35611e066bc32541fc385ce2245b9698656e8015570d1b23f79050ef8fe967f5
Opcode Fuzzy Hash: 448d189ead53b3def959def02216cc2e1f4d3aa8ebab3d5930795281ddf1cd26
Instruction Fuzzy Hash: 29F0AFB1D046A8AFDB24CF24CC84AE9BBB8FF85300F1081EAD54867241DA355BC6CF50

Function 00B4DADF Relevance: 1.5, APIs: 1, Instructions: 30injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0e40751da3ef764ee18f16ec1b8a89ff408a0814cb9b74e6a84c8518c117d3f7
Instruction ID: 21e8c0cc83be7e5083c9b3362d76cdf998b676f71467f31665a91e86d892d2ad
Opcode Fuzzy Hash: 0e40751da3ef764ee18f16ec1b8a89ff408a0814cb9b74e6a84c8518c117d3f7
Instruction Fuzzy Hash: BCF0FFB1E051189BDB24CA54DD84AEAB3F4FF89301F1442D9A91DA3210E6326F809F92

Function 00B4DBA3 Relevance: 1.5, APIs: 1, Instructions: 29injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: b1aff16b8bdcd31f3f37d4aae3db6e8b714624298fb7c20f2b34d5e9c875f76e
Instruction ID: c002d4f25d23acc6f01ca11ce092f0352770eb5572698ba2e1cb0ffd0eb84635
Opcode Fuzzy Hash: b1aff16b8bdcd31f3f37d4aae3db6e8b714624298fb7c20f2b34d5e9c875f76e
Instruction Fuzzy Hash: 93F0FFB1E051188BDB24CA54CD84AEAF3F4AF89301F1442D9A90DA3210E6716F80DF52

Function 00B4DFF1 Relevance: 1.5, APIs: 1, Instructions: 29injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00B4E04F

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e2f63ffd29e5d94cba0bec690c390b3efab864b9805de005b0cf9e1a53b3a520
Instruction ID: 6cac3f9cbf928cec308e07363eec21ba1f89693a01792839130f5237ed44c539
Opcode Fuzzy Hash: e2f63ffd29e5d94cba0bec690c390b3efab864b9805de005b0cf9e1a53b3a520
Instruction Fuzzy Hash: 2FF012B1E051189FDF24CE54DC84AEAB3F4AF49301F1441D9A90DA3210E7315F80DF52

Function 00B977A4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3faad0f40d220c8ec74d9f26f34309b2635928add10916f9569ec1832ec9ec43
Instruction ID: 2e78723c96063710ec5fec5b3ecf5eb37aeeec4ed1364d96d416c18f87e54e48
Opcode Fuzzy Hash: 3faad0f40d220c8ec74d9f26f34309b2635928add10916f9569ec1832ec9ec43
Instruction Fuzzy Hash: CAF06DB0D10368AFDB25CF20CC84ADAB7B4FF84310F1081EAD109A6240EA304AC2CF10

Function 00B437E3 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 68e805f99a01c02851e8d8f578f6ff4c95bd416216e4e4208ba65a1eae89be69
Instruction ID: b124ba266c4e6d7eb72df5d2f30c78c8cbae1ce346110df82fd5c8da65b1c185
Opcode Fuzzy Hash: 68e805f99a01c02851e8d8f578f6ff4c95bd416216e4e4208ba65a1eae89be69
Instruction Fuzzy Hash: 3FF08271A842598BDB34CF55CC81FA9B3F5FB88701F1041EAD909AB290EA356E90DF51

Function 00B978EA Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d0be28a2835c93afe184093d53773b2c52e427bc5cadba6ec79f2428fadb03f1
Instruction ID: 369b6fb174a9812bd33b8130774a621736a41ee8aa75ecf0d01434b0310a487f
Opcode Fuzzy Hash: d0be28a2835c93afe184093d53773b2c52e427bc5cadba6ec79f2428fadb03f1
Instruction Fuzzy Hash: 1CF03AB0D14768AFDB25CF24CC84AE9BBB4FF88311F1085EAD109A6240EA344BC1CF50

Function 00B97863 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 270a9b3a9af1d5b4578dbf262818f00e60c35a067b39fcfdf32ac48afd64c1ff
Instruction ID: d60f805cc9a569ce66a6037916f1e579c9f62f908dad73bdd27cb36ba01e9463
Opcode Fuzzy Hash: 270a9b3a9af1d5b4578dbf262818f00e60c35a067b39fcfdf32ac48afd64c1ff
Instruction Fuzzy Hash: 8DF03AB0D14668AFDB24DB14CC84AE9BBB9EF84711F1081EAD509A6240EA355BC6CF10

Function 00B436A3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: a05081bcd1f2b28f2c9ab6a4d541706f79151fa330375731944a5fcfb281f714
Instruction ID: 16320faec938f84c612c4bc30300c5ade8ff7ca2faf77d46d533041f41f544ec
Opcode Fuzzy Hash: a05081bcd1f2b28f2c9ab6a4d541706f79151fa330375731944a5fcfb281f714
Instruction Fuzzy Hash: B3F01C71A8425A8BDB24CE55CC91FA9B3F5FB44702F1441EAD909A7240EA326F90DF51

Function 00B430A2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 38a4ba94fee793d57ed5484c0a5f21a4b923d31a6608decea36dca74e7c8f150
Instruction ID: dfdf268cf7abc16a2dae7f7d4570a6306b9fc79842c7fbbbc61495d7234fd378
Opcode Fuzzy Hash: 38a4ba94fee793d57ed5484c0a5f21a4b923d31a6608decea36dca74e7c8f150
Instruction Fuzzy Hash: 20E0D872A4431897D730CA55DCC1FA4B3F5FB04702F2401EAED09A6140FA326B849B96

Function 00B4282D Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 792b60c2d4b6dc0eadc9e5702d048cccf3db3187c7f0cd0b7ac3c4acabbecc96
Instruction ID: dbe07430b273283a56dbbcb3341114fa88abdd15870303283684bef1afeb3ef9
Opcode Fuzzy Hash: 792b60c2d4b6dc0eadc9e5702d048cccf3db3187c7f0cd0b7ac3c4acabbecc96
Instruction Fuzzy Hash: 30E0D872B442088BD730CA56CCC5FA8B3F5EB40702F1401E6E909A7150FAB16E84AB92

Function 00B436CF Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B43BFA

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: fa1fab9af295c091cb70130e66672ae43538fbf161cf5234f9f5aaf769a9250f
Instruction ID: bbdb87a2d460d1860efc4b5b08d8d1bcc5b87856e558785676c29218ee2a241d
Opcode Fuzzy Hash: fa1fab9af295c091cb70130e66672ae43538fbf161cf5234f9f5aaf769a9250f
Instruction Fuzzy Hash: 2AF01571A8425A8BDB24CE50CC91FA8B3B5EB44702F1041EAA909A6280EA316E909F51

Function 00B9694E Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000), ref: 00B97CFA

Part of subcall function 00B97D28: CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 2be231e7c47b203d3ab4ee8215e99433f34df57f34a1c791668247d8cc72e55d
Instruction ID: 2526ba53499f00ff64da65fae533d9bf785449c9c0199a18b9c814aefd831510
Opcode Fuzzy Hash: 2be231e7c47b203d3ab4ee8215e99433f34df57f34a1c791668247d8cc72e55d
Instruction Fuzzy Hash: FBF030B1914368AFDB24DF20CC85BDABBB4FF44301F0085EED149A6141EA755AC5CF10

Function 00B97E1F Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B97E45

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 02674f7c98431bbd9e2ea608363d93232d170d753f83e375fa5e566f5abdc42d
Instruction ID: 2b78f74441f1965da3e628314c383550635d1197625ebb4518641b64fb0e2e62
Opcode Fuzzy Hash: 02674f7c98431bbd9e2ea608363d93232d170d753f83e375fa5e566f5abdc42d
Instruction Fuzzy Hash: 55E06DF0850358AFEB208B50DC81AEB7BB8BB44710F1145EAE548A6541E6745EC4CF12

Function 00B529F9 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 00B53D9D

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 22eb1ef79d5092128ceb8db3efc50112a16ed5853035b7caad7f132885c71ae8
Instruction ID: 2a6a9545a986fad7114a21bec35a682ceda530cc79ee08115fc0e1bc74c0ce16
Opcode Fuzzy Hash: 22eb1ef79d5092128ceb8db3efc50112a16ed5853035b7caad7f132885c71ae8
Instruction Fuzzy Hash: AEE012B2D5911C8BDB24DA54DC84BE9F3B4AB48712F2041D9EC0D63341DA715F84DF91

Function 00B4B567 Relevance: 1.5, APIs: 1, Instructions: 212memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B4B9B1

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 312f2eb45a709e00064cea34ef16a9697ac4e7d29ae3293fe0c717a75fee07bd
Instruction ID: b08d1b260244b7d384da2962a860f373d66a0b79cac615125745f5644b61fe2f
Opcode Fuzzy Hash: 312f2eb45a709e00064cea34ef16a9697ac4e7d29ae3293fe0c717a75fee07bd
Instruction Fuzzy Hash: 1E71E0B2D052289FEB248A14DCD0FEAB7B5EB80310F1841FAD90D16641D339AFC5DE92

Function 00B35ED5 Relevance: 1.4, APIs: 1, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 58d65d6c63d75e496629591fbeefeb18ba06b48bf27562f2e3faf3580362e04f
Instruction ID: b0d5ed2592c8f1df543f4471728d3d122247355b231c23c910dfb4372913cbd9
Opcode Fuzzy Hash: 58d65d6c63d75e496629591fbeefeb18ba06b48bf27562f2e3faf3580362e04f
Instruction Fuzzy Hash: BF6121B2C00518AFF7248A14ED89BF777A9EB80315F2481FAE90D96580D67D5FC9CE12

Function 00B35B13 Relevance: 1.4, APIs: 1, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 354c5609520c40c95d15a2865492b763bdb5f1730b22de0494fa2aefd643f007
Instruction ID: f97f4a0b96d5bd927273cbc5fcce0e2b2db511c21c5e50c768bb9bf11d8a7896
Opcode Fuzzy Hash: 354c5609520c40c95d15a2865492b763bdb5f1730b22de0494fa2aefd643f007
Instruction Fuzzy Hash: EC6100B2D00124ABF7248A14ED99BF777B9EB80315F2481FAE90D96180D6791FC9CE52

Function 00B359E9 Relevance: 1.4, APIs: 1, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1b7e08e8bd2293582f6d98d0f66cd7f8fd2fb4a2b2ff81d38336ebbc7974b741
Instruction ID: 8f7ea695c00eeac7f65352f38778c06004e2c861b1efc659181be9a7d4b55f06
Opcode Fuzzy Hash: 1b7e08e8bd2293582f6d98d0f66cd7f8fd2fb4a2b2ff81d38336ebbc7974b741
Instruction Fuzzy Hash: F16123B2C00514AFF7248A14ED99BF777B9EB80315F2481FAE90E96180D6795FC9CE12

Function 00B35AB2 Relevance: 1.4, APIs: 1, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 02a6fe4f141a858dc833e010f837b794eed4285fb79b615b99c1127e3da61924
Instruction ID: ad77aead08538aea918d808f74ca504a43e5ac263ed18149fe523313792ac28f
Opcode Fuzzy Hash: 02a6fe4f141a858dc833e010f837b794eed4285fb79b615b99c1127e3da61924
Instruction Fuzzy Hash: 495123B2D00514AFF7248A14ED89BF777B9EB80315F2481FAD90996280D6795FC9CE12

Function 00B359FA Relevance: 1.4, APIs: 1, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f064f53823ab122bafbdb8a69dd860cd804adcc1e31eb380120065bad1fdcdc1
Instruction ID: 25ea1163e3ad6989282c422e43244bfef4bea39911c55a13c7533dd4cbbca424
Opcode Fuzzy Hash: f064f53823ab122bafbdb8a69dd860cd804adcc1e31eb380120065bad1fdcdc1
Instruction Fuzzy Hash: FB5123B2D00114AFF7248A14ED89BF777B8EB80315F2481FAE90E96180D6795FC9CE12

Function 00B35A26 Relevance: 1.4, APIs: 1, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 230894005fec40ac139e58c6a83b9c590f44580cb3c758bf65232b5b3b127b0c
Instruction ID: d20ad6149f71f76fe5fac41401e9265359502fc319d142a631741d0401cf4ea0
Opcode Fuzzy Hash: 230894005fec40ac139e58c6a83b9c590f44580cb3c758bf65232b5b3b127b0c
Instruction Fuzzy Hash: E95122B2D00118AFF7248A14DD89BF777B8EB80305F2481FAE90A96180D6795FC9CE12

Function 00B36683 Relevance: 1.4, APIs: 1, Instructions: 172memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0a0f527f4ee5f169ca7f9049ab2e0377e5d370517538585429f81be7e27a8506
Instruction ID: 8f7d652c2814033b93a08d7ca094243c1e9824272aafa68b31c7a6199fa1e580
Opcode Fuzzy Hash: 0a0f527f4ee5f169ca7f9049ab2e0377e5d370517538585429f81be7e27a8506
Instruction Fuzzy Hash: 1D5114B2D00528AFF7208A14ED89BFB77B8EB80319F2481FAD90D56180D67D1EC5CE51

Function 00B366AA Relevance: 1.4, APIs: 1, Instructions: 160memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f446aabc4ac296d4dfbb825df3d3c535c451b6edb825beffc38f802254278cbe
Instruction ID: b84cc692b79ae7dab57d24814464db99f2eed538ac3bd09f86046c20d8836a8d
Opcode Fuzzy Hash: f446aabc4ac296d4dfbb825df3d3c535c451b6edb825beffc38f802254278cbe
Instruction Fuzzy Hash: AC5103B2D00129AFF7208A04ED89BFB77B8EB80319F2481F9D90D56280D67D1EC5CE51

Function 00B3657B Relevance: 1.4, APIs: 1, Instructions: 152memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 38f06009eda9c9bad395465b44af1f9589143142f52ce03b2eb72327f50918dd
Instruction ID: 876d2dc4ddf223cbf52359ee3b72f226ec4269106ff8c580fb66a5582181c091
Opcode Fuzzy Hash: 38f06009eda9c9bad395465b44af1f9589143142f52ce03b2eb72327f50918dd
Instruction Fuzzy Hash: AB5123B2D00125AFF7208A14ED99BF777B9EB80315F2481F9D90996280D67D5EC8CE11

Function 00B3664E Relevance: 1.4, APIs: 1, Instructions: 149memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: baf54a6f768b6373811f33f8ce411b798ae8017b041eac41a2233635892c3b62
Instruction ID: 3013213f5c715d936ebaa5be44cd776eba312fa9985389cd507b152da9b36c9c
Opcode Fuzzy Hash: baf54a6f768b6373811f33f8ce411b798ae8017b041eac41a2233635892c3b62
Instruction Fuzzy Hash: 3A5123B2D04129AFF7248A04ED99BF777B9EB80315F2481F9D90956180D77D1EC9CE11

Function 00B36AAF Relevance: 1.4, APIs: 1, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d54e8d0d13bd3efd467713e876ffd5fee0b5793c6a594bdc1af3b72e7b90627d
Instruction ID: 72a3a3125905a758279218dd162d2d477a1d76be1cbde29ca9001a92d02cde7f
Opcode Fuzzy Hash: d54e8d0d13bd3efd467713e876ffd5fee0b5793c6a594bdc1af3b72e7b90627d
Instruction Fuzzy Hash: 555116B2D04129AFF7248A14ED99BF7B7B9EB80315F2481F9D90956280D77D1EC8CE11

Function 00B365D5 Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B36AF4

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a4456b2b4088a4e605b348bbf2e3e39d63734f1f33fe99ed6eb20fb36aa9cd15
Instruction ID: 3e78aa8361403263684d137dba19a11d07f346a7a1cfbce9154a2bc06874f6e5
Opcode Fuzzy Hash: a4456b2b4088a4e605b348bbf2e3e39d63734f1f33fe99ed6eb20fb36aa9cd15
Instruction Fuzzy Hash: 144124B2D04129AFF7208A14ED99BF7B7B9EB80315F2481F9D90996280D77D1EC8CE11

Function 00B4B3DD Relevance: 1.4, APIs: 1, Instructions: 125memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B4B9B1

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 908937f9e69040dcfeda65bee689a249c3571e81e6f9c6f14399b0c8dd40d4ca
Instruction ID: 2eb95e701d02bbc9c1e30efc7f2d17ed7572e2c82e2e34cf4d0fbc87982bcd12
Opcode Fuzzy Hash: 908937f9e69040dcfeda65bee689a249c3571e81e6f9c6f14399b0c8dd40d4ca
Instruction Fuzzy Hash: C241F4B2E052689FEB648A14CC94FEB77B4EB90314F1481FADA0D66340D3389FC59E52

Function 00B4050B Relevance: 1.4, APIs: 1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 583b744148275876dffe04835bd5f2a85a0dcb0707f91dfe8c87b98b43b16a0f
Instruction ID: ff75f825cbbc0ace2a45fbc310a13ed07fee9a3080c4f7afede2f3d149255bd1
Opcode Fuzzy Hash: 583b744148275876dffe04835bd5f2a85a0dcb0707f91dfe8c87b98b43b16a0f
Instruction Fuzzy Hash: 094159B2D096689FEB208A15CC84FE67BB4EF91311F1441F6C90D56281D3399FCADB52

Function 00B4B39A Relevance: 1.3, APIs: 1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5f700b2fd179c74b3c5da152240e003de131c4a611fc4ae1014553920706e933
Instruction ID: b40f1656aeefba9bdaeb5d00a6673feed70890ff98895e6f52e9719d13131257
Opcode Fuzzy Hash: 5f700b2fd179c74b3c5da152240e003de131c4a611fc4ae1014553920706e933
Instruction Fuzzy Hash: FF3127B2E066585FE7208615CC98BEB7BB1EB81321F1542F6D90D66280D33C9FC5DE92

Function 00B3F7CA Relevance: 1.3, APIs: 1, Instructions: 87memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f8d83f6c26e90f5461e2ab91cac58bae0207c9db580c86ae674b9c6a69047613
Instruction ID: 3a893dc0bb80d96bd0f564b19b8eb363eb2b7637427860e60cca5d2af50b8018
Opcode Fuzzy Hash: f8d83f6c26e90f5461e2ab91cac58bae0207c9db580c86ae674b9c6a69047613
Instruction Fuzzy Hash: A721E6B2D412259FF7308A24DD84BF777B5EB80725F2081F5E90D666C0D6791EC08A91

Function 00B3F6F9 Relevance: 1.3, APIs: 1, Instructions: 70memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 918570a39286bdcee2f66152ec622b364b7e033d8de73e406d43bb9f2aa301ca
Instruction ID: 9ac8bcbf3e672b18d4efe74b8de0993c14208b518cf149ddf92550fef369e1d0
Opcode Fuzzy Hash: 918570a39286bdcee2f66152ec622b364b7e033d8de73e406d43bb9f2aa301ca
Instruction Fuzzy Hash: 9321C2B1D4421ADFEB248A20DD94BBBB7B8EB84315F3041FAE84966280D6755ED0CE52

Function 00B4B913 Relevance: 1.3, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 00B4B9B1

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 23aa8d0411e6f79c08fcd945bb8308b3c23dd9a569cd6f5cbe0bc154b10bab36
Instruction ID: e187544ae47cbebadd713039c37a250e504ae5f69b7270cc5e93414fc2df5fe7
Opcode Fuzzy Hash: 23aa8d0411e6f79c08fcd945bb8308b3c23dd9a569cd6f5cbe0bc154b10bab36
Instruction Fuzzy Hash: D811C4B1D092189AFB208A15DCD8FEABBB4EB80315F1041F7DE0D15180D3755EC5DE62

Function 00B3F7D5 Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0961451b79378e9aa9167288cb439646d552bf000e5f055744d09c066d829e5e
Instruction ID: 8fb17135d9029ed21107d1dab8ed133301795d66b82018d9f57aa6924e8e0540
Opcode Fuzzy Hash: 0961451b79378e9aa9167288cb439646d552bf000e5f055744d09c066d829e5e
Instruction Fuzzy Hash: 080184B2D9562A8FE7348A24CD85BE677B4F74431AF2041F5D94DA7280D6794DC08E81

Function 00B3FC41 Relevance: 1.3, APIs: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 43bb41686f7f0f7ac6d7483c08cb66978dbe318e1d40c45293ca5861db9e423e
Instruction ID: 07304243f403c64639bd1ef52534f35981fb702d74e7bf0eebdde5f342009222
Opcode Fuzzy Hash: 43bb41686f7f0f7ac6d7483c08cb66978dbe318e1d40c45293ca5861db9e423e
Instruction Fuzzy Hash: 4C0104B1C8836E8FDB319B208C85BA9BBF0EF05316F2001FAE84966181D77119C4CF92

Function 00B3F7DC Relevance: 1.3, APIs: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f33aa0f522f5223469725de58cee0f5e68a97a8a709dae92ae86d5f2692a1b25
Instruction ID: f76b2d219d4ff8664b98088e62c2a34bf724beaba5e42d9b7a8491536ef1159f
Opcode Fuzzy Hash: f33aa0f522f5223469725de58cee0f5e68a97a8a709dae92ae86d5f2692a1b25
Instruction Fuzzy Hash: F30161B2D456298FEB348A24CD45BEA77B0EB44316F1041F9DE4D67681D6794DC0CE81

Function 00B3F120 Relevance: 1.3, APIs: 1, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9970fd5587f6cdcabfed28c56e8c3b5fb5f1449a5326cbaed996bc5ba3c56ac5
Instruction ID: 22bad93699b8c39565a97ac8f358bb51895a769009f23f2b9989f5f64ebbc9a5
Opcode Fuzzy Hash: 9970fd5587f6cdcabfed28c56e8c3b5fb5f1449a5326cbaed996bc5ba3c56ac5
Instruction Fuzzy Hash: EC01D472D4562A8AE7208A21DC58FBAF7B0FB04316F2042F6EC0D76280DB740E848E81

Function 00B3E8D6 Relevance: 1.3, APIs: 1, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a82df661c526cf609cf7618d10d447e7171659dfc1904b298681c9d246505047
Instruction ID: 0b2a660671d4861e637721221c00caaf81ef09837090da989a031504ed262e9c
Opcode Fuzzy Hash: a82df661c526cf609cf7618d10d447e7171659dfc1904b298681c9d246505047
Instruction Fuzzy Hash: 91F08BB3E897491FE7305A208C45BB97BA0AB00316F3501FAEF89290C3D77509858B82

Function 00B3F156 Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d3e79a509dcacd0b0be86c35c5286a1d36554314773393c82342e62197d46432
Instruction ID: 32eedc933a9a126c48ca4169415c2c59f3355306f3b559ef9302ecd46855492d
Opcode Fuzzy Hash: d3e79a509dcacd0b0be86c35c5286a1d36554314773393c82342e62197d46432
Instruction Fuzzy Hash: 57F0AE72D8415E59F3305561DC19F66BAA0F70172AF1042F6DD49261C097B50994DBD2

Function 00B3F75B Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e3887bd73793430547e485f1c66a1f45bc202ae95103271211f30a2646146339
Instruction ID: 50d9b39a2169af262c39a5f653c9248b06e6bd336c961b987bb8b8491cf2022b
Opcode Fuzzy Hash: e3887bd73793430547e485f1c66a1f45bc202ae95103271211f30a2646146339
Instruction Fuzzy Hash: FFF0B471E8861A9FEB349A108C84B76B6F0F740316F7042FADD4A15680CA700DC08F85

Function 00B3FC6B Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c974bed44b97bc14f19a46e553caabb9276d068b924b1d6257c3b92a031f52c8
Instruction ID: ab2a4d232e82b6fe366ef301047ab6105d30c8f1f2ad302206f703a9f7811737
Opcode Fuzzy Hash: c974bed44b97bc14f19a46e553caabb9276d068b924b1d6257c3b92a031f52c8
Instruction Fuzzy Hash: F7F089B1D8462E9EE7309A208C85BB9B6B0F705726F6041F5DD0D76280DB705DC48ED6

Function 00B3F76A Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0f70e15cee615d5c0914786b8c9c03c99b80ae370ab9aae99e752b8f5f4747c4
Instruction ID: 285e99ef4e54585493a8311d6f93057e7b3a13adee98863f0df7a67955183180
Opcode Fuzzy Hash: 0f70e15cee615d5c0914786b8c9c03c99b80ae370ab9aae99e752b8f5f4747c4
Instruction Fuzzy Hash: 32F0A771D8461E8FEB349E10CC45BBAB2B0FB40316F6042E9ED49662C0D7710DC08E85

Function 00B3F167 Relevance: 1.3, APIs: 1, Instructions: 27memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 69e55553f5854c4274b12718ced71b61ab473e4b7902bb1f02f495ff8c8b4686
Instruction ID: 4abe078f1d0f1a7e44035a7f45ee8041eb6e1012d4d77a10d6aba643ce6b4080
Opcode Fuzzy Hash: 69e55553f5854c4274b12718ced71b61ab473e4b7902bb1f02f495ff8c8b4686
Instruction Fuzzy Hash: F5F0A7719C83468EE72046115C19B6577F0BB4132AF2401FAED49591C1D7B60AC5CB83

Function 00B3E8F2 Relevance: 1.3, APIs: 1, Instructions: 25memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8acfb94772938270645ce94d82b41fffa0a4a94a6e0e34f9d4c1651f84cacd7b
Instruction ID: 3d90132ce4648bca4a4316f4ecc65d9165be6db3acf5faec3ec86609f0ad48be
Opcode Fuzzy Hash: 8acfb94772938270645ce94d82b41fffa0a4a94a6e0e34f9d4c1651f84cacd7b
Instruction Fuzzy Hash: B9E092B3F8960A9AF7305510CC49BB9B2A0B75072AF7501F6EE492A1C097B50D848986

Function 00B3FC7C Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000002CC,00001000,00000004), ref: 00B3FCC5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b1df66e949bb2929a3f2d09d53f7f20a228648c06dc240de354995ee2ac55112
Instruction ID: 68fd612d86fe50cf590e948404cfc085a90dcfc676e731fd24e3228a7c37ceae
Opcode Fuzzy Hash: b1df66e949bb2929a3f2d09d53f7f20a228648c06dc240de354995ee2ac55112
Instruction Fuzzy Hash: 08F03072D8562A9EEB309A148C85BB9B6B0F70432AF6001F5DE0D26280DB711EC48EC6

Non-executed Functions

Function 00B31F3C Relevance: 26.6, Strings: 21, Instructions: 338COMMON

Download Yara Rule

Strings

x, xrefs: 00B3250A
3, xrefs: 00B32241
OBIN, xrefs: 00B32488
3, xrefs: 00B32047
d, xrefs: 00B324BD
M, xrefs: 00B324AF
t, xrefs: 00B324A8
W, xrefs: 00B32511
e, xrefs: 00B324D2
G, xrefs: 00B3249A
e, xrefs: 00B324A1
u, xrefs: 00B324C4
E, xrefs: 00B32503
d, xrefs: 00B324EE
n, xrefs: 00B324E7
a, xrefs: 00B324E0
e, xrefs: 00B324FC
l, xrefs: 00B324F5
o, xrefs: 00B324B6
H, xrefs: 00B324D9
l, xrefs: 00B324CB

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID: ContextThreadWow64
String ID: E$G$H$M$OBIN$W$a$d$d$e$e$e$l$l$n$o$t$u$x$3$3
API String ID: 983334009-780640683
Opcode ID: ef19a461417219580b49e34330e332657820c932d5e9ee369dcbd88367777d9a
Instruction ID: 8a9df767ae90d74fc33f0f90e9233db80a091d9092ce7e0c4dd8f93a6e3c111c
Opcode Fuzzy Hash: ef19a461417219580b49e34330e332657820c932d5e9ee369dcbd88367777d9a
Instruction Fuzzy Hash: 80F17BB0D086A88BEB258B28DC456EABBB1EF95304F1480EAD54DA7740E7354FC5CF52

Function 00B3212E Relevance: 25.3, Strings: 20, Instructions: 276COMMON

Download Yara Rule

Strings

x, xrefs: 00B3250A
3, xrefs: 00B32241
OBIN, xrefs: 00B32488
d, xrefs: 00B324BD
M, xrefs: 00B324AF
t, xrefs: 00B324A8
W, xrefs: 00B32511
e, xrefs: 00B324D2
G, xrefs: 00B3249A
e, xrefs: 00B324A1
u, xrefs: 00B324C4
E, xrefs: 00B32503
d, xrefs: 00B324EE
n, xrefs: 00B324E7
a, xrefs: 00B324E0
e, xrefs: 00B324FC
l, xrefs: 00B324F5
o, xrefs: 00B324B6
H, xrefs: 00B324D9
l, xrefs: 00B324CB

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: E$G$H$M$OBIN$W$a$d$d$e$e$e$l$l$n$o$t$u$x$3
API String ID: 0-2996905995
Opcode ID: 40de5ef9a87081e6dbb5c1b22fcac0fce8441a0b8ddaad7123897580292125ea
Instruction ID: f6c31712703ce1cbb3fc61eff16283c798c6ebe784668cc53fc438b8ee9fb3e7
Opcode Fuzzy Hash: 40de5ef9a87081e6dbb5c1b22fcac0fce8441a0b8ddaad7123897580292125ea
Instruction Fuzzy Hash: BBC1B2B0C086A89AFB218B28DC457EAB7B1EF55304F1480EAD54DA7240E7394FC5CF56

Function 00B322D5 Relevance: 24.0, Strings: 19, Instructions: 220COMMON

Download Yara Rule

Strings

x, xrefs: 00B3250A
OBIN, xrefs: 00B32488
d, xrefs: 00B324BD
M, xrefs: 00B324AF
t, xrefs: 00B324A8
W, xrefs: 00B32511
e, xrefs: 00B324D2
G, xrefs: 00B3249A
e, xrefs: 00B324A1
u, xrefs: 00B324C4
E, xrefs: 00B32503
n, xrefs: 00B324E7
a, xrefs: 00B324E0
d, xrefs: 00B324EE
e, xrefs: 00B324FC
o, xrefs: 00B324B6
H, xrefs: 00B324D9
l, xrefs: 00B324F5
l, xrefs: 00B324CB

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: E$G$H$M$OBIN$W$a$d$d$e$e$e$l$l$n$o$t$u$x
API String ID: 0-4042089635
Opcode ID: b07f4c8c97c9992f836295cdd634e58df32fd1d06033568697540060a1ea597c
Instruction ID: dc7ad5421c43078f88ded9b27d12c9ce1d81780b6aea8e72cd4492e97d1fbdee
Opcode Fuzzy Hash: b07f4c8c97c9992f836295cdd634e58df32fd1d06033568697540060a1ea597c
Instruction Fuzzy Hash: 108168A1C087989AF7218728DC45BEB77B5EF61304F1480F9D58DA7680E73A0FC58B66

Function 00B32327 Relevance: 24.0, Strings: 19, Instructions: 217COMMON

Download Yara Rule

Strings

x, xrefs: 00B3250A
OBIN, xrefs: 00B32488
d, xrefs: 00B324BD
M, xrefs: 00B324AF
t, xrefs: 00B324A8
W, xrefs: 00B32511
e, xrefs: 00B324D2
G, xrefs: 00B3249A
e, xrefs: 00B324A1
u, xrefs: 00B324C4
E, xrefs: 00B32503
n, xrefs: 00B324E7
a, xrefs: 00B324E0
d, xrefs: 00B324EE
e, xrefs: 00B324FC
o, xrefs: 00B324B6
H, xrefs: 00B324D9
l, xrefs: 00B324F5
l, xrefs: 00B324CB

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: E$G$H$M$OBIN$W$a$d$d$e$e$e$l$l$n$o$t$u$x
API String ID: 0-4042089635
Opcode ID: e4ff268003b007ecac77b725dd5b4c817b49aac8575833741f8b4c68098075f3
Instruction ID: 7d842c088687f73c93300dc90195a38b86ae2d7d24939ed26cde2f308441b2eb
Opcode Fuzzy Hash: e4ff268003b007ecac77b725dd5b4c817b49aac8575833741f8b4c68098075f3
Instruction Fuzzy Hash: 0B815AA1C086989AF7218728DC45BEB77B5EF61304F1480FDD58DA6680E73A4FC58B62

Function 00B4BA3C Relevance: 22.9, Strings: 18, Instructions: 408COMMON

Download Yara Rule

Strings

e, xrefs: 00B4C18F
r, xrefs: 00B4C15E
i, xrefs: 00B4C142
e, xrefs: 00B4C150
r, xrefs: 00B4C1A4
y, xrefs: 00B4C1AB
o, xrefs: 00B4C19D
P, xrefs: 00B4C157
e, xrefs: 00B4C173
m, xrefs: 00B4C196
t, xrefs: 00B4C149
W, xrefs: 00B4C134
r, xrefs: 00B4C13B
M, xrefs: 00B4C188
s, xrefs: 00B4C17A
o, xrefs: 00B4C165
s, xrefs: 00B4C181
c, xrefs: 00B4C16C

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M$P$W$c$e$e$e$i$m$o$o$r$r$r$s$s$t$y
API String ID: 0-3267982596
Opcode ID: 7ee22ebd26bf88c3ce5de3eaf8d08a57ed8d73b853d9e0b6721cf98a685b79ee
Instruction ID: a0e3a22d6b04f37aee438ebf3814f3b1e1b77e6f6a3a914a620eb8e2e2cda9a4
Opcode Fuzzy Hash: 7ee22ebd26bf88c3ce5de3eaf8d08a57ed8d73b853d9e0b6721cf98a685b79ee
Instruction Fuzzy Hash: C5F111B1D082A88BEB248B24DC94BEABBB1EF51304F0441FAD54D67281D7795FC58F62

Function 00B4BDD6 Relevance: 22.9, Strings: 18, Instructions: 354COMMON

Download Yara Rule

Strings

e, xrefs: 00B4C18F
r, xrefs: 00B4C15E
i, xrefs: 00B4C142
e, xrefs: 00B4C150
r, xrefs: 00B4C1A4
y, xrefs: 00B4C1AB
o, xrefs: 00B4C19D
P, xrefs: 00B4C157
e, xrefs: 00B4C173
m, xrefs: 00B4C196
t, xrefs: 00B4C149
W, xrefs: 00B4C134
r, xrefs: 00B4C13B
M, xrefs: 00B4C188
s, xrefs: 00B4C17A
o, xrefs: 00B4C165
s, xrefs: 00B4C181
c, xrefs: 00B4C16C

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M$P$W$c$e$e$e$i$m$o$o$r$r$r$s$s$t$y
API String ID: 0-3267982596
Opcode ID: ba0d12c59aa6b29438d33a573197b07fd1cbbd5332d2f918b5c5a989eaad19c0
Instruction ID: 6ea8f7828f7b506a89fac7a8d3b4b16ce7e85624ddb9d99c84af93a8e3583108
Opcode Fuzzy Hash: ba0d12c59aa6b29438d33a573197b07fd1cbbd5332d2f918b5c5a989eaad19c0
Instruction Fuzzy Hash: FAE1CC71D082A88AEB24CB24CC84BEABBB1EF91304F1481EAD54D67281E7795FC5DF51

Function 00B3C785 Relevance: 18.0, Strings: 14, Instructions: 464COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
r, xrefs: 00B3DD86
u, xrefs: 00B3DD94
3, xrefs: 00B3CAA6
l, xrefs: 00B3DDA2
e|, xrefs: 00B3CA55
l, xrefs: 00B3DDB7
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$e|$i$l$l$l$o$r$t$u$3
API String ID: 0-3593921935
Opcode ID: 864b623ad92583d1d32c4f2bdc1cb40b0008d94fbf0e5d947ff8f97d006108e6
Instruction ID: c4bf89cc2943217e2aee2af9560969bc529928d7c32e3546193868814145f772
Opcode Fuzzy Hash: 864b623ad92583d1d32c4f2bdc1cb40b0008d94fbf0e5d947ff8f97d006108e6
Instruction Fuzzy Hash: 190225B1D046A88BEB248B24DC84BEABBB5EF95300F1441FAD84D63281D6795FC5CF51

Function 00B3D871 Relevance: 16.4, Strings: 13, Instructions: 181COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
r, xrefs: 00B3DD86
u, xrefs: 00B3DD94
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
P<9<, xrefs: 00B3D871
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$P<9<$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-168012158
Opcode ID: 8aec9e0363bdaf6517de40211b68d7c78934613deb7e37bc0f5d88b25753bb78
Instruction ID: f0cb40d137855d68572c0ad1374eb0042ea73c72c1ad5eef4d15f9bbcf84d21e
Opcode Fuzzy Hash: 8aec9e0363bdaf6517de40211b68d7c78934613deb7e37bc0f5d88b25753bb78
Instruction Fuzzy Hash: 916149E2C082949FF7258624EC88BF77BA9E751310F1481FBD84D6A281D6BD5FC58B21

Function 00B3D7A7 Relevance: 15.2, Strings: 12, Instructions: 243COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 3f6d07aba9e066f48e6f6173bbf332e236dfc53c706cd1f05506384c77fd7c68
Instruction ID: 5d168d6c30b71b0270d8263b0b25ea094a0b6380704bc131f519d5a6f182a62a
Opcode Fuzzy Hash: 3f6d07aba9e066f48e6f6173bbf332e236dfc53c706cd1f05506384c77fd7c68
Instruction Fuzzy Hash: 2B8148E2C042949FF7258A24EC88BE77BB9EB40310F1441FAD84D66281D6BD5FC5CB21

Function 00B3D920 Relevance: 15.2, Strings: 12, Instructions: 233COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: f7c39a011319857aea736b4b0473959a64fd7a67f1eeca68179632505c0e4c8a
Instruction ID: 38db57f32cb9400dcfe632cab691df80af544de5db8ef7510213aea36cf1a3d1
Opcode Fuzzy Hash: f7c39a011319857aea736b4b0473959a64fd7a67f1eeca68179632505c0e4c8a
Instruction Fuzzy Hash: AA8114F2D042549FF7158A14EC94BABBBB9EB90310F2441FAE80D66281D67D5FC5CB22

Function 00B3DC30 Relevance: 15.2, Strings: 12, Instructions: 220COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 215c1d359ad557557f1a944552d987be852ef1db03d46ffc6e410ed519f8f010
Instruction ID: d75a26aa5d4f2c2e1f71f129c2c68862e9d3bd4a07de498d0382c0125048cf83
Opcode Fuzzy Hash: 215c1d359ad557557f1a944552d987be852ef1db03d46ffc6e410ed519f8f010
Instruction Fuzzy Hash: 41816EE2C086989FF7158624EC98BFB7FA9EB41310F2441FBD84926181D6BD1BC5CB21

Function 00B3C852 Relevance: 15.2, Strings: 12, Instructions: 195COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 83560c9bf57c878a92a3416a016677e3cf433627fde5dc5484187aa81d08f6f4
Instruction ID: a18d565421d5cf7fea1aaf38f7ed8a610ef16e6856df205d369f817236e7ee21
Opcode Fuzzy Hash: 83560c9bf57c878a92a3416a016677e3cf433627fde5dc5484187aa81d08f6f4
Instruction Fuzzy Hash: 07615AE2C046949FF7218624EC88BFB7FA8EB51310F1441FAD54D66281D6BD5BC5CB22

Function 00B3C90E Relevance: 15.2, Strings: 12, Instructions: 192COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: b010b89f30c46c9ea7478c22374f36ee93c059c94952ea263ac54bd311d2f0bd
Instruction ID: 18c757473b33f1b968aab6de73a2494cfe5972a5dfb05f458078f248a4b911a1
Opcode Fuzzy Hash: b010b89f30c46c9ea7478c22374f36ee93c059c94952ea263ac54bd311d2f0bd
Instruction Fuzzy Hash: 4E6149E2C086989FF7258624EC88BEB7FA9D791310F1441FAD54D26281C6BD5BC58B22

Function 00B3D7D6 Relevance: 15.2, Strings: 12, Instructions: 190COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 57e3bc91208c1cb33b5f29efdd93e7e9cd4b4073133240901ff69a30f01817bb
Instruction ID: 2211890a38ee44c295bfba1b45352a2ee19e883d87b8f99976b98fefff17b766
Opcode Fuzzy Hash: 57e3bc91208c1cb33b5f29efdd93e7e9cd4b4073133240901ff69a30f01817bb
Instruction Fuzzy Hash: D56108A2C082A49FF7254624EC88BE77FA8EB51310F1441FED84D66281D6BD5FC5CB62

Function 00B3D7BE Relevance: 15.2, Strings: 12, Instructions: 185COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: bd13571ac05a3531159b9afadcd6f729cb7c64f988b5043535aafa9be9f5ac8d
Instruction ID: 50abcda5ecf6076b0b28409f34ec10c74bc293de9184f96cdfa40fabf9801c53
Opcode Fuzzy Hash: bd13571ac05a3531159b9afadcd6f729cb7c64f988b5043535aafa9be9f5ac8d
Instruction Fuzzy Hash: DF5108E2C082949FF7254624EC88BE77FA8E751310F1441FAD84D2A281D6BD5FC5CB62

Function 00B3DC86 Relevance: 15.2, Strings: 12, Instructions: 183COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: efb18092e994a782d30061788c1ea73f570b800d442da8242da99f6e532384ab
Instruction ID: 20bb5f2d4a8f05a97c4a1424bb8987068d0c11559c0d90471c8c4f624fbd205c
Opcode Fuzzy Hash: efb18092e994a782d30061788c1ea73f570b800d442da8242da99f6e532384ab
Instruction Fuzzy Hash: 58615CE1C086989FF7258624EC98BEA7FB9EB51310F2441FED4492A181C6BD4BC5CB21

Function 00B3DC8E Relevance: 15.2, Strings: 12, Instructions: 183COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 75e0cf030b77695c62329ea366a167ee81c6e767b013dc9edfe978ef69fe8433
Instruction ID: 2dc807718bd4ac882095848efd310bd3c25454e2d8008738173c071bdc9bbf64
Opcode Fuzzy Hash: 75e0cf030b77695c62329ea366a167ee81c6e767b013dc9edfe978ef69fe8433
Instruction Fuzzy Hash: 34615BE1C086989FF7258624EC98BEA7FB9EB51310F1441FED84966181C6BD0BC5CB22

Function 00B3C59E Relevance: 15.2, Strings: 12, Instructions: 170COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 0ce2f9ccf65019ca895d824e25791378d9a1822a4b96f5196c5c6b995a9f0681
Instruction ID: f434f76439134227e30a7b2f497dfbcbfa25f82111c7efa90932a8026fb49deb
Opcode Fuzzy Hash: 0ce2f9ccf65019ca895d824e25791378d9a1822a4b96f5196c5c6b995a9f0681
Instruction Fuzzy Hash: A5514DE2C082949FF7218624EC88BE77FA8DB51310F1941FBD44D66281D6BD5BC5CB22

Function 00B3C5A5 Relevance: 15.2, Strings: 12, Instructions: 169COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 44573f7c4199a65c01c5e1313dcf8e320782a7a958f02e7c9af02dc208d93fb2
Instruction ID: e8c3854ef8f29499d8e6992fe323329d92bd2326d6ff384944b6479ff4e15077
Opcode Fuzzy Hash: 44573f7c4199a65c01c5e1313dcf8e320782a7a958f02e7c9af02dc208d93fb2
Instruction Fuzzy Hash: AF513CE2C086949FF7218624EC88BE77FA8EB51314F1841FBD44D66281C6BD5BC58B22

Function 00B3DCF6 Relevance: 15.2, Strings: 12, Instructions: 168COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 3a04f05199b8dc80ac94702b3c6223843eb84109c29a00cdd6c9c8d6dc43ef1d
Instruction ID: 76184ca8781616fed862449c18dba8247a9195ec64b7876aa7587cfefe5e4dbf
Opcode Fuzzy Hash: 3a04f05199b8dc80ac94702b3c6223843eb84109c29a00cdd6c9c8d6dc43ef1d
Instruction Fuzzy Hash: 9B514DE2C082989FF7158624EC98BE77FA8DB51310F1440FED44D26181D6BD5BC5CB22

Function 00B3C637 Relevance: 15.2, Strings: 12, Instructions: 164COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: bbd7c913bc11fc58f33c4b518efd0c96e7b09b6db9993d02e93b76c8006595cc
Instruction ID: a07c67b8b555a7de47adffb1916137580ddbc103db4134e065a44f5253910c6a
Opcode Fuzzy Hash: bbd7c913bc11fc58f33c4b518efd0c96e7b09b6db9993d02e93b76c8006595cc
Instruction Fuzzy Hash: 31514EE2C082949FF7218624EC88BE77FA8E751314F1841FBD54D66282D6BD5BC5CB22

Function 00B3C63D Relevance: 15.2, Strings: 12, Instructions: 164COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 0cf56c97f2ca01c4a2ae2d89b346f45776ab32d83a46015ad9d49bcf20298dd3
Instruction ID: e4d6013544d11e4805716b7e59309b22299f99622a953eb272f518e83ce8f212
Opcode Fuzzy Hash: 0cf56c97f2ca01c4a2ae2d89b346f45776ab32d83a46015ad9d49bcf20298dd3
Instruction Fuzzy Hash: FE515EE2C082949FF7218624EC88BE77FA8E751314F1841FBD44D66282D6BD4BC5CB22

Function 00B3C5BA Relevance: 15.2, Strings: 12, Instructions: 163COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 523102351eeeff9ebdab57c44899c3f7ceef8dbe37de7b79580e483f1bf72490
Instruction ID: a1463007da53d551429d9371761d0f0532b637d6b61c9451ddf0a9882b3774e9
Opcode Fuzzy Hash: 523102351eeeff9ebdab57c44899c3f7ceef8dbe37de7b79580e483f1bf72490
Instruction Fuzzy Hash: 0C513EE2C086989FF7218624EC88BE77FA8E751314F1441FBD54D66181C6BD5BC5CB22

Function 00B3D809 Relevance: 15.2, Strings: 12, Instructions: 162COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 423ed3db2635845648250a2f6e7b933d0fe3270bca9173c8a446d30727f5e3b9
Instruction ID: 4be415b7bcaa57968e39f7c56e4b757aa857ad64e9a3ffcdb98cb5a71c708fa3
Opcode Fuzzy Hash: 423ed3db2635845648250a2f6e7b933d0fe3270bca9173c8a446d30727f5e3b9
Instruction Fuzzy Hash: 2F511AE2C082A49FF7154624EC88BE77FA9D751310F1440FAD84D2A281C6BD5FC5CB62

Function 00B3D950 Relevance: 15.2, Strings: 12, Instructions: 160COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: c416d0231ad9f83988a6a5e7cdad11fba59c72f638c1f12b4b6d6a7d91472061
Instruction ID: 25adad10b787f5b949ee9d64165b2e62b06fe7bde8cf56bf41dbbbfdbb0ac28c
Opcode Fuzzy Hash: c416d0231ad9f83988a6a5e7cdad11fba59c72f638c1f12b4b6d6a7d91472061
Instruction Fuzzy Hash: BD5128E2C082949FF7158624EC98BA77FA8E751310F1441FAD44D6A281D6BD5FC5CB22

Function 00B3DD24 Relevance: 15.2, Strings: 12, Instructions: 155COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: 719d44db2a8cee1fe50de257dfcf9122b620852640b4824127cd1521110388d9
Instruction ID: e965b2e89415d394295056d546386245038cb1bc453dfd4f84dee690cf4fb67d
Opcode Fuzzy Hash: 719d44db2a8cee1fe50de257dfcf9122b620852640b4824127cd1521110388d9
Instruction Fuzzy Hash: F65128E2C082949FF7258624EC98BE77FA8E751310F1440FAD84D2A281D6BD5BC5CB22

Function 00B3C9A1 Relevance: 15.2, Strings: 12, Instructions: 152COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: d22379301c28db30f1d4161d659939aac742bb1c1e0e7d33b551be9371f5a487
Instruction ID: 32bf6078cbf627c32dcbe5fc2edda539338c496567e63f7cd913431a62db3110
Opcode Fuzzy Hash: d22379301c28db30f1d4161d659939aac742bb1c1e0e7d33b551be9371f5a487
Instruction Fuzzy Hash: B6516EE2C082949FF7158624EC887E77FA8E751314F1440FFD44966282C6BD5BC5CB22

Function 00B3D96E Relevance: 15.2, Strings: 12, Instructions: 152COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: e6e22356fc6080e0fe48eb9d395d3ea7c5c57d19d050d6de8daf6192a00a06cd
Instruction ID: 61abee89c62370c1a632de1e5b9a1e4d5a388fd59f779107474dec94b9ba4b9d
Opcode Fuzzy Hash: e6e22356fc6080e0fe48eb9d395d3ea7c5c57d19d050d6de8daf6192a00a06cd
Instruction Fuzzy Hash: C4514AE2C082949FF7258624EC88BE77FA9E751310F1441FAD84D6A281C6BD5FC5CB22

Function 00B3D82E Relevance: 15.1, Strings: 12, Instructions: 149COMMON

Download Yara Rule

Strings

c, xrefs: 00B3DDC5
t, xrefs: 00B3DD8D
i, xrefs: 00B3DD7F
u, xrefs: 00B3DD94
l, xrefs: 00B3DDB0
A, xrefs: 00B3DDA9
o, xrefs: 00B3DDBE
l, xrefs: 00B3DDA2
l, xrefs: 00B3DDB7
r, xrefs: 00B3DD86
V, xrefs: 00B3DD78
a, xrefs: 00B3DD9B

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: A$V$a$c$i$l$l$l$o$r$t$u
API String ID: 0-1474867871
Opcode ID: ab14c8ba6b8ec7c28ede62265899ec88fb53fd6d075de9f9d242f0770388c027
Instruction ID: 2d2e4b24c769cda0b349650f89632d463e478639b5ab80c0dd103c120b09fbc5
Opcode Fuzzy Hash: ab14c8ba6b8ec7c28ede62265899ec88fb53fd6d075de9f9d242f0770388c027
Instruction Fuzzy Hash: 5A5139E2C082989FF7158624EC98BE67FA9DB51310F1440FED84D2A281C6BD5BC5CB22

Function 00B3AEF4 Relevance: 4.0, Strings: 3, Instructions: 295COMMON

Download Yara Rule

Strings

7B;2, xrefs: 00B3B311
Q, xrefs: 00B3B3BB
YQ, xrefs: 00B3B7D8

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: 7B;2$Q$YQ
API String ID: 0-2086112649
Opcode ID: c5d3e086991dd111372fa0117f3f856af8c142f812b310752429494378cc2e11
Instruction ID: 29d12b0dec14e5b8691f85bba479596cfd6f1c3bc4b3c595f15fdf2d13d22aa7
Opcode Fuzzy Hash: c5d3e086991dd111372fa0117f3f856af8c142f812b310752429494378cc2e11
Instruction Fuzzy Hash: 1CA13AB2C041248FE724CB24DC95EEBB7B4EF81310F2441FAD94997245D738AE86CA52

Function 00B32C7B Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

e|, xrefs: 00B33090
M=M9, xrefs: 00B337F5
3, xrefs: 00B330E1

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M=M9$e|$3
API String ID: 0-2436971195
Opcode ID: 027230caaf09b0343f382333043eecf9ab2e128ff17492a5cecb8ec26c5603e3
Instruction ID: 11adc3ff4145e205d66b82073627b82729b8439590e385b29f227ee89bbc5481
Opcode Fuzzy Hash: 027230caaf09b0343f382333043eecf9ab2e128ff17492a5cecb8ec26c5603e3
Instruction Fuzzy Hash: E3917DB1D056689BEB25CB18DC85AEAB7F5EF98310F2481EAD90D62340E7385FC58F01

Function 00B5282C Relevance: 2.9, Strings: 2, Instructions: 353COMMON

Download Yara Rule

Strings

3, xrefs: 00B52ADF
e|, xrefs: 00B52A8E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: e|$3
API String ID: 0-1726640827
Opcode ID: 33e0ba9de31bb772fd2bf121173325c4fdd2daf1386223d4182eba6863268429
Instruction ID: 0dff6e8cc05be700e757e21ab5782f8fe85ee6934c7d3e07c962624da5649813
Opcode Fuzzy Hash: 33e0ba9de31bb772fd2bf121173325c4fdd2daf1386223d4182eba6863268429
Instruction Fuzzy Hash: 9DD1F3B1D052688BEB288B28DC996EABBB5EF45310F0441FAD84DA3342E6355FC5CF51

Function 00B427DA Relevance: 2.7, Strings: 2, Instructions: 234COMMON

Download Yara Rule

Strings

e|, xrefs: 00B428C8
3, xrefs: 00B42919

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: e|$3
API String ID: 0-1726640827
Opcode ID: 67b296f1e1022dd70b3d1fae0ced1e46ac05f8f08e708a2e6d05d07fd6d4c57f
Instruction ID: 06eaec39ce5088247d2d4e5bc07fbdc436136db56271ca8ba09a348faa763a34
Opcode Fuzzy Hash: 67b296f1e1022dd70b3d1fae0ced1e46ac05f8f08e708a2e6d05d07fd6d4c57f
Instruction Fuzzy Hash: 0FA19B75D086698BEB258B18CD846EABBB5EF89310F1481EAE84D63241D7740FC2DF51

Function 00B3723B Relevance: 2.0, Strings: 1, Instructions: 729COMMON

Download Yara Rule

Strings

D, xrefs: 00B372D1

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: eef1a1bb66c2f6e54e867d6151cf76f9ba4dd2906c29cdb5fdf94b8ae38f496b
Instruction ID: 9e01ff4ce3420629a62e1ec4714080c13e1bff3397fb0ae0777eb9130bbb47fd
Opcode Fuzzy Hash: eef1a1bb66c2f6e54e867d6151cf76f9ba4dd2906c29cdb5fdf94b8ae38f496b
Instruction Fuzzy Hash: B3727535E2866887DB28DB799C511DBA2B3EF58300F04E5FD940DE7264F7714A898F0A

Function 00B521B0 Relevance: 1.6, Strings: 1, Instructions: 316COMMON

Download Yara Rule

Strings

4@@M, xrefs: 00B5215E

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: 4@@M
API String ID: 0-3598929666
Opcode ID: 832a97a9a68d86c5617f994e34397d5d08dbc7fd7552123d80ac13ea1608cd02
Instruction ID: 097b483d69a3d47173d2378ef095988eb69f303d89bfaf87061377cba66be927
Opcode Fuzzy Hash: 832a97a9a68d86c5617f994e34397d5d08dbc7fd7552123d80ac13ea1608cd02
Instruction Fuzzy Hash: D5B133B2D051689AE7148B20DC84BFB7674EF81311F1481FAD84DA7680E67D5FC6CBA2

Function 00B33473 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

M=M9, xrefs: 00B337F5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M=M9
API String ID: 0-2119929983
Opcode ID: 4f7b1bad0cbf184d7320e8896b604e6dad6f4db04e23f4a1950f35e6cae172bd
Instruction ID: 377b9fa06e4674ec7d1a3b9ad1829cd99581c1fdfbe6be157e1cfec41b0f2004
Opcode Fuzzy Hash: 4f7b1bad0cbf184d7320e8896b604e6dad6f4db04e23f4a1950f35e6cae172bd
Instruction Fuzzy Hash: 5D7117F2D04158AFF720CA14DC80EEB77B9EB84714F2981FAE80D56241D6396FC58E52

Function 00B42CB8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

IF7C, xrefs: 00B4310C

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: IF7C
API String ID: 0-3432876487
Opcode ID: 63053362f7ef531a3bb37ae1c5be2ac6f276c94fa08a0c5d18e0f8e159573144
Instruction ID: aa6ab3bc02dc1d6dae2ff1234c0424e9f7eeae68018b8183fbb87a508709c14c
Opcode Fuzzy Hash: 63053362f7ef531a3bb37ae1c5be2ac6f276c94fa08a0c5d18e0f8e159573144
Instruction Fuzzy Hash: 6261ACF2D090846FE3148A24DC95AE73BE9EBD1710F2901FAD40A96642D57C1BC7DA22

Function 00B3323F Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

M=M9, xrefs: 00B337F5

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID: M=M9
API String ID: 0-2119929983
Opcode ID: 5f6dfe6656d05d5c77311201abe6937b2c7b814d2d60bc2640ebc93997525557
Instruction ID: e5c92ea9e941b10290f8f60064a868b3a32b045c95c9d24d52384fb24c77ed5a
Opcode Fuzzy Hash: 5f6dfe6656d05d5c77311201abe6937b2c7b814d2d60bc2640ebc93997525557
Instruction Fuzzy Hash: 5A6129F2D05118ABF7248A14DC95FE777B8EB84710F2481FADC0E66280E6796FC58E51

Function 00B9B179 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcbf61d6519938a428950d48cf22ed505fe968738b6aad921b0f9c1bc58da74
Instruction ID: d488777e08f03562c8e5d2f0533e97653c49d3705b043a1cc1e9fbf3e739142f
Opcode Fuzzy Hash: dbcbf61d6519938a428950d48cf22ed505fe968738b6aad921b0f9c1bc58da74
Instruction Fuzzy Hash: 0B9116F2D006249FFB148A15EED4FEB77B9EB91310F1440FAE80D56681D6785FC28A62

Function 00B9BA36 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3728ccc3bf93d45df689d46ad46ee000bfe91000339ac80b55cc4b8e914044
Instruction ID: e2bfc0e0abc9a3e17cbfa9df69d111da66830198fbd23a4276af909536c76181
Opcode Fuzzy Hash: 8b3728ccc3bf93d45df689d46ad46ee000bfe91000339ac80b55cc4b8e914044
Instruction Fuzzy Hash: 829104B2C042249FEB249F24EDD1AEA7BB5FF41310F1441FAD94996282EB395EC1CB51

Function 00B9C6A5 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7246a1d404e66029266c6615454d62c0c9ac66bcf03f9471059c226d7adeb86
Instruction ID: 2c3842c57366b73173520d95b016ff75e9ecaf61d9f6244b7517bf7d4869d47d
Opcode Fuzzy Hash: b7246a1d404e66029266c6615454d62c0c9ac66bcf03f9471059c226d7adeb86
Instruction Fuzzy Hash: 4F813BA2D145149AFB208B24DC55BFB7779EFC5310F2481FAD80D9B280EA795EC1CB62

Function 00B99182 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafdc3d0c1037afdbe2557e6979a63caa958ea4c4f597ccd10abb72028856147
Instruction ID: 5d2ca3cb9ec5c7d06dd420a723715a32c2eee3bfa1b338e59d0f5f60177c4d55
Opcode Fuzzy Hash: eafdc3d0c1037afdbe2557e6979a63caa958ea4c4f597ccd10abb72028856147
Instruction Fuzzy Hash: 0791F2B2E046649BEB24CA18CC90BBB77B6FF81305F1441FDE80957281D638AEC1CE51

Function 00B52E78 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a09234d393006b1d09469bccea57a69f3151c80b7a8c5a9a903070e182b64fce
Instruction ID: abaa9464aedfec097a747583462d6acc0dec78763fd55e7224c51d1d75a4654c
Opcode Fuzzy Hash: a09234d393006b1d09469bccea57a69f3151c80b7a8c5a9a903070e182b64fce
Instruction Fuzzy Hash: FC8147B2D046549BF724CA14DC94FEB77B9EB81701F1841F9DC0DA2281C6386FC58E91

Function 00B3D5FF Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 176a5c2801037c24be49b925bf807e607aaa5caaeaa828520cf31c20dd1cb106
Instruction ID: 38da869b9caff38573b95c2e6f076a8fb15edf7c6d4ca42534f0fefb300ed07c
Opcode Fuzzy Hash: 176a5c2801037c24be49b925bf807e607aaa5caaeaa828520cf31c20dd1cb106
Instruction Fuzzy Hash: E47125B2D040249FE7248B25EC80BFB7BB5EF95310F2082FAD44D56A41E6385EC6CE52

Function 00B35745 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55ce2cbe5ef3519eb2ba7a36699fcf2af22e058ad6eb6714585e46ed32a4a626
Instruction ID: 87a0d7dd62ae6d7f8b444ab45700b80a27705567248a32786fa08375b63eb4a7
Opcode Fuzzy Hash: 55ce2cbe5ef3519eb2ba7a36699fcf2af22e058ad6eb6714585e46ed32a4a626
Instruction Fuzzy Hash: F66167A2D082545BF7108A24DC94AF77B78EF91314F1441FAD94D87681E63E8FC39762

Function 00B9C412 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7c785207dbfd6d284ab69db40cdd4a5b3d2c0f3e2d6bb50f33bbae08ec56c63
Instruction ID: 0ec507691fa81c45a9356a1c3930445c960363246889675f1112bf3bd49f8954
Opcode Fuzzy Hash: e7c785207dbfd6d284ab69db40cdd4a5b3d2c0f3e2d6bb50f33bbae08ec56c63
Instruction Fuzzy Hash: E07136A2D141259AFB208B25DC54BFB7779FF95710F2081FAD80D9B280E6395EC1CB62

Function 00B9B54F Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a6ee27ad006e39c14ae60f1092e0e18143e25f1cd0897977e32d6183db2cebf
Instruction ID: cdde823fa3cf3a7d06f4899de0e32493df6573f8867debc18a624fda2f48ac0e
Opcode Fuzzy Hash: 6a6ee27ad006e39c14ae60f1092e0e18143e25f1cd0897977e32d6183db2cebf
Instruction Fuzzy Hash: 8F6109B2D006249FFB148A25FDC4EEB77B8EB81310F1540FAE80D56681D67D5FC68A51

Function 00B4C3EE Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceeb025372b7be7e730cd278c151f2a8012b6699722c6483c231a9270987f322
Instruction ID: 2e288f5e445443c5a2458f4fa2b06e03518b11eab5d37a250087fe9b56889218
Opcode Fuzzy Hash: ceeb025372b7be7e730cd278c151f2a8012b6699722c6483c231a9270987f322
Instruction Fuzzy Hash: 937126A2D145248AFB288B20DC51BFE7AB5EF94710F1081FEE50E97680E67D5FC18B16

Function 00B9C429 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bbacd8796875ce1b9c7562de7bc1f15ceae9d7c800ead50439ef262d8dbc109
Instruction ID: 79038f7339d4eef4f61a42e51a13e4cbca99dbf16b818850343462193754b73a
Opcode Fuzzy Hash: 9bbacd8796875ce1b9c7562de7bc1f15ceae9d7c800ead50439ef262d8dbc109
Instruction Fuzzy Hash: 2F6106A2D101289AFB208B25DC54BFB6779EF95710F2081FAD80D97280E6795EC18B62

Function 00B9B94A Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5874255093db914e1c3f9a2d880605ba7dbbdb8cc23e60c43ed4774db5e3a1
Instruction ID: 6c2a41c5d1cb9b136f885ba6c72f61694f62e7ff44d00f3c481bd11c4a5ccd53
Opcode Fuzzy Hash: 2b5874255093db914e1c3f9a2d880605ba7dbbdb8cc23e60c43ed4774db5e3a1
Instruction Fuzzy Hash: AA71E4B2C042689BDB249F24EDD4AEB7BB4FB45310F1440FAD94996242EB395EC1CB51

Function 00B9C449 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832d98851e0777dd2c62b64c93ea7a4164bec38ea830c896cbdafa3668d789cd
Instruction ID: 1578305e8b72bf7017a7c23f588e877337b81b375065aef14d099edb9763ef03
Opcode Fuzzy Hash: 832d98851e0777dd2c62b64c93ea7a4164bec38ea830c896cbdafa3668d789cd
Instruction Fuzzy Hash: 17613992D101249AFB208B25DC54BFB677AEFD5710F2081FAD80D97280E6395EC1CB62

Function 00B9C5A7 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9cb821d65bbde9f3eb1e7800ac856a15f8ab2747194cc6fe64a82ee2deb985
Instruction ID: 224aa59ffa7d1f238e8c499479d132a35c5d4abf89b659571cf21a743ebf54f2
Opcode Fuzzy Hash: 1b9cb821d65bbde9f3eb1e7800ac856a15f8ab2747194cc6fe64a82ee2deb985
Instruction Fuzzy Hash: 55615792E141249AFB208B25DC55BFB6A7AEFD5710F2081FAD40D97280E63D5EC1CB62

Function 00B3F390 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25d6f13d96f0329ce9fb6529ccff2f4e0c937e5930e3c0a21d265d3ea7deaefb
Instruction ID: 807fe2e6fc57820c93d2ddee7320e38738dd8ff64dfc4a8ce4454a231d3dbf63
Opcode Fuzzy Hash: 25d6f13d96f0329ce9fb6529ccff2f4e0c937e5930e3c0a21d265d3ea7deaefb
Instruction Fuzzy Hash: BB6107A2D005259BF7248B28EC84AF77779EF90310F2482F6EC0D97690E67D5EC58A91

Function 00B9B82D Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f659bf2f27c9f901cb09c8f9d879e7767306be3c59a08a150f39c56f89879215
Instruction ID: 86a2a3537204ab2015bc570b86002b5f80ba6dd28da8b3ef3542e782812e3d99
Opcode Fuzzy Hash: f659bf2f27c9f901cb09c8f9d879e7767306be3c59a08a150f39c56f89879215
Instruction Fuzzy Hash: 8961E2B2C042689FDB249F24EDD4AEABBB4FB41310F1441FAD94D96241EB395EC1CB51

Function 00B9C471 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91e8bd2bd82c5572c0409a98e75a57955b75263376d4c9a4362373276991b4fa
Instruction ID: 979616e1e9f3b1fdde1c098c75d49c66286bcce85b99ee8e30b9d58f2de1f567
Opcode Fuzzy Hash: 91e8bd2bd82c5572c0409a98e75a57955b75263376d4c9a4362373276991b4fa
Instruction Fuzzy Hash: F8514A92D101249AFB208B35DC54BFB6B7AEFC5710F2081FAD40D97280E6395EC1CB62

Function 00B42585 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afc7240aabf3e0dd2167a22f4747a8554d4878024a54f157d3f48d39efcca64a
Instruction ID: 4fe27c457ec9b3bfef1209d8072afe0cb2a658db5162c5097204dd5c77934705
Opcode Fuzzy Hash: afc7240aabf3e0dd2167a22f4747a8554d4878024a54f157d3f48d39efcca64a
Instruction Fuzzy Hash: C75137A1C042648AF7248B24DD91BFB77B5FF81310F5481FAE84D56281D7384FC2EA51

Function 00B3C35D Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0137ab2d450b1a22e458c0f053bb61cfa111a451ec261a45b788261a1d578b04
Instruction ID: 7e5b7438065528ad6ad8ac7c63205159fb959aecac6952b32a8bc23441fd818e
Opcode Fuzzy Hash: 0137ab2d450b1a22e458c0f053bb61cfa111a451ec261a45b788261a1d578b04
Instruction Fuzzy Hash: 8351E5E2C155149AF7288B65EC85BFB7B75EB84310F24C2FAE40E66680E5381EC1CF52

Function 00B3E282 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be0fac538c12bcbe271e6dd786a1e62ab624e7b4cd7ce265b4bdcfc12f23cb41
Instruction ID: 081ca300c81b77e586f3dc8be67773c0194d47e84abcbcb8227a863070ed4ef8
Opcode Fuzzy Hash: be0fac538c12bcbe271e6dd786a1e62ab624e7b4cd7ce265b4bdcfc12f23cb41
Instruction Fuzzy Hash: 6B5139A3D151289FFB248B64EC85BE77769EF41310F1541F6D84D66280E63C5EC2CA92

Function 00B4279E Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef77fe375ce3e86d625b1025a709553aaa9c9c7d5860eb1d35f4ce1907362c02
Instruction ID: 6e6e1fb6e6539223c3419935d43f4e4723c1a34d2abe827a9c90f55045316371
Opcode Fuzzy Hash: ef77fe375ce3e86d625b1025a709553aaa9c9c7d5860eb1d35f4ce1907362c02
Instruction Fuzzy Hash: DC5137A2D142644BF7248B24DC91BFB7779FF91310F5481FAE84E42281E6385FC5DA52

Function 00B3C0BA Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0bcb3cc996609ea270a97a8d58a6f82270d96b31bc194f9983395b1fbd93eb6
Instruction ID: 98ffc88b623a6cce4ca5b6d2cfc49e62eabd6e1bf1f361e0cc877f95fe682040
Opcode Fuzzy Hash: f0bcb3cc996609ea270a97a8d58a6f82270d96b31bc194f9983395b1fbd93eb6
Instruction Fuzzy Hash: 0E51D2A2815525DAFB248BA5DC84AFBB7B6EB84710F20C1FAD40D75684E6385EC1CF21

Function 00B9C4F5 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3d29b8a02d2230f063a557fdccbe5a0738f2fc64115db09a3911d2643a0b5d
Instruction ID: af36f2507bd3d8398265cd1912f9107a27904085f4b83cfa7e236cdd86c782e9
Opcode Fuzzy Hash: bf3d29b8a02d2230f063a557fdccbe5a0738f2fc64115db09a3911d2643a0b5d
Instruction Fuzzy Hash: D0515992E141159AFB208B34DD44BFB6679EF95700F2091FAD44DD7280EA3E5EC18B63

Function 00B9C282 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7153ce8a0d988c54a6124e676f1b62ef68f0e23671f24698c29c2eb49b126b95
Instruction ID: 9ec8c304227dd0d927a55e0f48764bec578b015f716b073ccf59294e22434776
Opcode Fuzzy Hash: 7153ce8a0d988c54a6124e676f1b62ef68f0e23671f24698c29c2eb49b126b95
Instruction Fuzzy Hash: 8A5127A2D141559AF7208B25DC44BF77B3AEF91310F1081FAD40DC7685D67E8EC68B22

Function 00B56565 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c99d1672ed1c770a0994a562f9736a1b6421944077d8dd958796ef2ee7928ff
Instruction ID: 795503cf877d07d2e6ac44a0226e8dfbb92970ad2df21d7ed8a023408102c620
Opcode Fuzzy Hash: 2c99d1672ed1c770a0994a562f9736a1b6421944077d8dd958796ef2ee7928ff
Instruction Fuzzy Hash: CC51A3B1A01205CFEB28CF59D9817AABBF0FB48306F54C5A9C911EB250D3B89E04CF50

Function 00B97418 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334806156.0000000000B90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe1196be9691b295e79d5c6987db17e17c954d86ec434230c486cf5f600f44aa
Instruction ID: 38b6bb176d24684dd1d2a02ddf4360b14d810c40fdaf117004e47faf81e25fd7
Opcode Fuzzy Hash: fe1196be9691b295e79d5c6987db17e17c954d86ec434230c486cf5f600f44aa
Instruction Fuzzy Hash: 6F4127A2E081649AEB248B25DC41AFFB7F5EFD5700F1081FAE44D96240E63C4AC2CB52

Function 00B3C0C1 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50b83d284abb6a08a95ceb79507c8ba4ec19232c9a96bd1d2d1d03073eaf3fab
Instruction ID: f4c02cbabd3afcf7dd8aa85be6a53e70359489f6629a9c028545397b19a31091
Opcode Fuzzy Hash: 50b83d284abb6a08a95ceb79507c8ba4ec19232c9a96bd1d2d1d03073eaf3fab
Instruction Fuzzy Hash: 3341D4A2815525DAF7248B69DC84BFBB775EB84310F20C2FAD40DA6684E6381EC1CF11

Function 00B45E87 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9786eeda9ff16d8fc223fd39e3999591cda13721f48248c8b5b21c460bfea866
Instruction ID: a2092b40407a847a691b387a36840d461f0c4c4e4798fcfc3a3fd1a517d6f0ec
Opcode Fuzzy Hash: 9786eeda9ff16d8fc223fd39e3999591cda13721f48248c8b5b21c460bfea866
Instruction Fuzzy Hash: 8A41A0A2D015385AE7248B14DC91AFBB7B9EF55310F0440FAE80D62380E6795FC1CAA2

Function 00B4F061 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81f5c3a184a8814c7ea1d5ed56103c383d90568fa819f7f39f058a410a2ff9a9
Instruction ID: b62cc4d15cabb8df616683dc2924bf7f2039abcb9868aa4dcddc8f9d99417317
Opcode Fuzzy Hash: 81f5c3a184a8814c7ea1d5ed56103c383d90568fa819f7f39f058a410a2ff9a9
Instruction Fuzzy Hash: F841BEB2D080359BEB248A24DC94BF77BB9EB41314F1841FAD94D27241D7796FC0DA91

Function 00B33C95 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452c5824668edf7bbe0322207991df14b56860d3730b3ba7ea94afae636e8716
Instruction ID: dece91984fbb6880a83dbc8c69c2004754e297031d66f9eb88c948f2a59269c3
Opcode Fuzzy Hash: 452c5824668edf7bbe0322207991df14b56860d3730b3ba7ea94afae636e8716
Instruction Fuzzy Hash: ED4138F2C041559FF7108E60DC84BAB77F8DB81320F2480FBDC0A5A641E679AEC58E62

Function 00B3D30E Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8016b5b95b5a54ff1c093efdf719769a78a3d575d7dd3fa75ed35e1191afe7cc
Instruction ID: 4c591e27604dc2fae8ed8396421a6c15f2860d7fe530427883d790b2dbc8f1af
Opcode Fuzzy Hash: 8016b5b95b5a54ff1c093efdf719769a78a3d575d7dd3fa75ed35e1191afe7cc
Instruction Fuzzy Hash: 4A41D4A2D181549BE3209A25EC84FE77BB9EFC5324F2581FAD44C4A641C1395EC7CA52

Function 00B3C104 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7049b93cf88e84cff4947081ba4ffdcc86ef9cf3618d7bb1a50d0d9e124730a
Instruction ID: 992977088dcb7aeb7c611579350d71fc6aba91ded9836326f46e997e68ed47c4
Opcode Fuzzy Hash: e7049b93cf88e84cff4947081ba4ffdcc86ef9cf3618d7bb1a50d0d9e124730a
Instruction Fuzzy Hash: 564115E28151159AFB248B69DC84BFBB7B5EF84710F20C1FAD40DA5684E6385EC1CF25

Function 00B3C111 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0be83ebf1ae0e5c55cbd1350b25ea90fdb32308c23beaa246a83b3a1421bc53f
Instruction ID: 2309c03c8e402ea3236e4188b448bba94c8812a2b3cd2188e77138244d6e6da9
Opcode Fuzzy Hash: 0be83ebf1ae0e5c55cbd1350b25ea90fdb32308c23beaa246a83b3a1421bc53f
Instruction Fuzzy Hash: 4541E4A28151159AFB208B65DC84BFBB7B5EF84710F20C1FAD44DA6684E6385EC1CF25

Function 00B3E00A Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2334726238.0000000000B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b30000_AdobeReaderPDFonline.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34ea49b75e61007fe92157f368dcae0a7d1e605d9751c44a0b1432f1fe6bd8a3
Instruction ID: 9b47b156fa8109f29a2b855eb63ade4977b95c3966b712532de5402c7cc0b9c5
Opcode Fuzzy Hash: 34ea49b75e61007fe92157f368dcae0a7d1e605d9751c44a0b1432f1fe6bd8a3
Instruction Fuzzy Hash: 694129B2D1516C8AEB648B64DC80BE7B7B5EF85310F1441F6D84DA7240E6789EC1CB52

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AdobeReaderPDFonline.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Documents\Elaborate Bytes\HD Tach\hdtach.exe

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
AdobeReaderPDFonline.exe

Function 00B31939 Relevance: 38.9, APIs: 1, Strings: 21, Instructions: 447
COMMON

Function 00B40B6E Relevance: 33.7, APIs: 1, Strings: 18, Instructions: 415
COMMON

Function 00B40E2E Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 393
COMMON

Function 00B40BB0 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 376
threadCOMMON

Function 00B40A21 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 341
threadCOMMON

Function 00B41199 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 329
COMMON

Function 00B411A6 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 321
COMMON

Function 00B41221 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 292
COMMON

Function 00B412C3 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 284
COMMON

Function 00B41559 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 284
COMMON

Function 00B412CE Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 283
COMMON

Function 00B40C1F Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 280
COMMON

Function 00B41568 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 279
COMMON

Function 00B41011 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 272
COMMON