Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Analysis Report acrotray.exe

Overview

General Information

Sample Name:acrotray.exe
Analysis ID:416537
MD5:0efd56703e827aa5a659757894edba29
SHA1:961fc525a5f20787db5fd142142731f20b0aab89
SHA256:ffec24790b71877c472fd59cb117935e894ea1de0ea1d9811a3d551e8339ddc5
Infos:

Most interesting Screenshot:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
PE file contains strange resources
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Startup

  • System is w10x64
  • acrotray.exe (PID: 7056 cmdline: 'C:\Users\user\Desktop\acrotray.exe' MD5: 0EFD56703E827AA5A659757894EDBA29)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: acrotray.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
Source: acrotray.exeStatic PE information: certificate valid
Source: acrotray.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: AcroTray.pdb source: acrotray.exe
Source: acrotray.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: acrotray.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: acrotray.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: acrotray.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: acrotray.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: acrotray.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: acrotray.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: acrotray.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: acrotray.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: acrotray.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: acrotray.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: acrotray.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: acrotray.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: acrotray.exeString found in binary or memory: http://ocsp.digicert.com0H
Source: acrotray.exeString found in binary or memory: http://ocsp.digicert.com0I
Source: acrotray.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: acrotray.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: acrotray.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: acrotray.exeString found in binary or memory: https://ims-na1-stg1.adobelogin.com
Source: acrotray.exeString found in binary or memory: https://ims-prod06.adobelogin.com
Source: acrotray.exeString found in binary or memory: https://lcs-cops-dev.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-cops-dev.adobe.iohttps://lcs-cops-stage.adobe.iohttps://lcs-cops.adobe.iohttps://lcs-rob
Source: acrotray.exeString found in binary or memory: https://lcs-cops-stage.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-cops.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-robs-dev.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-robs-stage.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-robs.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-ulecs-dev.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-ulecs-stage.adobe.io
Source: acrotray.exeString found in binary or memory: https://lcs-ulecs.adobe.io
Source: acrotray.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015FE3FF0_2_015FE3FF
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015E3B850_2_015E3B85
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015F2D900_2_015F2D90
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_013205D00_2_013205D0
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_0160DF510_2_0160DF51
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_0160F7830_2_0160F783
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_0160F6630_2_0160F663
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015E9EBF0_2_015E9EBF
Source: acrotray.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: acrotray.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: acrotray.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
Source: classification engineClassification label: clean3.winEXE@1/0@0/0
Source: acrotray.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\acrotray.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: acrotray.exeStatic PE information: certificate valid
Source: acrotray.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: acrotray.exeStatic file information: File size 5237432 > 1048576
Source: acrotray.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x35d600
Source: acrotray.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x153a00
Source: acrotray.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: acrotray.exeStatic PE information: More than 200 imports for USER32.dll
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: acrotray.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: acrotray.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: AcroTray.pdb source: acrotray.exe
Source: acrotray.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: acrotray.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: acrotray.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: acrotray.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: acrotray.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015CD6DA push ecx; ret 0_2_015CD6ED
Source: C:\Users\user\Desktop\acrotray.exeAPI coverage: 8.7 %
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015E60A1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_015E60A1
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_014715D0 OutputDebugStringA,GetLastError,0_2_014715D0
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015FD2FF mov eax, dword ptr fs:[00000030h]0_2_015FD2FF
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_01606564 mov eax, dword ptr fs:[00000030h]0_2_01606564
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_016065A8 mov eax, dword ptr fs:[00000030h]0_2_016065A8
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015E60A1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_015E60A1
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015CCD44 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_015CCD44
Source: acrotray.exe, 00000000.00000002.912298828.0000000005A20000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: acrotray.exe, 00000000.00000002.912298828.0000000005A20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: acrotray.exe, 00000000.00000002.912298828.0000000005A20000.00000002.00000001.sdmpBinary or memory string: Progman
Source: acrotray.exe, 00000000.00000002.912298828.0000000005A20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\acrotray.exeCode function: EnumSystemLocalesW,0_2_0160194D
Source: C:\Users\user\Desktop\acrotray.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0160B3FF
Source: C:\Users\user\Desktop\acrotray.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0160BBA6
Source: C:\Users\user\Desktop\acrotray.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0160BD7B
Source: C:\Users\user\Desktop\acrotray.exeCode function: GetLocaleInfoW,0_2_01601F06
Source: C:\Users\user\Desktop\acrotray.exeCode function: EnumSystemLocalesW,0_2_0160B78D
Source: C:\Users\user\Desktop\acrotray.exeCode function: EnumSystemLocalesW,0_2_0160B6F2
Source: C:\Users\user\Desktop\acrotray.exeCode function: EnumSystemLocalesW,0_2_0160B6A7
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_015E13B2 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_015E13B2
Source: C:\Users\user\Desktop\acrotray.exeCode function: 0_2_01606102 _free,GetTimeZoneInformation,_free,0_2_01606102

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Process Injection1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsObfuscated Files or Information1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 416537 Sample: acrotray.exe Startdate: 18/05/2021 Architecture: WINDOWS Score: 3 4 acrotray.exe 28 2->4         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
acrotray.exe0%VirustotalBrowse
acrotray.exe0%MetadefenderBrowse
acrotray.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://ims-prod06.adobelogin.comacrotray.exefalse
    		high
    https://ims-na1-stg1.adobelogin.comacrotray.exefalse
      		high

      Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox Version:32.0.0 Black Diamond
      Analysis ID:416537
      Start date:18.05.2021
      Start time:17:24:01
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 5m 25s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:acrotray.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:14
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:CLEAN
      Classification:clean3.winEXE@1/0@0/0
      EGA Information:
      • Successful, ratio: 100%
      HDC Information:Failed
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .exe

      Simulations

      TimeTypeDescription
      17:24:48API Interceptor1x Sleep call for process: acrotray.exe modified

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      No created / dropped files found

      Static File Info

      General

      File type:PE32 executable (GUI) Intel 80386, for MS Windows
      Entropy (8bit):6.543918593540032
      TrID:
      • Win32 Executable (generic) a (10002005/4) 99.96%
      • Generic Win/DOS Executable (2004/3) 0.02%
      • DOS Executable Generic (2002/1) 0.02%
      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
      File name:acrotray.exe
      File size:5237432
      MD5:0efd56703e827aa5a659757894edba29
      SHA1:961fc525a5f20787db5fd142142731f20b0aab89
      SHA256:ffec24790b71877c472fd59cb117935e894ea1de0ea1d9811a3d551e8339ddc5
      SHA512:9fc352d50d696c06d6152d234602bdb258c38c09133c51dfbcbd2cc96a1b7fad24be224490aa04939aabcb0f4714a6d8056c43bc1b7b3f0e2839872877192604
      SSDEEP:98304:7p1b6LZnQMQqwF6ozbwInnsAY25FzvMEL5Up8oOvuwg8KX:7Pb6LZn9gwE1jMfp8oOvuw8X
      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y.Z.y.Z.y.Z...[.y.Z...[.y.Z...[.y.Z...[.y.Z...[.x.Z.%.Z.y.Z...[.y.Z...[.y.Z...[.y.Z.y.Z.z.ZW..[oy.ZW..Z.y.Z.y{Z.y.ZW..[.y.

      File Icon

      Icon Hash:52784ccccc6c7212

      Static PE Info

      General

      Entrypoint:0x6bd6d0
      Entrypoint Section:.text
      Digitally signed:true
      Imagebase:0x400000
      Subsystem:windows gui
      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
      DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Time Stamp:0x608804EF [Tue Apr 27 12:34:55 2021 UTC]
      TLS Callbacks:
      CLR (.Net) Version:
      OS Version Major:6
      OS Version Minor:0
      File Version Major:6
      File Version Minor:0
      Subsystem Version Major:6
      Subsystem Version Minor:0
      Import Hash:fb9ac20eb92c6f6df3332aefc61ccf20

      Authenticode Signature

      Signature Valid:true
      Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
      Signature Validation Error:The operation completed successfully
      Error Number:0
      Not Before, Not After
      • 12/19/2020 1:00:00 AM 12/22/2022 12:59:59 AM
      Subject Chain
      • CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
      Version:3
      Thumbprint MD5:1ED822CC08BA08413C4A60023E0D590C
      Thumbprint SHA-1:5DA6AD39FC524D0D2BEC6741DFDBF67DF5AF3ECA
      Thumbprint SHA-256:B184F0677143FFA39C7DABF083FB0B613015CEA696DFDEBA11D5CAFD4CF8B8D8
      Serial:011F39A2261A993DD15176DA6FE4FBEA
      Instruction
      call 00007F7E18846C7Bh
      jmp 00007F7E1884668Dh
      mov ecx, dword ptr [ebp-0Ch]
      mov dword ptr fs:[00000000h], ecx
      pop ecx
      pop edi
      pop edi
      pop esi
      pop ebx
      mov esp, ebp
      pop ebp
      push ecx
      ret
      mov ecx, dword ptr [ebp-10h]
      xor ecx, ebp
      call 00007F7E188452DFh
      jmp 00007F7E188467F0h
      mov ecx, dword ptr [ebp-14h]
      xor ecx, ebp
      call 00007F7E188452CEh
      jmp 00007F7E188467DFh
      push eax
      push dword ptr fs:[00000000h]
      lea eax, dword ptr [esp+0Ch]
      sub esp, dword ptr [esp+0Ch]
      push ebx
      push esi
      push edi
      mov dword ptr [eax], ebp
      mov ebp, eax
      mov eax, dword ptr [008B4BE4h]
      xor eax, ebp
      push eax
      push dword ptr [ebp-04h]
      mov dword ptr [ebp-04h], FFFFFFFFh
      lea eax, dword ptr [ebp-0Ch]
      mov dword ptr fs:[00000000h], eax
      ret
      push eax
      push dword ptr fs:[00000000h]
      lea eax, dword ptr [esp+0Ch]
      sub esp, dword ptr [esp+0Ch]
      push ebx
      push esi
      push edi
      mov dword ptr [eax], ebp
      mov ebp, eax
      mov eax, dword ptr [008B4BE4h]
      xor eax, ebp
      push eax
      mov dword ptr [ebp-10h], eax
      push dword ptr [ebp-04h]
      mov dword ptr [ebp-04h], FFFFFFFFh
      lea eax, dword ptr [ebp-0Ch]
      mov dword ptr fs:[00000000h], eax
      ret
      push eax
      push dword ptr fs:[00000000h]
      lea eax, dword ptr [esp+0Ch]
      sub esp, dword ptr [esp+0Ch]
      push ebx
      push esi
      push edi
      mov dword ptr [eax], ebp
      mov ebp, eax
      mov eax, dword ptr [008B4BE4h]
      NameVirtual AddressVirtual Size Is in Section
      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IMPORT0x4ae92c0x1b8.rdata
      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c70000x2630.rsrc
      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
      IMAGE_DIRECTORY_ENTRY_SECURITY0x4fce000x1cb8.reloc
      IMAGE_DIRECTORY_ENTRY_BASERELOC0x4ca0000x3bd34.reloc
      IMAGE_DIRECTORY_ENTRY_DEBUG0x45d3100x54.rdata
      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
      IMAGE_DIRECTORY_ENTRY_TLS0x45d40c0x18.rdata
      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x45d3680x40.rdata
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_IAT0x35f0000xb84.rdata
      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

      Sections

      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
      .text0x10000x35d4ca0x35d600unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      .rdata0x35f0000x15398c0x153a00False0.296027471706data5.53628818198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .data0x4b30000x133240xd400False0.207068101415data5.08019243413IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
      .rsrc0x4c70000x26300x2800False0.2740234375data3.3791928479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
      .reloc0x4ca0000x3bd340x3be00False0.482752152923data6.5955535729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
      NameRVASizeTypeLanguageCountry
      RT_ICON0x4c79080x2e8dataEnglishUnited States
      RT_ICON0x4c7bf00x130dataEnglishUnited States
      RT_ICON0x4c7d200x128GLS_BINARY_LSB_FIRSTEnglishUnited States
      RT_ICON0x4c7e780x128GLS_BINARY_LSB_FIRSTEnglishUnited States
      RT_ICON0x4c7fb80x2e8dataEnglishUnited States
      RT_ICON0x4c82b80x2e8dataEnglishUnited States
      RT_ICON0x4c85b80x2e8dataEnglishUnited States
      RT_ICON0x4c88b80x2e8dataEnglishUnited States
      RT_MENU0x4c75400xecdataEnglishUnited States
      RT_DIALOG0x4c76300x2d6dataEnglishUnited States
      RT_STRING0x4c8fa80x32dataEnglishUnited States
      RT_STRING0x4c8fe00x32dataEnglishUnited States
      RT_STRING0x4c90180xb6dataEnglishUnited States
      RT_STRING0x4c90d00xf6dataEnglishUnited States
      RT_STRING0x4c91c80x112dataEnglishUnited States
      RT_STRING0x4c92e00x50dataEnglishUnited States
      RT_GROUP_ICON0x4c7fa00x14dataEnglishUnited States
      RT_GROUP_ICON0x4c7e480x30dataEnglishUnited States
      RT_GROUP_ICON0x4c82a00x14dataEnglishUnited States
      RT_GROUP_ICON0x4c85a00x14dataEnglishUnited States
      RT_GROUP_ICON0x4c88a00x14dataEnglishUnited States
      RT_GROUP_ICON0x4c8ba00x14dataEnglishUnited States
      RT_VERSION0x4c8bb80x3ecdataEnglishUnited States
      RT_MANIFEST0x4c93300x2faXML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States
      DLLImport
      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
      WINHTTP.dllWinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpSendRequest, WinHttpSetTimeouts, WinHttpReceiveResponse, WinHttpCrackUrl, WinHttpOpen, WinHttpCloseHandle, WinHttpConnect, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpSetCredentials, WinHttpSetOption, WinHttpQueryHeaders, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpQueryAuthSchemes
      WININET.dllInternetSetOptionW
      KERNEL32.dllGetFileInformationByHandle, GetFileType, PeekNamedPipe, GetTimeZoneInformation, HeapQueryInformation, GetCommandLineA, GetCommandLineW, VirtualAlloc, VirtualQuery, SetStdHandle, ExitProcess, GlobalFree, GlobalAlloc, GetShortPathNameW, GetFileAttributesA, GetUserDefaultLCID, FindResourceW, SizeofResource, LockResource, LoadResource, LoadLibraryA, GetSystemInfo, GetModuleFileNameA, HeapSize, HeapReAlloc, MulDiv, IsBadWritePtr, DecodePointer, FileTimeToSystemTime, LoadLibraryW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, GetDriveTypeW, MoveFileExW, FreeLibraryAndExitThread, ExitThread, CreateThread, InterlockedFlushSList, InterlockedPushEntrySList, RtlUnwind, GetProcessAffinityMask, OutputDebugStringW, FreeLibrary, LCMapStringW, GetCPInfo, GetStringTypeW, GetNativeSystemInfo, GetVersionExW, GetComputerNameExW, GetWindowsDirectoryW, GetSystemDirectoryW, CreateProcessW, GetCurrentProcess, DeviceIoControl, SetLastError, RaiseException, OutputDebugStringA, GetTimeFormatW, GetDateFormatW, GetLocalTime, SetFileAttributesW, GetFileAttributesW, FindClose, DeleteFileW, ReadDirectoryChangesW, WaitForMultipleObjects, CreateEventW, ResetEvent, SetEvent, GetOverlappedResult, FindNextFileW, FindFirstFileW, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetCurrentProcessId, GetCurrentThreadId, CreateMutexW, WaitForSingleObject, ReleaseMutex, GetProcessHeap, HeapFree, HeapAlloc, FormatMessageW, LocalFree, lstrcpyA, WideCharToMultiByte, GetTempPathW, GetFileSizeEx, MultiByteToWideChar, GetCurrentDirectoryW, SetCurrentDirectoryW, lstrlenW, GetTickCount, Sleep, OpenMutexW, SetNamedPipeHandleState, GetLastError, CloseHandle, WriteFile, ReadFile, GetVolumeInformationW, CreateFileW, GetStdHandle, IsValidLocale, EnumSystemLocalesW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, ReadConsoleW, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW, CreateTimerQueue, SignalObjectAndWait, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, UnregisterWaitEx, QueryDepthSList, InterlockedPopEntrySList, ReleaseSemaphore, VirtualFree, GetModuleHandleExW, QueueUserWorkItem, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, FreeEnvironmentStringsW, GetThreadTimes, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GlobalSize, GlobalLock, GlobalUnlock, CopyFileW, FlushFileBuffers, GetFileSize, GetFullPathNameW, LockFile, SetEndOfFile, SetFilePointer, UnlockFile, DuplicateHandle, LoadLibraryExW, lstrcmpiW, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GlobalReAlloc, GlobalHandle, LocalAlloc, LocalReAlloc, CompareStringW, lstrcmpA, GlobalGetAtomNameW, FileTimeToLocalFileTime, GetFileAttributesExW, GetFileTime, SystemTimeToTzSpecificLocalTime, SetThreadPriority, ResumeThread, GlobalAddAtomW, GlobalFlags, lstrcmpW, EncodePointer, GlobalDeleteAtom, GlobalFindAtomW, GetCurrentThread, GetLocaleInfoW, GetUserDefaultUILanguage, VirtualProtect, lstrcpyW, FindResourceExW, VerSetConditionMask, VerifyVersionInfoW, GetProfileIntW, SearchPathW, GetTempFileNameW, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, TryEnterCriticalSection, QueryPerformanceFrequency, SwitchToThread
      USER32.dllGetWindow, RealChildWindowFromPoint, SetFocus, SetScrollPos, GetScrollPos, GetDlgItem, CheckDlgButton, IsDialogMessageW, DrawTextExW, GrayStringW, TabbedTextOutW, GetWindowDC, FillRect, EnableMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, SetMenuItemInfoW, LoadBitmapW, GetMessagePos, GetMessageTime, CallWindowProcW, RegisterClassW, GetClassInfoW, IsMenu, IsChild, GetWindowPlacement, SetWindowPlacement, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, IsIconic, GetCapture, GetMenu, SetMenu, UpdateWindow, SetActiveWindow, RedrawWindow, ScrollWindow, SetScrollRange, GetScrollRange, ShowScrollBar, SetPropW, GetPropW, RemovePropW, MapWindowPoints, CopyRect, EqualRect, GetClassLongW, GetTopWindow, LoadIconW, SetScrollInfo, GetScrollInfo, WinHelpW, MonitorFromWindow, InflateRect, IntersectRect, GetMenuItemInfoW, CopyImage, SendDlgItemMessageA, SetRectEmpty, OffsetRect, CreateDialogIndirectParamW, EndDialog, GetNextDlgTabItem, MapDialogRect, ShowOwnedPopups, SetCursor, DeleteMenu, InvalidateRect, TrackMouseEvent, GetNextDlgGroupItem, SetCapture, ReleaseCapture, WindowFromPoint, DrawFocusRect, IsRectEmpty, DrawIconEx, GetIconInfo, SetWindowTextW, EnableScrollBar, HideCaret, InvertRect, NotifyWinEvent, CreatePopupMenu, GetMenuDefaultItem, MapVirtualKeyW, GetKeyNameTextW, SetLayeredWindowAttributes, EnumDisplayMonitors, OpenClipboard, CloseClipboard, AppendMenuW, GetDlgCtrlID, DrawStateW, SetWindowRgn, SetParent, DrawEdge, DrawFrameControl, IsZoomed, GetSystemMenu, BringWindowToTop, SetCursorPos, CopyIcon, FrameRect, DrawIcon, UnionRect, UpdateLayeredWindow, MonitorFromPoint, LoadAcceleratorsW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, GetComboBoxInfo, PostThreadMessageW, WaitMessage, GetKeyboardLayout, IsCharLowerW, MapVirtualKeyExW, ToUnicodeEx, GetKeyboardState, CreateAcceleratorTableW, DestroyAcceleratorTable, CopyAcceleratorTableW, LockWindowUpdate, SetMenuDefaultItem, GetDoubleClickTime, ModifyMenuW, RegisterClipboardFormatW, CharUpperBuffW, IsClipboardFormatAvailable, GetUpdateRect, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, SubtractRect, CreateMenu, GetWindowRgn, DestroyCursor, SetRect, GetMessageW, TranslateMessage, DispatchMessageW, DefWindowProcW, PostQuitMessage, RegisterClassExW, GetClassInfoExW, CreateWindowExW, DestroyWindow, SetWindowPos, EnableWindow, GetWindowRect, GetWindowLongW, SetWindowLongW, GetActiveWindow, MessageBoxW, SendMessageW, IsWindow, PtInRect, MessageBeep, FindWindowW, GetDesktopWindow, LoadCursorW, GetAncestor, GetSystemMetrics, MonitorFromRect, GetMonitorInfoW, LoadStringW, WaitForInputIdle, IsWindowVisible, CreateDialogParamW, SetDlgItemTextW, SendDlgItemMessageW, SetTimer, KillTimer, LoadMenuW, DestroyMenu, CheckMenuItem, GetSubMenu, TrackPopupMenu, DrawTextW, GetForegroundWindow, SetForegroundWindow, BeginPaint, EndPaint, GetCursorPos, ClientToScreen, GetFocus, DestroyIcon, CallNextHookEx, SetWindowsHookExW, ValidateRect, GetKeyState, PeekMessageW, GetWindowTextLengthW, GetWindowTextW, GetSysColorBrush, GetLastActivePopup, GetWindowThreadProcessId, IsWindowEnabled, UnhookWindowsHookEx, CharUpperW, EmptyClipboard, InsertMenuW, PostMessageW, GetClientRect, AdjustWindowRectEx, ShowWindow, GetMenuItemCount, GetMenuItemID, GetMenuState, GetMenuStringW, RemoveMenu, ReleaseDC, GetDC, GetAsyncKeyState, SetClipboardData, ScreenToClient, GetSysColor, SetClassLongW, GetParent, EnumThreadWindows, SystemParametersInfoW, FindWindowExW, MoveWindow, RegisterWindowMessageW, LoadImageW, GetClassNameW
      GDI32.dllRestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectPalette, SetBkMode, SetMapMode, SetLayout, GetLayout, SetPolyFillMode, SetROP2, SetTextAlign, RectVisible, GetObjectW, MoveToEx, TextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CombineRgn, CreateFontIndirectW, CreateRectRgnIndirect, PtVisible, PatBlt, SetRectRgn, DPtoLP, GetTextExtentPoint32W, GetTextMetricsW, EnumFontFamiliesExW, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, CreateSolidBrush, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateCompatibleDC, CreateBitmap, BitBlt, DeleteObject, DeleteDC, CreateDCW, GetTextFaceW, GetViewportOrgEx, GetWindowOrgEx, SetPixelV, SetPaletteEntries, ExtFloodFill, PtInRegion, GetBoundsRect, FrameRgn, FillRgn, RoundRect, OffsetRgn, GetRgnBox, Rectangle, LPtoDP, CreateRoundRectRgn, Polyline, Polygon, CreatePolygonRgn, GetTextColor, Ellipse, CreateEllipticRgn, SetDIBColorTable, CreateDIBSection, StretchBlt, CopyMetaFileW, GetTextCharsetInfo, EnumFontFamiliesW, CreateDIBitmap, CreateCompatibleBitmap, GetBkColor, RealizePalette, GetDeviceCaps, GetStockObject, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, GetSystemPaletteEntries, GetPaletteEntries, GetNearestPaletteIndex, CreatePalette, SetPixel
      WINSPOOL.DRVGetJobW, ClosePrinter, OpenPrinterW, DocumentPropertiesW
      ADVAPI32.dllCredWriteW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegEnumKeyExW, CredReadW, CredEnumerateW, CredDeleteW, CredFree, GetUserNameW, RegDeleteKeyExW, RegEnumValueW, RegFlushKey, RegOpenKeyW, RegOpenKeyExA, RegQueryValueExA, RegDeleteValueW, RegNotifyChangeKeyValue, RegCreateKeyA, RegCreateKeyW, RegDeleteKeyW, RegOpenKeyA, RegQueryValueW, RegDeleteKeyA, RegSetValueExA, RegCloseKey
      SHELL32.dllDragQueryFileW, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetFileInfoW, SHGetKnownFolderPath, ShellExecuteW, Shell_NotifyIconW, SHBrowseForFolderW, SHAppBarMessage, DragFinish, SHCreateDirectoryExW
      ole32.dllOleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleSetContainedObject, OleLockRunning, OleInitialize, OleUninitialize, DoDragDrop, CreateStreamOnHGlobal, CoInitializeEx, CoInitialize, CoUninitialize, CoCreateInstance, CoDisconnectObject, ReleaseStgMedium, OleDuplicateData, OleCreate, CoTaskMemAlloc, CoTaskMemFree, CoCreateGuid
      OLEAUT32.dllVariantClear, VariantInit, SafeArrayAccessData, SafeArrayGetLBound, SafeArrayGetUBound, SysStringLen, SysFreeString, SysAllocStringLen, LoadTypeLib, SystemTimeToVariantTime, VariantTimeToSystemTime, SysAllocString, VariantCopy, VarBstrFromDate, VariantChangeType
      MSIMG32.dllTransparentBlt, AlphaBlend
      SHLWAPI.dllUrlEscapeW, PathAddExtensionW, PathAppendW, PathFindFileNameW, PathIsDirectoryW, PathIsFileSpecW, PathRemoveExtensionW, PathRemoveFileSpecW, PathRenameExtensionW, UrlCanonicalizeW, PathIsUNCW, PathStripToRootW, PathFindExtensionW, StrFormatKBSizeW, PathFileExistsW
      UxTheme.dllGetThemeSysColor, IsThemeBackgroundPartiallyTransparent, IsAppThemed, GetWindowTheme, DrawThemeText, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetThemeColor, GetCurrentThemeName, GetThemePartSize
      bcrypt.dllBCryptDestroyKey, BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptSetProperty, BCryptDestroyHash, BCryptCloseAlgorithmProvider, BCryptFinishHash, BCryptHashData, BCryptCreateHash, BCryptVerifySignature, BCryptGetProperty, BCryptOpenAlgorithmProvider, BCryptDecrypt
      CRYPT32.dllCertFindCertificateInStore, CertCloseStore, CertOpenStore, CryptImportPublicKeyInfoEx2, CryptHashCertificate2, CertCreateCertificateContext, CertVerifySubjectCertificateContext, CertFreeCertificateContext, CryptUnprotectData, CryptProtectData, CryptStringToBinaryW, CertAddCertificateContextToStore
      Secur32.dllGetUserNameExW
      gdiplus.dllGdipCreateFromHDC, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipDeleteGraphics, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipDisposeImage, GdipCloneImage, GdiplusStartup, GdipFree, GdipAlloc, GdiplusShutdown, GdipDrawImageRectI, GdipSetInterpolationMode
      OLEACC.dllLresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject
      IMM32.dllImmReleaseContext, ImmGetOpenStatus, ImmGetContext
      WINMM.dllPlaySoundW
      DescriptionData
      LegalCopyrightCopyright Adobe Systems Inc. 1992-2021
      InternalNameAcroTray
      FileVersion21.1.20155.433178
      CompanyNameAdobe Systems Inc.
      PrivateBuild
      LegalTrademarks
      Comments
      ProductNameAcroTray - Adobe Acrobat Distiller helper application.
      SpecialBuild
      ProductVersion21.1.20155.433178
      FileDescriptionAcroTray
      OriginalFilenameAcroTray.exe
      Translation0x0409 0x04b0

      Possible Origin

      Language of compilation systemCountry where language is spokenMap
      EnglishUnited States

      Network Behavior

      No network behavior found

      Code Manipulations

      Statistics

      CPU Usage

      050100s020406080100

      Click to jump to process

      Memory Usage

      050100s0.0051015MB

      Click to jump to process

      High Level Behavior Distribution

      • File
      • Registry

      Click to dive into process behavior distribution

      System Behavior

      Analysis Process: acrotray.exe PID: 7056 Parent PID: 6072

      Function Logs

      General

      Start time:17:24:47
      Start date:18/05/2021
      Path:C:\Users\user\Desktop\acrotray.exe
      Wow64 process (32bit):true
      Commandline:'C:\Users\user\Desktop\acrotray.exe'
      Imagebase:0x1310000
      File size:5237432 bytes
      MD5 hash:0EFD56703E827AA5A659757894EDBA29
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Show Windows behavior

      File Activities

      Show Windows behavior

      Section Activities

      Show Windows behavior

      Registry Activities

      Show Windows behavior

      Mutex Activities

      Show Windows behavior

      Process Activities

      Show Windows behavior

      Thread Activities

      Show Windows behavior

      Memory Activities

      Show Windows behavior

      System Activities

      Show Windows behavior

      Timing Activities

      Show Windows behavior

      Windows UI Activities

      Show Windows behavior

      LPC Port Activities

      Disassembly

      Code Analysis

      Analysis Process: acrotray.exe PID: 7056 Parent PID: 6072 acrotray.exeCOMMON

      Execution Graph

      Execution Coverage

      Dynamic/Packed Code Coverage

      Signature Coverage

      Execution Coverage:3.6%
      Dynamic/Decrypted Code Coverage:0%
      Signature Coverage:2%
      Total number of Nodes:1523
      Total number of Limit Nodes:21

      Graph

      Show Legend
      Hide Nodes/Edges
      execution_graph 15185 13199b0 15190 15cf9b5 15185->15190 15188 15cc44d 28 API calls 15189 13199ef 15188->15189 15193 15cf677 15190->15193 15192 13199de 15192->15188 15194 15cf688 15193->15194 15195 15cf5c4 15193->15195 15194->15192 15195->15194 15198 15e14d2 15195->15198 15197 15cf5d6 15197->15192 15199 15e14e7 RtlInitializeConditionVariable 15198->15199 15199->15197 15205 131ca30 15208 15e211a 15205->15208 15209 15e2127 15208->15209 15215 131ca76 15208->15215 15210 15e6465 _Yarn 15 API calls 15209->15210 15209->15215 15211 15e2144 15210->15211 15214 15e2154 15211->15214 15216 15e5fde 15211->15216 15225 15e67a6 15214->15225 15217 15e5ff9 15216->15217 15218 15e5feb 15216->15218 15219 15ec55c __dosmaperr 14 API calls 15217->15219 15218->15217 15222 15e6010 15218->15222 15220 15e6001 15219->15220 15221 15e624d __cftoe 25 API calls 15220->15221 15223 15e600b 15221->15223 15222->15223 15224 15ec55c __dosmaperr 14 API calls 15222->15224 15223->15214 15224->15220 15226 16015d5 _free 14 API calls 15225->15226 15227 15e67be 15226->15227 15227->15215 15228 131cab0 15231 15e217d 15228->15231 15230 131caef std::ios_base::_Ios_base_dtor 15232 15e218a 15231->15232 15234 15e2191 15231->15234 15233 15e67a6 ___std_exception_destroy 14 API calls 15232->15233 15233->15234 15234->15230 15287 15cd6d0 15290 15cdb3b 15287->15290 15289 15cd6d5 15289->15289 15291 15cdb51 15290->15291 15292 15cdb5a 15291->15292 15294 15cdaee GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 15291->15294 15292->15289 15294->15292 15300 1312120 15301 15cc44d 28 API calls 15300->15301 15302 1312339 15301->15302 15356 131c2a0 15374 131c220 OpenMutexW 15356->15374 15359 131c2b2 15366 131c2ea 15359->15366 15382 15cc1ba 15359->15382 15362 131c2c5 __cftof 15362->15366 15386 131c060 15362->15386 15364 131c2e3 15365 131c2f8 GetTickCount 15364->15365 15364->15366 15367 131c305 15365->15367 15391 131c3d0 CreateFileW 15367->15391 15369 131c314 15370 131c351 15369->15370 15371 131c32b Sleep 15369->15371 15372 131c338 15371->15372 15372->15370 15373 131c3d0 11 API calls 15372->15373 15373->15370 15375 131c243 GetLastError 15374->15375 15376 131c236 CloseHandle 15374->15376 15377 131c23d 15375->15377 15376->15377 15377->15359 15378 131c260 OpenMutexW 15377->15378 15379 131c283 GetLastError 15378->15379 15380 131c276 CloseHandle 15378->15380 15381 131c27d 15379->15381 15380->15381 15381->15359 15383 15ccac1 15382->15383 15384 1492ee5 std::_Facet_Register 15 API calls 15383->15384 15385 15ccaf6 15384->15385 15385->15362 15387 15cc1ba 15 API calls 15386->15387 15388 131c074 __cftof 15387->15388 15390 131c09a 15388->15390 15401 131c110 15388->15401 15390->15364 15392 131c3f9 GetLastError 15391->15392 15393 131c40f SetNamedPipeHandleState 15391->15393 15392->15369 15394 131c443 GetLastError CloseHandle 15393->15394 15395 131c429 WriteFile 15393->15395 15394->15369 15395->15394 15396 131c464 15395->15396 15397 131c4a7 CloseHandle 15396->15397 15411 131c4c0 15396->15411 15397->15369 15399 131c476 15399->15397 15400 131c47f WriteFile 15399->15400 15400->15397 15402 131c13a __cftof 15401->15402 15403 131c14d GetVolumeInformationW 15402->15403 15404 131c1aa 15403->15404 15405 131c1be lstrlenW 15403->15405 15404->15405 15406 131c1ca 15405->15406 15408 131c1cf 15405->15408 15407 131c220 3 API calls 15406->15407 15407->15408 15409 15cc1c3 mtx_do_lock 5 API calls 15408->15409 15410 131c20f 15409->15410 15410->15390 15412 131c4d0 ReadFile 15411->15412 15413 131c51b 15412->15413 15414 131c4ef GetLastError 15412->15414 15413->15399 15415 131c512 15414->15415 15416 131c504 Sleep 15414->15416 15415->15399 15416->15412 15416->15415 14636 1489d50 14637 1489db0 14636->14637 14637->14637 14642 1320a20 14637->14642 14639 1489dc0 14651 1489c80 14639->14651 14643 1320a60 14642->14643 14644 1320a38 14642->14644 14645 1320afd 14643->14645 14646 131cc60 27 API calls 14643->14646 14644->14639 14648 1320aa7 _Yarn 14646->14648 14647 1320ae5 14647->14639 14648->14647 14649 131ccd0 25 API calls 14648->14649 14650 1320ad5 14649->14650 14650->14639 14672 14714e0 14651->14672 14653 1489cc4 14654 1489cca 14653->14654 14655 1489d42 14653->14655 14680 1489f10 14654->14680 14657 1489cd6 14658 1489f10 GetProcAddress 14657->14658 14659 1489ce5 14658->14659 14660 1489f10 GetProcAddress 14659->14660 14661 1489cf4 14660->14661 14662 1489f10 GetProcAddress 14661->14662 14663 1489d03 14662->14663 14664 1489f10 GetProcAddress 14663->14664 14665 1489d12 14664->14665 14666 1489f10 GetProcAddress 14665->14666 14667 1489d21 14666->14667 14668 1489f10 GetProcAddress 14667->14668 14669 1489d30 14668->14669 14670 1489f10 GetProcAddress 14669->14670 14671 1489d3f 14670->14671 14671->14655 14673 1471527 14672->14673 14674 1471551 LoadLibraryW 14672->14674 14673->14674 14683 14715d0 14673->14683 14692 147158b 14674->14692 14679 147153d 14679->14653 14681 1489f19 14680->14681 14682 1489f1d GetProcAddress 14680->14682 14681->14657 14682->14657 14684 14715ec 14683->14684 14685 14715dc OutputDebugStringA 14683->14685 14686 14715fe 14684->14686 14691 1471539 14684->14691 14700 1471690 14684->14700 14685->14684 14690 1471614 GetLastError 14686->14690 14734 14713b0 14686->14734 14689 1471610 14689->14690 14689->14691 14690->14691 14691->14674 14691->14679 14693 1471594 14692->14693 14694 1471572 14693->14694 14695 14715b2 14693->14695 14696 14715a8 GetLastError 14693->14696 14694->14653 14697 1471410 3 API calls 14695->14697 14696->14695 14698 14715be 14697->14698 14698->14694 14699 14715c2 SetLastError 14698->14699 14699->14694 14701 14718f4 14700->14701 14702 14716da 14700->14702 14705 15cc1c3 mtx_do_lock 5 API calls 14701->14705 14702->14701 14703 14716f1 14702->14703 14704 147171c 14702->14704 14706 147170e GetProcAddress 14703->14706 14707 14716fa GetModuleHandleW 14703->14707 14704->14701 14710 147174b QueryActCtxW 14704->14710 14708 1471913 14705->14708 14706->14704 14707->14704 14709 1471709 14707->14709 14708->14686 14709->14706 14710->14701 14711 1471755 14710->14711 14733 147186e 14711->14733 14742 1471650 14711->14742 14712 14713b0 3 API calls 14714 14718b1 14712->14714 14714->14701 14747 1471470 14714->14747 14715 147176d 14715->14701 14721 1471797 GetModuleFileNameW 14715->14721 14717 14718d9 14718 14718dd LoadLibraryW 14717->14718 14719 14718e8 14717->14719 14718->14719 14755 1471917 14719->14755 14721->14701 14722 14717b7 14721->14722 14723 14717be SetLastError 14722->14723 14724 14717cb 14722->14724 14723->14701 14725 1471836 14724->14725 14726 147180b 14724->14726 14729 1471854 CreateActCtxWWorker 14725->14729 14731 147183a 14725->14731 14727 1471814 GetModuleHandleW 14726->14727 14728 1471828 GetProcAddress 14726->14728 14727->14725 14730 1471823 14727->14730 14728->14725 14729->14731 14730->14728 14732 1471861 GetLastError 14731->14732 14731->14733 14732->14733 14733->14701 14733->14712 14735 14713be 14734->14735 14736 14713e9 14734->14736 14737 14713c7 GetModuleHandleW 14735->14737 14738 14713db GetProcAddress 14735->14738 14740 1471408 ActivateActCtx 14736->14740 14741 14713ed 14736->14741 14737->14736 14739 14713d6 14737->14739 14738->14736 14739->14738 14740->14689 14741->14689 14743 1471670 GetProcAddress 14742->14743 14744 147165c GetModuleHandleW 14742->14744 14743->14715 14745 147167e 14744->14745 14746 147166b 14744->14746 14745->14715 14746->14743 14748 147147e 14747->14748 14749 14714a9 14747->14749 14750 1471487 GetModuleHandleW 14748->14750 14751 147149b GetProcAddress 14748->14751 14753 14714d1 FindActCtxSectionStringW 14749->14753 14754 14714ad 14749->14754 14750->14749 14752 1471496 14750->14752 14751->14749 14752->14751 14753->14717 14754->14717 14758 1471410 14755->14758 14757 1471924 14757->14701 14759 147141e 14758->14759 14760 1471449 14758->14760 14761 1471427 GetModuleHandleW 14759->14761 14762 147143b GetProcAddress 14759->14762 14764 1471468 DeactivateActCtx 14760->14764 14765 147144d 14760->14765 14761->14760 14763 1471436 14761->14763 14762->14760 14763->14762 14764->14757 14765->14757 14766 15fd3c1 14769 15fd29b 14766->14769 14770 15fd2bb 14769->14770 14771 15fd2a9 14769->14771 14782 15fd142 14770->14782 14790 15cda38 GetModuleHandleW 14771->14790 14776 15fd2f6 14797 15fd2ff 14776->14797 14777 15fd2f4 14783 15fd14e std::locale::_Setgloballocale 14782->14783 14805 1600271 EnterCriticalSection 14783->14805 14785 15fd158 14806 15fd1ae 14785->14806 14791 15cda44 14790->14791 14791->14770 14792 15fd341 GetModuleHandleExW 14791->14792 14793 15fd360 GetProcAddress 14792->14793 14796 15fd375 14792->14796 14793->14796 14794 15fd389 FreeLibrary 14795 15fd2ba 14794->14795 14795->14770 14796->14794 14796->14795 15043 16065a8 GetPEB 14797->15043 14800 15fd32e 14803 15fd341 std::locale::_Setgloballocale 3 API calls 14800->14803 14801 15fd30e GetPEB 14801->14800 14802 15fd31e GetCurrentProcess TerminateProcess 14801->14802 14802->14800 14804 15fd336 ExitProcess 14803->14804 14805->14785 14808 15fd1ba std::locale::_Setgloballocale 14806->14808 14807 15fd165 14814 15fd183 14807->14814 14808->14807 14809 15fd21b 14808->14809 14817 15fde0b 14808->14817 14810 15fd238 14809->14810 14820 15fe891 14809->14820 14813 15fe891 std::locale::_Setgloballocale 138 API calls 14810->14813 14813->14807 15042 16002c1 LeaveCriticalSection 14814->15042 14816 15fd171 14816->14776 14816->14777 14826 15fdb3c 14817->14826 14821 15fe8b5 14820->14821 14822 15fe8d1 14820->14822 14821->14822 14843 13177c0 14821->14843 14858 1312da0 14821->14858 14883 1313e00 14821->14883 14822->14810 14827 15fdb48 std::locale::_Setgloballocale 14826->14827 14834 1600271 EnterCriticalSection 14827->14834 14829 15fdb56 14835 15fdd1b 14829->14835 14834->14829 14836 15fdd3a 14835->14836 14837 15fdb63 14835->14837 14836->14837 14838 16015d5 _free 14 API calls 14836->14838 14839 15fdb8b 14837->14839 14838->14837 14842 16002c1 LeaveCriticalSection 14839->14842 14841 15fdb74 14841->14809 14842->14841 14908 143fb30 14843->14908 14846 143fb30 27 API calls 14847 1317817 14846->14847 14848 143fb30 27 API calls 14847->14848 14849 131782f 14848->14849 14850 143fb30 27 API calls 14849->14850 14851 1317847 14850->14851 14913 143fe90 14851->14913 14853 1317860 14918 15cc44d 14853->14918 14856 15cc1c3 mtx_do_lock 5 API calls 14857 131789b 14856->14857 14857->14821 15020 143ff40 14858->15020 14860 1312fac 14861 13cc440 27 API calls 14860->14861 14862 1312fc9 14861->14862 14863 143ff40 27 API calls 14862->14863 14864 13131e1 14863->14864 14865 13cc440 27 API calls 14864->14865 14866 13131fb 14865->14866 14867 143ff40 27 API calls 14866->14867 14868 1313413 14867->14868 14869 13cc440 27 API calls 14868->14869 14870 131342d 14869->14870 15028 143fc40 14870->15028 14872 1313443 14873 1313479 14872->14873 14875 131ccd0 25 API calls 14872->14875 14874 13134ba 14873->14874 14876 131ccd0 25 API calls 14873->14876 14877 13134fe 14874->14877 14878 131ccd0 25 API calls 14874->14878 14875->14873 14876->14874 14879 15cc44d 28 API calls 14877->14879 14878->14877 14880 1313529 14879->14880 14881 15cc1c3 mtx_do_lock 5 API calls 14880->14881 14882 1313541 14881->14882 14882->14821 14884 143ff40 27 API calls 14883->14884 14885 131400c 14884->14885 14886 13cc440 27 API calls 14885->14886 14887 1314029 14886->14887 14888 143ff40 27 API calls 14887->14888 14889 1314241 14888->14889 14890 13cc440 27 API calls 14889->14890 14891 131425b 14890->14891 14892 143ff40 27 API calls 14891->14892 14893 1314473 14892->14893 14894 13cc440 27 API calls 14893->14894 14895 131448d 14894->14895 14896 143fc40 138 API calls 14895->14896 14897 13144a3 14896->14897 14898 13144d9 14897->14898 14899 131ccd0 25 API calls 14897->14899 14900 131451a 14898->14900 14901 131ccd0 25 API calls 14898->14901 14899->14898 14902 131455e 14900->14902 14903 131ccd0 25 API calls 14900->14903 14901->14900 14904 15cc44d 28 API calls 14902->14904 14903->14902 14905 1314589 14904->14905 14906 15cc1c3 mtx_do_lock 5 API calls 14905->14906 14907 13145a1 14906->14907 14907->14821 14909 131cc60 27 API calls 14908->14909 14910 143fb76 14909->14910 14921 143f2a0 14910->14921 14914 131cc60 27 API calls 14913->14914 14915 143fed0 14914->14915 14943 143f990 14915->14943 14986 15cc420 14918->14986 14922 13177fc 14921->14922 14923 143f2df 14921->14923 14922->14846 14924 131cc60 27 API calls 14923->14924 14925 143f301 14924->14925 14933 13cc440 14925->14933 14927 143f37d 14930 143f2a0 27 API calls 14927->14930 14928 143f320 14928->14927 14929 131ccd0 25 API calls 14928->14929 14929->14927 14931 143f3af 14930->14931 14932 143f2a0 27 API calls 14931->14932 14932->14922 14934 13cc48d 14933->14934 14939 13cc4a5 14933->14939 14935 13cc49c 14934->14935 14936 13cc4ef 14934->14936 14937 131cc60 27 API calls 14935->14937 14938 131ceb0 Concurrency::cancel_current_task RaiseException 14936->14938 14937->14939 14940 13cc4f4 14938->14940 14939->14928 14941 131ccd0 25 API calls 14940->14941 14942 13cc50f 14940->14942 14941->14942 14942->14928 14944 143fb10 14943->14944 14945 143f9cb 14943->14945 14944->14853 14945->14944 14946 143fb24 14945->14946 14947 131cc60 27 API calls 14945->14947 14950 143fb30 27 API calls 14945->14950 14952 131ccd0 25 API calls 14945->14952 14953 143f400 14945->14953 14958 1335d20 14946->14958 14947->14945 14950->14945 14952->14945 14954 143f4ac 14953->14954 14956 143f436 14953->14956 14954->14945 14955 143f400 25 API calls 14955->14956 14956->14954 14956->14955 14957 131ccd0 25 API calls 14956->14957 14957->14956 14963 15cdfb7 14958->14963 14976 15cdd3b 14963->14976 14966 15e219c std::_Xinvalid_argument RaiseException 14967 15cdfd6 14966->14967 14979 15cdd9b 14967->14979 14970 15e219c std::_Xinvalid_argument RaiseException 14971 15cdff6 14970->14971 14982 15cdde4 14971->14982 14974 15e219c std::_Xinvalid_argument RaiseException 14975 15ce016 14974->14975 14977 15cdc9c std::exception::exception 26 API calls 14976->14977 14978 15cdd4d 14977->14978 14978->14966 14980 15cdc9c std::exception::exception 26 API calls 14979->14980 14981 15cddad 14980->14981 14981->14970 14983 15cddf8 std::regex_error::regex_error 14982->14983 14984 15cdc9c std::exception::exception 26 API calls 14983->14984 14985 15cde01 14984->14985 14985->14974 14987 15cc42f 14986->14987 14988 15cc436 14986->14988 14992 15fddf5 14987->14992 14995 15fde61 14988->14995 14991 1317883 14991->14856 14993 15fde61 28 API calls 14992->14993 14994 15fde07 14993->14994 14994->14991 14998 15fdb97 14995->14998 14999 15fdba3 std::locale::_Setgloballocale 14998->14999 15006 1600271 EnterCriticalSection 14999->15006 15001 15fdbb1 15007 15fdbf2 15001->15007 15003 15fdbbe 15017 15fdbe6 15003->15017 15006->15001 15008 15fdc0e 15007->15008 15010 15fdc85 std::_Locinfo::_Locinfo_dtor 15007->15010 15009 15fdc65 15008->15009 15008->15010 15012 15fbf5e 28 API calls 15008->15012 15009->15010 15011 15fbf5e 28 API calls 15009->15011 15010->15003 15014 15fdc7b 15011->15014 15013 15fdc5b 15012->15013 15015 16015d5 _free 14 API calls 15013->15015 15016 16015d5 _free 14 API calls 15014->15016 15015->15009 15016->15010 15018 16002c1 std::_Lockit::~_Lockit LeaveCriticalSection 15017->15018 15019 15fdbcf 15018->15019 15019->14991 15021 143ff92 15020->15021 15026 143ffa3 15020->15026 15022 143ff9a 15021->15022 15024 143ffed 15021->15024 15023 131cc60 27 API calls 15022->15023 15023->15026 15025 144000f 15024->15025 15027 131ccd0 25 API calls 15024->15027 15025->14860 15026->14860 15027->15025 15029 131cc60 27 API calls 15028->15029 15030 143fc80 15029->15030 15033 143f7e0 15030->15033 15034 143f96b 15033->15034 15035 143f81b 15033->15035 15034->14872 15035->15034 15036 143f97f 15035->15036 15037 131cc60 27 API calls 15035->15037 15040 13cc440 27 API calls 15035->15040 15041 131ccd0 25 API calls 15035->15041 15038 1335d20 138 API calls 15036->15038 15037->15035 15039 143f984 15038->15039 15040->15035 15041->15035 15042->14816 15044 15fd309 15043->15044 15045 16065c2 15043->15045 15044->14800 15044->14801 15047 1601c60 15045->15047 15048 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15047->15048 15049 1601c7c 15048->15049 15049->15044 15465 1315610 15466 143fb30 27 API calls 15465->15466 15467 131564c 15466->15467 15468 143fb30 27 API calls 15467->15468 15469 1315667 15468->15469 15470 143fb30 27 API calls 15469->15470 15471 131567f 15470->15471 15472 143fe90 138 API calls 15471->15472 15473 1315698 15472->15473 15474 15cc44d 28 API calls 15473->15474 15475 13156bb 15474->15475 15476 15cc1c3 mtx_do_lock 5 API calls 15475->15476 15477 13156d3 15476->15477 15478 1311e10 15483 15ebec7 15478->15483 15481 15cc44d 28 API calls 15482 1312107 15481->15482 15486 15ebe44 15483->15486 15485 131201c 15485->15481 15487 15ebe68 15486->15487 15488 15ebe53 15486->15488 15493 15ebe63 __alldvrm 15487->15493 15494 1601f45 15487->15494 15489 15ec55c __dosmaperr 14 API calls 15488->15489 15490 15ebe58 15489->15490 15492 15e624d __cftoe 25 API calls 15490->15492 15492->15493 15493->15485 15495 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15494->15495 15496 1601f61 15495->15496 15497 1601f6a 15496->15497 15498 1601f7c GetSystemTimeAsFileTime 15496->15498 15497->15493 15499 1313600 15504 143fcf0 15499->15504 15502 15cc44d 28 API calls 15503 131363e 15502->15503 15505 131cc60 27 API calls 15504->15505 15507 143fd3a 15505->15507 15506 1313634 15506->15502 15507->15506 15508 143fe7d 15507->15508 15509 131cc60 27 API calls 15507->15509 15512 131ccd0 25 API calls 15507->15512 15510 1335d20 138 API calls 15508->15510 15509->15507 15511 143fe82 15510->15511 15512->15507 15523 1311800 15524 1492ee5 std::_Facet_Register 15 API calls 15523->15524 15525 131183e 15524->15525 15526 1311892 15525->15526 15530 13392f0 15525->15530 15528 15cc44d 28 API calls 15526->15528 15529 13118f3 15528->15529 15531 1339370 15530->15531 15531->15531 15532 1320a20 27 API calls 15531->15532 15533 1339386 15532->15533 15534 1320a20 27 API calls 15533->15534 15535 13393c5 15534->15535 15536 1320a20 27 API calls 15535->15536 15537 1339403 15536->15537 15538 1320a20 27 API calls 15537->15538 15539 1339445 15538->15539 15540 1320a20 27 API calls 15539->15540 15541 1339487 15540->15541 15556 145df60 15541->15556 15544 13394c3 15545 13394ee 15544->15545 15547 131ccd0 25 API calls 15544->15547 15548 1339519 15545->15548 15549 131ccd0 25 API calls 15545->15549 15546 131ccd0 25 API calls 15546->15544 15547->15545 15550 1339544 15548->15550 15551 131ccd0 25 API calls 15548->15551 15549->15548 15552 1339575 15550->15552 15554 131ccd0 25 API calls 15550->15554 15551->15550 15553 15cc1c3 mtx_do_lock 5 API calls 15552->15553 15555 13395a5 15553->15555 15554->15552 15555->15526 15567 131dfc0 15556->15567 15558 145df91 15559 131dfc0 27 API calls 15558->15559 15560 145dfa3 15559->15560 15561 131dfc0 27 API calls 15560->15561 15562 145dfb2 15561->15562 15563 131dfc0 27 API calls 15562->15563 15564 145dfc1 15563->15564 15565 131dfc0 27 API calls 15564->15565 15566 13394ad 15565->15566 15566->15544 15566->15546 15568 131dfe7 15567->15568 15569 131dfee 15568->15569 15570 131cc60 27 API calls 15568->15570 15569->15558 15571 131e024 _Yarn 15570->15571 15571->15558 15572 1311000 15573 131cc60 27 API calls 15572->15573 15574 1311010 15573->15574 15575 15cc44d 28 API calls 15574->15575 15576 1311054 15575->15576 15577 1311300 15578 15cf9b5 __Mtx_init_in_situ RtlInitializeConditionVariable 15577->15578 15579 131132e 15578->15579 15580 15cc44d 28 API calls 15579->15580 15581 131133f 15580->15581 15592 131c780 15593 131c7cb __cftof 15592->15593 15594 131c7dd GetCurrentDirectoryW MultiByteToWideChar 15593->15594 15595 131c811 15594->15595 15596 131c82a SetCurrentDirectoryW 15594->15596 15597 15cc1c3 mtx_do_lock 5 API calls 15595->15597 15611 13201b0 15596->15611 15599 131c826 15597->15599 15600 131c83d 15604 131c869 15600->15604 15616 1489f30 15600->15616 15601 131c8b5 SetCurrentDirectoryW 15602 15cc1c3 mtx_do_lock 5 API calls 15601->15602 15606 131c8d7 15602->15606 15604->15601 15622 148a510 15604->15622 15607 131c897 15627 148a6d0 15607->15627 15630 13201d0 RegCreateKeyExW 15611->15630 15613 13201ba 15614 13201d0 3 API calls 15613->15614 15615 13201c4 15614->15615 15615->15600 15633 148a5c0 15616->15633 15619 1489f72 15619->15604 15621 1489f6b 15621->15604 15623 148a51d 15622->15623 15624 148a52f 15622->15624 15988 148a540 15623->15988 15624->15607 15626 148a52d 15626->15607 15628 131d430 30 API calls 15627->15628 15629 148a6d5 15628->15629 15631 1320206 15630->15631 15632 132020c RegSetValueExW RegCloseKey 15630->15632 15631->15613 15632->15613 15634 148a5fd 15633->15634 15639 148a5f6 15633->15639 15662 131e2a0 15634->15662 15636 15cc1c3 mtx_do_lock 5 API calls 15637 1489f48 15636->15637 15637->15619 15645 148a040 15637->15645 15639->15636 15640 148a644 15640->15639 15642 131ccd0 25 API calls 15640->15642 15641 1492ee5 std::_Facet_Register 15 API calls 15643 148a621 15641->15643 15642->15639 15643->15640 15665 1489d50 15643->15665 15646 148a07a RegOpenKeyExW 15645->15646 15647 148a064 15645->15647 15649 148a0f8 RegQueryValueExW 15646->15649 15651 148a11c 15646->15651 15648 15cc1c3 mtx_do_lock 5 API calls 15647->15648 15650 148a074 15648->15650 15649->15651 15650->15621 15813 148a480 15651->15813 15657 148a370 15658 148a3b3 15657->15658 15841 148a4a0 15657->15841 15660 15cc1c3 mtx_do_lock 5 API calls 15658->15660 15661 148a3cb 15660->15661 15661->15621 15671 1321750 15662->15671 15666 1489db0 15665->15666 15666->15666 15667 1320a20 27 API calls 15666->15667 15668 1489dc0 15667->15668 15669 1489c80 32 API calls 15668->15669 15670 1489dcf 15669->15670 15670->15640 15672 1321762 15671->15672 15672->15672 15673 1320a20 27 API calls 15672->15673 15674 1321774 15673->15674 15676 131e2e9 15674->15676 15677 15e6776 15674->15677 15676->15640 15676->15641 15678 15e678e 15677->15678 15679 15e6784 15677->15679 15678->15674 15681 15e6641 15679->15681 15682 15e6658 15681->15682 15690 15e666b 15681->15690 15691 15e64aa 15682->15691 15685 15e66b7 15686 15ec55c __dosmaperr 14 API calls 15685->15686 15688 15e66bd 15685->15688 15686->15688 15702 1601532 15688->15702 15690->15678 15692 15e64ca 15691->15692 15693 15e64c1 15691->15693 15692->15693 15694 1601099 __Getctype 138 API calls 15692->15694 15693->15685 15693->15690 15699 15fbb5d 15693->15699 15695 15e64ea 15694->15695 15707 160157b 15695->15707 15700 15e64aa __fassign 138 API calls 15699->15700 15701 15fbb70 __fassign 15700->15701 15701->15685 15703 15e64aa __fassign 138 API calls 15702->15703 15704 1601545 15703->15704 15756 1601348 15704->15756 15708 15e6500 15707->15708 15709 160158e 15707->15709 15711 16015a8 15708->15711 15709->15708 15715 160ac29 15709->15715 15712 16015d0 15711->15712 15713 16015bb 15711->15713 15712->15693 15713->15712 15736 1609158 15713->15736 15716 160ac35 std::locale::_Setgloballocale 15715->15716 15717 1601099 __Getctype 138 API calls 15716->15717 15718 160ac3e 15717->15718 15725 160ac84 15718->15725 15728 1600271 EnterCriticalSection 15718->15728 15720 160ac5c 15729 160acaa 15720->15729 15725->15708 15726 1600cf9 __Getctype 138 API calls 15727 160aca9 15726->15727 15728->15720 15730 160ac6d 15729->15730 15731 160acb8 __Getctype 15729->15731 15733 160ac89 15730->15733 15731->15730 15732 160a9dd __Getctype 14 API calls 15731->15732 15732->15730 15734 16002c1 std::_Lockit::~_Lockit LeaveCriticalSection 15733->15734 15735 160ac80 15734->15735 15735->15725 15735->15726 15737 1601099 __Getctype 138 API calls 15736->15737 15738 1609162 15737->15738 15741 160906a 15738->15741 15740 1609168 15740->15712 15742 1609076 std::locale::_Setgloballocale 15741->15742 15743 1600271 std::_Lockit::_Lockit EnterCriticalSection 15742->15743 15744 1609090 15742->15744 15746 16090a0 15743->15746 15745 1609097 15744->15745 15749 1600cf9 __Getctype 138 API calls 15744->15749 15745->15740 15747 16090cc 15746->15747 15753 16015d5 _free 14 API calls 15746->15753 15748 16090e9 __fassign LeaveCriticalSection 15747->15748 15748->15744 15750 1609109 15749->15750 15751 160914b 15750->15751 15752 1601156 __fassign 138 API calls 15750->15752 15751->15740 15754 160913c 15752->15754 15753->15747 15755 1608f51 __fassign 138 API calls 15754->15755 15755->15751 15757 1601363 __fassign 15756->15757 15784 160488e 15757->15784 15759 15cc1c3 mtx_do_lock 5 API calls 15760 160151f 15759->15760 15760->15690 15761 16013a7 15764 16013cc _strftime 15761->15764 15767 160150c 15761->15767 15787 16012fa 15761->15787 15763 160488e __fassign MultiByteToWideChar 15765 1601412 15763->15765 15764->15763 15778 1601471 15764->15778 15765->15778 15794 16020c7 15765->15794 15766 14fb5f0 __freea 14 API calls 15766->15767 15767->15759 15770 1601480 15772 16012fa _strftime 15 API calls 15770->15772 15777 1601492 _strftime 15770->15777 15771 1601448 15774 16020c7 _strftime 6 API calls 15771->15774 15771->15778 15772->15777 15773 16014fd 15803 14fb5f0 15773->15803 15774->15778 15775 16020c7 _strftime 6 API calls 15779 16014da 15775->15779 15777->15773 15777->15775 15778->15766 15779->15773 15800 16063ec 15779->15800 15781 16014f4 15781->15773 15782 1601529 15781->15782 15783 14fb5f0 __freea 14 API calls 15782->15783 15783->15778 15785 160489f MultiByteToWideChar 15784->15785 15785->15761 15788 1601338 15787->15788 15793 1601308 _strftime 15787->15793 15789 15ec55c __dosmaperr 14 API calls 15788->15789 15791 1601336 15789->15791 15790 1601323 RtlAllocateHeap 15790->15791 15790->15793 15791->15764 15792 1609879 _strftime 2 API calls 15792->15793 15793->15788 15793->15790 15793->15792 15807 1601ae2 15794->15807 15798 1602118 LCMapStringW 15799 1601434 15798->15799 15799->15770 15799->15771 15799->15778 15802 1606405 WideCharToMultiByte 15800->15802 15802->15781 15804 14fb60b 15803->15804 15805 14fb5fa 15803->15805 15804->15778 15805->15804 15806 15e67a6 ___std_exception_destroy 14 API calls 15805->15806 15806->15804 15808 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15807->15808 15809 1601af8 15808->15809 15809->15799 15810 1602124 15809->15810 15811 1601afc _strftime 5 API calls 15810->15811 15812 160212f _strftime 15811->15812 15812->15798 15844 1330280 RegOpenKeyExW 15813->15844 15816 131d430 15817 131d47b 15816->15817 15818 131d45c 15816->15818 15822 131d0d0 15817->15822 15819 1492ee5 std::_Facet_Register 15 API calls 15818->15819 15820 131d463 15819->15820 15820->15817 15848 131cf70 15820->15848 15925 131d370 15822->15925 15824 131d1d5 15824->15657 15825 131d0df 15825->15824 15826 131d1a7 15825->15826 15827 131d16f 15825->15827 15935 131cf50 15825->15935 15832 131cf50 11 API calls 15826->15832 15828 131cef0 11 API calls 15827->15828 15830 131d186 15828->15830 15833 131cef0 11 API calls 15830->15833 15832->15824 15835 131d197 15833->15835 15837 131ced0 11 API calls 15835->15837 15836 131d137 15838 131cf50 11 API calls 15836->15838 15837->15826 15839 131d15c 15838->15839 15943 131ced0 15839->15943 15842 1330280 4 API calls 15841->15842 15843 148a4b5 15842->15843 15843->15658 15845 13302a1 RegCreateKeyExW 15844->15845 15846 13302c6 RegSetValueExW RegCloseKey 15844->15846 15845->15846 15847 13302e5 15845->15847 15846->15847 15847->15816 15879 131db60 15848->15879 15850 131cf7f 15885 131d580 15850->15885 15852 131cf94 15853 131d580 10 API calls 15852->15853 15854 131cfa2 15853->15854 15855 131d580 10 API calls 15854->15855 15856 131cfb1 15855->15856 15857 131d580 10 API calls 15856->15857 15858 131cfc0 15857->15858 15859 131d580 10 API calls 15858->15859 15860 131cfcf 15859->15860 15894 131d4a0 15860->15894 15862 131cfde 15863 131d580 10 API calls 15862->15863 15864 131cfed 15863->15864 15901 131d510 15864->15901 15866 131cfff 15867 131d510 25 API calls 15866->15867 15868 131d00e 15867->15868 15869 131d510 25 API calls 15868->15869 15870 131d01d 15869->15870 15871 131d580 10 API calls 15870->15871 15872 131d02c 15871->15872 15873 131d580 10 API calls 15872->15873 15874 131d03b 15873->15874 15875 131d4a0 5 API calls 15874->15875 15876 131d04d 15875->15876 15877 131d4a0 5 API calls 15876->15877 15878 131d05c 15877->15878 15878->15817 15880 131db89 _strncat __cftof 15879->15880 15910 131d8c0 15880->15910 15883 15cc1c3 mtx_do_lock 5 API calls 15884 131dbaf 15883->15884 15884->15850 15886 131d59d 15885->15886 15887 131d5af _strncat __cftof 15885->15887 15888 15cc1c3 mtx_do_lock 5 API calls 15886->15888 15890 131d8c0 10 API calls 15887->15890 15889 131d5ab 15888->15889 15889->15852 15891 131d5dc 15890->15891 15892 15cc1c3 mtx_do_lock 5 API calls 15891->15892 15893 131d5ea 15892->15893 15893->15852 15895 131d4bd 15894->15895 15898 131d4cf _strncat __cftof 15894->15898 15896 15cc1c3 mtx_do_lock 5 API calls 15895->15896 15897 131d4cb 15896->15897 15897->15862 15899 15cc1c3 mtx_do_lock 5 API calls 15898->15899 15900 131d50b 15899->15900 15900->15862 15902 131d52d 15901->15902 15903 131d53e _strncat __cftof 15901->15903 15904 15cc1c3 mtx_do_lock 5 API calls 15902->15904 15918 131d7f0 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 15903->15918 15905 131d53a 15904->15905 15905->15866 15908 15cc1c3 mtx_do_lock 5 API calls 15909 131d57a 15908->15909 15909->15866 15913 131d720 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 15910->15913 15914 131d7a0 RegQueryValueExW RegCloseKey 15913->15914 15915 131d7df 15913->15915 15914->15915 15916 15cc1c3 mtx_do_lock 5 API calls 15915->15916 15917 131d7ec 15916->15917 15917->15883 15919 131d8a1 15918->15919 15920 131d853 15918->15920 15922 15cc1c3 mtx_do_lock 5 API calls 15919->15922 15921 15e6465 _Yarn 15 API calls 15920->15921 15923 131d867 RegQueryValueExW RegCloseKey 15921->15923 15924 131d56c 15922->15924 15923->15919 15924->15908 15928 131d37e 15925->15928 15926 131d427 15926->15825 15927 131d3ea 15929 131cf50 11 API calls 15927->15929 15928->15926 15928->15927 15947 1489ec0 RegOpenKeyExW 15928->15947 15930 131d405 15929->15930 15932 131cf50 11 API calls 15930->15932 15933 131d416 15932->15933 15934 131cf50 11 API calls 15933->15934 15934->15926 15936 131cf68 15935->15936 15937 131cf5d 15935->15937 15939 131cef0 15936->15939 15950 131d6b0 15937->15950 15942 131cf01 15939->15942 15941 131cf3b 15941->15836 15942->15941 15962 131d650 15942->15962 15944 131cee8 15943->15944 15945 131cedd 15943->15945 15944->15827 15976 131d5f0 15945->15976 15948 1489ee0 RegDeleteValueW RegDeleteValueW RegCloseKey 15947->15948 15949 1489f05 15947->15949 15948->15949 15949->15927 15951 131d6d9 _strncat __cftof 15950->15951 15956 131da90 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 15951->15956 15954 15cc1c3 mtx_do_lock 5 API calls 15955 131d6ff 15954->15955 15955->15936 15957 131db24 RegSetValueExW RegCloseKey 15956->15957 15958 131dafa RegCreateKeyExW 15956->15958 15959 131db50 15957->15959 15958->15957 15958->15959 15960 15cc1c3 mtx_do_lock 5 API calls 15959->15960 15961 131d6f1 15960->15961 15961->15954 15963 131d67e _strncat __cftof 15962->15963 15968 131d9b0 MultiByteToWideChar MultiByteToWideChar 15963->15968 15966 15cc1c3 mtx_do_lock 5 API calls 15967 131d6a3 15966->15967 15967->15941 15969 131d9f6 15968->15969 15969->15969 15970 131d9fd RegOpenKeyExW 15969->15970 15971 131da21 RegCreateKeyExW 15970->15971 15972 131da4b RegSetValueExW RegCloseKey 15970->15972 15971->15972 15973 131da73 15971->15973 15972->15973 15974 15cc1c3 mtx_do_lock 5 API calls 15973->15974 15975 131d694 15974->15975 15975->15966 15977 131d61a _strncat __cftof 15976->15977 15982 131d8e0 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 15977->15982 15980 15cc1c3 mtx_do_lock 5 API calls 15981 131d640 15980->15981 15981->15944 15983 131d973 RegSetValueExW RegCloseKey 15982->15983 15984 131d949 RegCreateKeyExW 15982->15984 15985 131d99f 15983->15985 15984->15983 15984->15985 15986 15cc1c3 mtx_do_lock 5 API calls 15985->15986 15987 131d632 15986->15987 15987->15980 15989 148a54f 15988->15989 15993 148a559 15988->15993 15989->15626 15990 148a565 15990->15626 15991 131d430 30 API calls 15992 148a59b 15991->15992 15996 131d1e0 15992->15996 15993->15990 15993->15991 15995 148a5a2 15995->15626 15997 131d370 15 API calls 15996->15997 15998 131d1ef 15997->15998 15999 131cf50 11 API calls 15998->15999 16007 131d363 15998->16007 16000 131d212 15999->16000 16001 131cf50 11 API calls 16000->16001 16005 131d25c 16000->16005 16002 131d249 16001->16002 16003 131ced0 11 API calls 16002->16003 16003->16005 16004 131cf50 11 API calls 16006 131d316 16004->16006 16005->16004 16006->16007 16008 131ced0 11 API calls 16006->16008 16007->15995 16008->16007 16009 131c600 16010 131c63a __cftof 16009->16010 16011 131c64d GetCurrentDirectoryW MultiByteToWideChar 16010->16011 16012 131c682 16011->16012 16013 131c695 SetCurrentDirectoryW 16011->16013 16014 15cc1c3 mtx_do_lock 5 API calls 16012->16014 16015 131c6b5 __cftof 16013->16015 16016 131c691 16014->16016 16017 15e5fde ___std_exception_copy 25 API calls 16015->16017 16018 131c6c7 16017->16018 16032 15e6038 16018->16032 16020 131c6dd 16023 131c6f8 16020->16023 16041 1489f80 16020->16041 16025 148a510 46 API calls 16023->16025 16030 131c72e 16023->16030 16026 131c720 16025->16026 16028 148a6d0 30 API calls 16026->16028 16026->16030 16028->16030 16051 148a410 lstrcpyA lstrcpyA 16030->16051 16033 15e6054 16032->16033 16036 15e6046 16032->16036 16034 15ec55c __dosmaperr 14 API calls 16033->16034 16035 15e605c 16034->16035 16037 15e624d __cftoe 25 API calls 16035->16037 16036->16033 16039 15e607d 16036->16039 16038 15e6066 16037->16038 16038->16020 16039->16038 16040 15ec55c __dosmaperr 14 API calls 16039->16040 16040->16035 16042 1489fb6 16041->16042 16043 1489fc7 16041->16043 16042->16023 16044 1492ee5 std::_Facet_Register 15 API calls 16043->16044 16045 1489fd1 16044->16045 16046 1489fef 16045->16046 16047 1489d50 54 API calls 16045->16047 16048 148a024 16046->16048 16049 148a040 58 API calls 16046->16049 16047->16046 16048->16023 16050 148a010 16049->16050 16050->16023 16057 148a6e0 16051->16057 16058 131d430 30 API calls 16057->16058 16059 148a6e5 16058->16059 15050 15ec1e0 15051 15ec1ec std::locale::_Setgloballocale 15050->15051 15052 15ec1f3 GetLastError ExitThread 15051->15052 15053 15ec200 15051->15053 15064 1601099 GetLastError 15053->15064 15058 15ec21c 15099 15ec4d5 15058->15099 15065 16010b0 15064->15065 15066 16010b6 15064->15066 15068 1601e2e __dosmaperr 6 API calls 15065->15068 15067 1601e6d __dosmaperr 6 API calls 15066->15067 15090 16010bc SetLastError 15066->15090 15069 16010d4 15067->15069 15068->15066 15070 16018d5 __dosmaperr 14 API calls 15069->15070 15069->15090 15071 16010e4 15070->15071 15073 1601103 15071->15073 15074 16010ec 15071->15074 15079 1601e6d __dosmaperr 6 API calls 15073->15079 15077 1601e6d __dosmaperr 6 API calls 15074->15077 15075 1601150 15102 1600cf9 15075->15102 15076 15ec205 15091 1606564 15076->15091 15080 16010fa 15077->15080 15082 160110f 15079->15082 15086 16015d5 _free 14 API calls 15080->15086 15083 1601113 15082->15083 15084 1601124 15082->15084 15087 1601e6d __dosmaperr 6 API calls 15083->15087 15085 1600ec5 __dosmaperr 14 API calls 15084->15085 15088 160112f 15085->15088 15086->15090 15087->15080 15089 16015d5 _free 14 API calls 15088->15089 15089->15090 15090->15075 15090->15076 15092 1606576 GetPEB 15091->15092 15095 15ec210 15091->15095 15093 1606589 15092->15093 15092->15095 15170 1601ca0 15093->15170 15095->15058 15096 1602155 15095->15096 15097 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15096->15097 15098 1602171 15097->15098 15098->15058 15173 15ec315 15099->15173 15113 16099d0 15102->15113 15105 1600d13 IsProcessorFeaturePresent 15107 1600d1f 15105->15107 15110 15e60a1 std::locale::_Setgloballocale 8 API calls 15107->15110 15109 1600d09 15109->15105 15112 1600d32 15109->15112 15110->15112 15143 15fd3c1 15112->15143 15146 1609902 15113->15146 15116 1609a1e 15117 1609a2a std::locale::_Setgloballocale 15116->15117 15118 16011f0 __dosmaperr 14 API calls 15117->15118 15122 1609a57 std::locale::_Setgloballocale 15117->15122 15124 1609a51 std::locale::_Setgloballocale 15117->15124 15118->15124 15119 1609a9c 15121 15ec55c __dosmaperr 14 API calls 15119->15121 15120 1609a86 15120->15109 15123 1609aa1 15121->15123 15127 1609ac8 15122->15127 15160 1600271 EnterCriticalSection 15122->15160 15157 15e624d 15123->15157 15124->15119 15124->15120 15124->15122 15129 1609b10 15127->15129 15130 1609c05 15127->15130 15140 1609b3b 15127->15140 15129->15140 15161 1609a15 15129->15161 15132 1609c10 15130->15132 15168 16002c1 LeaveCriticalSection 15130->15168 15134 15fd3c1 std::locale::_Setgloballocale 138 API calls 15132->15134 15135 1609c18 15134->15135 15137 1601099 __Getctype 138 API calls 15141 1609b8f 15137->15141 15139 1609a15 std::locale::_Setgloballocale 138 API calls 15139->15140 15164 1609bb1 15140->15164 15141->15120 15142 1601099 __Getctype 138 API calls 15141->15142 15142->15120 15144 15fd29b std::locale::_Setgloballocale 138 API calls 15143->15144 15145 15fd3d2 15144->15145 15147 160990e std::locale::_Setgloballocale 15146->15147 15152 1600271 EnterCriticalSection 15147->15152 15149 160991c 15153 160995a 15149->15153 15152->15149 15156 16002c1 LeaveCriticalSection 15153->15156 15155 1600cfe 15155->15109 15155->15116 15156->15155 15158 15e61e9 __cftoe 25 API calls 15157->15158 15159 15e6259 15158->15159 15159->15120 15160->15127 15162 1601099 __Getctype 138 API calls 15161->15162 15163 1609a1a 15162->15163 15163->15139 15165 1609b80 15164->15165 15166 1609bb7 15164->15166 15165->15120 15165->15137 15165->15141 15169 16002c1 LeaveCriticalSection 15166->15169 15168->15132 15169->15165 15171 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15170->15171 15172 1601cbc 15171->15172 15172->15095 15174 16011f0 __dosmaperr 14 API calls 15173->15174 15176 15ec320 15174->15176 15175 15ec362 ExitThread 15176->15175 15178 15ec339 15176->15178 15182 1602190 15176->15182 15179 15ec345 CloseHandle 15178->15179 15180 15ec34c 15178->15180 15179->15180 15180->15175 15181 15ec358 FreeLibraryAndExitThread 15180->15181 15181->15175 15183 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 15182->15183 15184 16021a9 15183->15184 15184->15178 16063 1316e70 16064 143fb30 27 API calls 16063->16064 16065 1316ea9 16064->16065 16066 143fe90 138 API calls 16065->16066 16067 1316ec2 16066->16067 16068 15cc44d 28 API calls 16067->16068 16069 1316ee5 16068->16069 16080 1319af0 16081 131cc60 27 API calls 16080->16081 16082 1319b51 16081->16082 16083 131cc60 27 API calls 16082->16083 16084 1319bea 16083->16084 16085 131cc60 27 API calls 16084->16085 16086 1319c8c 16085->16086 16087 131cc60 27 API calls 16086->16087 16088 1319d1b 16087->16088 16089 131cc60 27 API calls 16088->16089 16090 1319dc5 16089->16090 16091 131cc60 27 API calls 16090->16091 16092 1319e4f 16091->16092 16093 131cc60 27 API calls 16092->16093 16094 1319ef1 16093->16094 16095 131cc60 27 API calls 16094->16095 16096 1319f7d 16095->16096 16097 131cc60 27 API calls 16096->16097 16098 131a027 16097->16098 16099 131cc60 27 API calls 16098->16099 16100 131a0b5 16099->16100 16101 131cc60 27 API calls 16100->16101 16102 131a141 16101->16102 16103 131cc60 27 API calls 16102->16103 16104 131a1cf 16103->16104 16105 131cc60 27 API calls 16104->16105 16106 131a266 16105->16106 16107 131cc60 27 API calls 16106->16107 16108 131a2f3 16107->16108 16109 1320a20 27 API calls 16108->16109 16110 131a38f 16109->16110 16111 1320a20 27 API calls 16110->16111 16112 131a3d4 16111->16112 16113 1320a20 27 API calls 16112->16113 16114 131a419 16113->16114 16115 1320a20 27 API calls 16114->16115 16116 131a45e 16115->16116 16117 1320a20 27 API calls 16116->16117 16118 131a4a3 16117->16118 16119 1320a20 27 API calls 16118->16119 16120 131a4e8 16119->16120 16121 1320a20 27 API calls 16120->16121 16122 131a52d 16121->16122 16123 1320a20 27 API calls 16122->16123 16124 131a572 16123->16124 16125 1320a20 27 API calls 16124->16125 16126 131a5b7 16125->16126 16127 1320a20 27 API calls 16126->16127 16128 131a5fc 16127->16128 16129 1320a20 27 API calls 16128->16129 16130 131a641 16129->16130 16131 1320a20 27 API calls 16130->16131 16132 131a686 16131->16132 16133 1320a20 27 API calls 16132->16133 16134 131a6cb 16133->16134 16135 1320a20 27 API calls 16134->16135 16136 131a710 16135->16136 16137 1320a20 27 API calls 16136->16137 16138 131a755 16137->16138 16139 1320a20 27 API calls 16138->16139 16140 131a78e 16139->16140 16141 1320a20 27 API calls 16140->16141 16142 131a7c1 16141->16142 16143 1320a20 27 API calls 16142->16143 16144 131a7f4 16143->16144 16145 1320a20 27 API calls 16144->16145 16146 131a827 16145->16146 16147 1320a20 27 API calls 16146->16147 16148 131a85a 16147->16148 16149 131cc60 27 API calls 16148->16149 16150 131a889 16149->16150 16157 13d7b10 16150->16157 16152 131a8c6 16153 15cc44d 28 API calls 16152->16153 16154 131a8fe 16153->16154 16155 15cc1c3 mtx_do_lock 5 API calls 16154->16155 16156 131a916 16155->16156 16158 13d7b58 16157->16158 16159 13d7b84 16157->16159 16158->16159 16160 131dfc0 27 API calls 16158->16160 16163 1384730 16159->16163 16160->16158 16164 138474e 16163->16164 16165 138473f 16163->16165 16164->16152 16165->16164 16167 1341700 16165->16167 16168 1341738 16167->16168 16170 1341742 16167->16170 16169 131ccd0 25 API calls 16168->16169 16169->16170 16171 134176f 16170->16171 16172 131ccd0 25 API calls 16170->16172 16171->16165 16172->16171 16209 131c960 16210 15e211a ___std_exception_copy 26 API calls 16209->16210 16211 131c9a2 16210->16211 16244 1314660 16245 143fcf0 138 API calls 16244->16245 16246 1314694 16245->16246 16247 15cc44d 28 API calls 16246->16247 16248 131469e 16247->16248 16274 13156e0 16275 143fcf0 138 API calls 16274->16275 16276 131572c 16275->16276 16277 15cc44d 28 API calls 16276->16277 16278 1315736 16277->16278 16279 15cc1c3 mtx_do_lock 5 API calls 16278->16279 16280 1315743 16279->16280 14356 1333860 14357 133387b 14356->14357 14358 1333869 14356->14358 14361 1333890 14358->14361 14360 133386e 14376 131fdc0 14361->14376 14364 13338c4 14364->14360 14369 13338ae 14369->14360 14371 13338b7 14371->14364 14404 131fdb0 14371->14404 14373 13338c0 14373->14364 14410 131fba0 RegOpenKeyExW 14373->14410 14377 131fdf5 14376->14377 14378 131fef2 14376->14378 14413 1320b10 14377->14413 14425 15cc1c3 14378->14425 14381 131fe26 RegOpenKeyExW 14383 131fe53 14381->14383 14384 131fecc 14381->14384 14382 131ff29 14382->14364 14391 131fca0 RegOpenKeyExW 14382->14391 14383->14384 14432 131e110 14383->14432 14384->14378 14440 131ccd0 14384->14440 14388 131feb7 RegCloseKey 14436 131e620 14388->14436 14389 131fea5 14389->14388 14392 131fcf8 14391->14392 14393 131fcda RegQueryValueExW 14391->14393 14392->14364 14394 131f8e0 RegOpenKeyExW 14392->14394 14393->14392 14395 131f938 14394->14395 14396 131f91a RegQueryValueExW 14394->14396 14395->14369 14397 131f9c0 14395->14397 14396->14395 14398 131f9c9 14397->14398 14399 131f9ff 14397->14399 14611 131fa10 RegOpenKeyExW 14398->14611 14399->14371 14402 131f9de 14402->14371 14403 131fa10 8 API calls 14403->14402 14633 131f8d0 14404->14633 14407 131fdbd 14407->14373 14409 131f8c7 14409->14373 14411 131fbda RegQueryValueExW 14410->14411 14412 131fbf8 14410->14412 14411->14412 14412->14360 14415 1320b23 14413->14415 14416 1320b57 14413->14416 14414 1320c0a 14462 131ceb0 14414->14462 14415->14381 14416->14414 14418 1320b9e 14416->14418 14445 131cc60 14418->14445 14421 1320bf2 14421->14381 14422 1320ba6 _Yarn 14422->14421 14423 131ccd0 25 API calls 14422->14423 14424 1320bdf 14423->14424 14424->14381 14426 15cc1cc 14425->14426 14427 15cc1ce IsProcessorFeaturePresent 14425->14427 14426->14382 14429 15ccd80 14427->14429 14605 15ccd44 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14429->14605 14431 15cce63 14431->14382 14433 131e132 14432->14433 14433->14433 14434 1320b10 27 API calls 14433->14434 14435 131e14a RegQueryValueExW 14434->14435 14435->14388 14435->14389 14437 131e62b 14436->14437 14438 131e63a 14436->14438 14439 131ccd0 25 API calls 14437->14439 14438->14384 14439->14438 14441 131ccfd 14440->14441 14443 131cd10 std::ios_base::_Ios_base_dtor 14440->14443 14441->14443 14606 15e625d 14441->14606 14443->14378 14446 131cc76 14445->14446 14447 131cc6d 14445->14447 14448 131cc83 14446->14448 14466 15e6465 14446->14466 14449 131cca1 14447->14449 14450 131ceb0 Concurrency::cancel_current_task 14447->14450 14448->14422 14473 1492ee5 14449->14473 14477 15e219c 14450->14477 14455 131ccb0 14455->14422 14456 131ccbb 14480 15e61e9 14456->14480 14457 131cecc 14459 15e626c 14488 15e627a IsProcessorFeaturePresent 14459->14488 14461 15e6279 14463 131cebe Concurrency::cancel_current_task 14462->14463 14464 15e219c std::_Xinvalid_argument RaiseException 14463->14464 14465 131cecc 14464->14465 14471 16012fa _strftime 14466->14471 14467 1601338 14495 15ec55c 14467->14495 14469 1601323 RtlAllocateHeap 14470 1601336 14469->14470 14469->14471 14470->14446 14471->14467 14471->14469 14492 1609879 14471->14492 14475 1492eec 14473->14475 14474 15e6465 _Yarn 15 API calls 14474->14475 14475->14474 14476 131cca7 14475->14476 14476->14455 14476->14456 14478 15e21e6 RaiseException 14477->14478 14479 15e21b6 14477->14479 14478->14457 14479->14478 14481 16011f0 __dosmaperr 14 API calls 14480->14481 14482 15e61f4 14481->14482 14483 15e627a __Getctype 11 API calls 14482->14483 14486 15e6202 14482->14486 14484 15e624c 14483->14484 14485 15e61e9 __cftoe 25 API calls 14484->14485 14487 15e6259 14485->14487 14486->14459 14487->14459 14489 15e6286 14488->14489 14599 15e60a1 14489->14599 14498 16098a6 14492->14498 14509 16011f0 GetLastError 14495->14509 14497 15ec561 14497->14470 14499 16098b2 std::locale::_Setgloballocale 14498->14499 14504 1600271 EnterCriticalSection 14499->14504 14501 16098bd 14505 16098f9 14501->14505 14504->14501 14508 16002c1 LeaveCriticalSection 14505->14508 14507 1609884 14507->14471 14508->14507 14510 160120d 14509->14510 14511 1601207 14509->14511 14515 1601213 SetLastError 14510->14515 14537 1601e6d 14510->14537 14532 1601e2e 14511->14532 14515->14497 14519 1601243 14522 1601e6d __dosmaperr 6 API calls 14519->14522 14520 160125a 14521 1601e6d __dosmaperr 6 API calls 14520->14521 14523 1601266 14521->14523 14529 1601251 14522->14529 14524 160126a 14523->14524 14525 160127b 14523->14525 14527 1601e6d __dosmaperr 6 API calls 14524->14527 14555 1600ec5 14525->14555 14527->14529 14549 16015d5 14529->14549 14531 16015d5 _free 12 API calls 14531->14515 14560 1601bdd 14532->14560 14534 1601e4a 14535 1601e53 14534->14535 14536 1601e65 TlsGetValue 14534->14536 14535->14510 14538 1601bdd std::_Locinfo::_Locinfo_dtor 5 API calls 14537->14538 14539 1601e89 14538->14539 14540 1601ea7 TlsSetValue 14539->14540 14541 160122b 14539->14541 14541->14515 14542 16018d5 14541->14542 14543 16018e2 _strftime 14542->14543 14544 1601922 14543->14544 14545 160190d RtlAllocateHeap 14543->14545 14548 1609879 _strftime 2 API calls 14543->14548 14546 15ec55c __dosmaperr 13 API calls 14544->14546 14545->14543 14547 160123b 14545->14547 14546->14547 14547->14519 14547->14520 14548->14543 14550 16015e0 HeapFree 14549->14550 14551 1601609 __dosmaperr 14549->14551 14550->14551 14552 16015f5 14550->14552 14551->14515 14553 15ec55c __dosmaperr 12 API calls 14552->14553 14554 16015fb GetLastError 14553->14554 14554->14551 14573 1600d59 14555->14573 14561 1601c0b 14560->14561 14565 1601c07 std::_Locinfo::_Locinfo_dtor 14560->14565 14561->14565 14566 1601b16 14561->14566 14564 1601c25 GetProcAddress 14564->14565 14565->14534 14571 1601b27 std::_Locinfo::_Locinfo_dtor 14566->14571 14567 1601bd2 14567->14564 14567->14565 14568 1601b45 LoadLibraryExW 14569 1601b60 GetLastError 14568->14569 14568->14571 14569->14571 14570 1601bbb FreeLibrary 14570->14571 14571->14567 14571->14568 14571->14570 14572 1601b93 LoadLibraryExW 14571->14572 14572->14571 14574 1600d65 std::locale::_Setgloballocale 14573->14574 14587 1600271 EnterCriticalSection 14574->14587 14576 1600d6f 14588 1600d9f 14576->14588 14579 1600e6b 14580 1600e77 std::locale::_Setgloballocale 14579->14580 14591 1600271 EnterCriticalSection 14580->14591 14582 1600e81 14592 160104e 14582->14592 14584 1600e99 14596 1600eb9 14584->14596 14587->14576 14589 16002c1 std::_Lockit::~_Lockit LeaveCriticalSection 14588->14589 14590 1600d8d 14589->14590 14590->14579 14591->14582 14593 160105d __Getctype 14592->14593 14594 1601084 __Getctype 14592->14594 14593->14594 14595 160a9dd __Getctype 14 API calls 14593->14595 14594->14584 14595->14594 14597 16002c1 std::_Lockit::~_Lockit LeaveCriticalSection 14596->14597 14598 1600ea7 14597->14598 14598->14531 14600 15e60bd __cftof std::locale::_Setgloballocale 14599->14600 14601 15e60e9 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14600->14601 14602 15e61ba std::locale::_Setgloballocale 14601->14602 14603 15cc1c3 mtx_do_lock 5 API calls 14602->14603 14604 15e61d8 GetCurrentProcess TerminateProcess 14603->14604 14604->14461 14605->14431 14607 15e61e9 __cftoe 25 API calls 14606->14607 14608 15e626c 14607->14608 14609 15e627a __Getctype 11 API calls 14608->14609 14610 15e6279 14609->14610 14612 131fa62 RegQueryValueExW 14611->14612 14613 131fab6 14611->14613 14615 131faad RegCloseKey 14612->14615 14617 131fa82 std::_Locinfo::_Locinfo_dtor 14612->14617 14614 15cc1c3 mtx_do_lock 5 API calls 14613->14614 14616 131f9d0 14614->14616 14615->14613 14616->14402 14616->14403 14617->14615 14618 1321c00 RegOpenKeyExW 14619 1321c65 RegQueryValueExW 14618->14619 14620 1321ccc RegOpenKeyExW 14618->14620 14621 1321cc3 RegCloseKey 14619->14621 14628 1321c83 14619->14628 14622 1321d03 RegQueryValueExW 14620->14622 14623 1321d66 14620->14623 14621->14620 14625 1321d5d RegCloseKey 14622->14625 14631 1321d21 14622->14631 14624 1321d83 14623->14624 14626 1321d70 14623->14626 14627 15cc1c3 mtx_do_lock 5 API calls 14624->14627 14625->14623 14629 15cc1c3 mtx_do_lock 5 API calls 14626->14629 14630 1321d92 14627->14630 14628->14621 14632 1321d7f 14629->14632 14630->14409 14631->14625 14632->14409 14634 1321c00 11 API calls 14633->14634 14635 131f8c0 14634->14635 14635->14407 14635->14618 16382 131c9d0 16383 15e217d ___std_exception_destroy 14 API calls 16382->16383 16384 131ca04 std::ios_base::_Ios_base_dtor 16383->16384 16306 1313550 16307 143fb30 27 API calls 16306->16307 16308 1313589 16307->16308 16309 143fb30 27 API calls 16308->16309 16310 13135a4 16309->16310 16311 143fe90 138 API calls 16310->16311 16312 13135bd 16311->16312 16313 15cc44d 28 API calls 16312->16313 16314 13135e0 16313->16314 16345 1313650 16346 143ff40 27 API calls 16345->16346 16347 131385c 16346->16347 16348 13cc440 27 API calls 16347->16348 16349 1313879 16348->16349 16350 143ff40 27 API calls 16349->16350 16351 1313a91 16350->16351 16352 13cc440 27 API calls 16351->16352 16353 1313aab 16352->16353 16354 143ff40 27 API calls 16353->16354 16355 1313cc3 16354->16355 16356 13cc440 27 API calls 16355->16356 16357 1313cdd 16356->16357 16358 143fc40 138 API calls 16357->16358 16359 1313cf3 16358->16359 16360 1313d29 16359->16360 16361 131ccd0 25 API calls 16359->16361 16362 131ccd0 25 API calls 16360->16362 16363 1313d6a 16360->16363 16361->16360 16362->16363 16364 1313dae 16363->16364 16366 131ccd0 25 API calls 16363->16366 16365 15cc44d 28 API calls 16364->16365 16367 1313dd9 16365->16367 16366->16364 16368 15cc1c3 mtx_do_lock 5 API calls 16367->16368 16369 1313df1 16368->16369 16512 1312350 16513 15ebec7 26 API calls 16512->16513 16514 131255c 16513->16514 16515 15cc44d 28 API calls 16514->16515 16516 1312647 16515->16516 16390 131ce50 16399 1333860 16390->16399 16392 131ce59 16393 131ce66 16392->16393 16394 131ce5d 16392->16394 16408 1333820 16393->16408 16404 1330ae0 16394->16404 16398 131ce6b 16400 133387b 16399->16400 16401 1333869 16399->16401 16400->16392 16402 1333890 45 API calls 16401->16402 16403 133386e 16402->16403 16403->16392 16405 1330ae9 16404->16405 16406 131ce62 16404->16406 16405->16406 16411 1322760 16405->16411 16409 1333860 45 API calls 16408->16409 16410 1333825 16409->16410 16410->16398 16412 132278c 16411->16412 16415 13227ae 16411->16415 16413 1492ee5 std::_Facet_Register 15 API calls 16412->16413 16414 1322796 16413->16414 16414->16415 16417 1321f40 16414->16417 16415->16406 16466 1323650 16417->16466 16419 1321fff 16472 1323070 16419->16472 16421 1322017 16422 1323070 10 API calls 16421->16422 16423 1322028 16422->16423 16424 1323070 10 API calls 16423->16424 16425 132203a 16424->16425 16426 1323070 10 API calls 16425->16426 16427 132204c 16426->16427 16428 1323070 10 API calls 16427->16428 16429 132205e 16428->16429 16481 1322f90 16429->16481 16431 1322070 16432 1323070 10 API calls 16431->16432 16433 1322082 16432->16433 16488 1323000 16433->16488 16435 1322097 16436 1323000 25 API calls 16435->16436 16437 13220a9 16436->16437 16438 1323000 25 API calls 16437->16438 16439 13220bb 16438->16439 16440 1323070 10 API calls 16439->16440 16441 13220cd 16440->16441 16442 1323070 10 API calls 16441->16442 16443 13220df 16442->16443 16444 1323070 10 API calls 16443->16444 16445 13220f1 16444->16445 16446 1322f90 5 API calls 16445->16446 16447 1322106 16446->16447 16448 1322f90 5 API calls 16447->16448 16449 1322118 16448->16449 16450 1322f90 5 API calls 16449->16450 16451 132212d 16450->16451 16452 1322f90 5 API calls 16451->16452 16453 132213f 16452->16453 16454 131cc60 27 API calls 16453->16454 16455 1322197 16453->16455 16454->16455 16456 131cc60 27 API calls 16455->16456 16457 1322222 16455->16457 16456->16457 16458 131cc60 27 API calls 16457->16458 16460 13222ce 16457->16460 16459 1322324 16458->16459 16459->16460 16461 131ccd0 25 API calls 16459->16461 16462 131cc60 27 API calls 16460->16462 16463 132238f 16460->16463 16461->16460 16462->16463 16464 131cc60 27 API calls 16463->16464 16465 1322436 16463->16465 16464->16465 16465->16415 16467 1323679 _strncat __cftof 16466->16467 16497 13233b0 16467->16497 16470 15cc1c3 mtx_do_lock 5 API calls 16471 132369f 16470->16471 16471->16419 16473 132309f _strncat __cftof 16472->16473 16474 132308d 16472->16474 16477 13233b0 10 API calls 16473->16477 16475 15cc1c3 mtx_do_lock 5 API calls 16474->16475 16476 132309b 16475->16476 16476->16421 16478 13230cc 16477->16478 16479 15cc1c3 mtx_do_lock 5 API calls 16478->16479 16480 13230da 16479->16480 16480->16421 16482 1322fad 16481->16482 16485 1322fbf _strncat __cftof 16481->16485 16483 15cc1c3 mtx_do_lock 5 API calls 16482->16483 16484 1322fbb 16483->16484 16484->16431 16486 15cc1c3 mtx_do_lock 5 API calls 16485->16486 16487 1322ffb 16486->16487 16487->16431 16489 132301d 16488->16489 16492 132302e _strncat __cftof 16488->16492 16490 15cc1c3 mtx_do_lock 5 API calls 16489->16490 16491 132302a 16490->16491 16491->16435 16505 13232e0 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 16492->16505 16495 15cc1c3 mtx_do_lock 5 API calls 16496 132306a 16495->16496 16496->16435 16500 1323210 MultiByteToWideChar MultiByteToWideChar RegOpenKeyExW 16497->16500 16501 1323290 RegQueryValueExW RegCloseKey 16500->16501 16502 13232cf 16500->16502 16501->16502 16503 15cc1c3 mtx_do_lock 5 API calls 16502->16503 16504 13232dc 16503->16504 16504->16470 16506 1323343 16505->16506 16507 1323391 16505->16507 16508 15e6465 _Yarn 15 API calls 16506->16508 16509 15cc1c3 mtx_do_lock 5 API calls 16507->16509 16510 1323357 RegQueryValueExW RegCloseKey 16508->16510 16511 132305c 16509->16511 16510->16507 16511->16495 16522 13c0a50 16523 13c0a59 16522->16523 16524 13c0a8c 16522->16524 16523->16524 16526 13b9d30 16523->16526 16529 15f4bb0 16526->16529 16528 13b9d4c 16528->16524 16530 15f4bbd 16529->16530 16534 1606716 __modf_pentium4 16529->16534 16531 15f4bee 16530->16531 16530->16534 16532 15f4c4b 16531->16532 16538 160160f 16531->16538 16532->16528 16537 160677e __modf_pentium4 16534->16537 16546 15fe034 16534->16546 16537->16528 16539 1601622 DecodePointer 16538->16539 16540 1601632 16538->16540 16539->16540 16541 1601676 16540->16541 16542 1601661 16540->16542 16543 15f4cf0 16540->16543 16541->16543 16544 15ec55c __dosmaperr 14 API calls 16541->16544 16542->16543 16545 15ec55c __dosmaperr 14 API calls 16542->16545 16543->16528 16544->16543 16545->16543 16547 15fe06d __modf_pentium4 16546->16547 16549 15fe094 __modf_pentium4 16547->16549 16557 15fe3ff 16547->16557 16550 15fe0d7 16549->16550 16551 15fe0b2 16549->16551 16569 15fe6f5 16550->16569 16561 15fe724 16551->16561 16554 15fe0d2 __modf_pentium4 16555 15cc1c3 mtx_do_lock 5 API calls 16554->16555 16556 15fe0fb 16555->16556 16556->16537 16558 15fe42a __raise_exc 16557->16558 16559 15fe623 RaiseException 16558->16559 16560 15fe63c 16559->16560 16560->16549 16562 15fe733 16561->16562 16563 15fe7a7 __modf_pentium4 16562->16563 16564 15fe752 __modf_pentium4 16562->16564 16565 15fe6f5 __modf_pentium4 14 API calls 16563->16565 16567 15fe7a0 16564->16567 16568 15fe6f5 __modf_pentium4 14 API calls 16564->16568 16566 15fe7bc 16565->16566 16566->16554 16567->16554 16568->16567 16570 15fe717 16569->16570 16571 15fe702 16569->16571 16573 15ec55c __dosmaperr 14 API calls 16570->16573 16572 15fe71c 16571->16572 16574 15ec55c __dosmaperr 14 API calls 16571->16574 16572->16554 16573->16572 16575 15fe70f 16574->16575 16575->16554 16635 13113c0 16636 1492ee5 std::_Facet_Register 15 API calls 16635->16636 16637 13113fe 16636->16637 16638 1311452 16637->16638 16639 13392f0 27 API calls 16637->16639 16640 15cc44d 28 API calls 16638->16640 16639->16638 16641 13114b3 16640->16641

      Executed Functions

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 159 14715d0-14715da 160 14715ec-14715f3 159->160 161 14715dc-14715e7 OutputDebugStringA 159->161 162 14715f5-14715f7 160->162 163 1471643-1471649 160->163 161->160 164 1471602-1471612 call 14713b0 162->164 165 14715f9 call 1471690 162->165 164->163 170 1471614-147161d GetLastError 164->170 168 14715fe-1471600 165->168 168->164 168->170 171 147161f-1471622 170->171 172 1471639 170->172 171->172 173 1471624-1471627 171->173 172->163 173->172 174 1471629-147162c 173->174 174->172 175 147162e-1471631 174->175 175->172 176 1471633-1471636 175->176
      APIs
      • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,01471539,00000000), ref: 014715E1
      • GetLastError.KERNEL32(00000028,?,01471539,00000000), ref: 01471614
      Strings
      • IsolationAware function called after IsolationAwareCleanup, xrefs: 014715DC
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: DebugErrorLastOutputString
      • String ID: IsolationAware function called after IsolationAwareCleanup
      • API String ID: 4132100945-2690750368
      • Opcode ID: d91ecfc1ce4e922cc18645841c62061e9f592200c57758e399a6b58a91846db1
      • Instruction ID: 85a420ec873fa311a62379f7b7061563e21ce405fef1f9213ab21c9c9ee271a9
      • Opcode Fuzzy Hash: d91ecfc1ce4e922cc18645841c62061e9f592200c57758e399a6b58a91846db1
      • Instruction Fuzzy Hash: 4BF06D301412064BEB345E6DE864AAB3FACAB10B90F1CA41FFA08C5235EB31D0918F91
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 33 1471690-14716d4 34 14718f4 33->34 35 14716da-14716e1 33->35 37 14718f9-1471916 call 15cc1c3 34->37 35->34 36 14716e7-14716ef 35->36 38 14716f1-14716f8 36->38 39 147172a-147174f QueryActCtxW 36->39 41 147170e-147171a GetProcAddress 38->41 42 14716fa-1471707 GetModuleHandleW 38->42 39->37 48 1471755-147175d 39->48 44 147171c-147171e 41->44 42->44 45 1471709 42->45 44->37 47 1471724 44->47 45->41 47->39 49 1471763-1471771 call 1471650 48->49 50 147189f-14718b3 call 14713b0 48->50 49->37 55 1471777-1471791 49->55 50->34 56 14718b5-14718db call 1471470 50->56 55->37 64 1471797-14717b1 GetModuleFileNameW 55->64 60 14718dd-14718e2 LoadLibraryW 56->60 61 14718e8-14718ef call 1471917 56->61 60->61 61->34 64->37 65 14717b7-14717bc 64->65 66 14717be-14717c6 SetLastError 65->66 67 14717cb-1471809 65->67 66->37 68 1471845-1471854 CreateActCtxWWorker 67->68 69 147180b-1471812 67->69 75 1471856-147185f 68->75 70 1471814-1471821 GetModuleHandleW 69->70 71 1471828-1471834 GetProcAddress 69->71 73 1471836-1471838 70->73 74 1471823 70->74 71->73 76 147183f 73->76 77 147183a-147183d 73->77 74->71 78 1471895 75->78 79 1471861-147186c GetLastError 75->79 76->68 77->75 78->50 80 147186e-1471873 79->80 81 147188d-147188f 79->81 80->81 82 1471875-147187a 80->82 81->78 82->81 83 147187c-1471881 82->83 83->81 84 1471883-1471886 83->84 84->81 85 1471888-147188b 84->85 85->37 85->81
      APIs
      • GetModuleHandleW.KERNEL32(Kernel32.dll,7DFC34E3,01489FF0,00000028,01489FEF), ref: 014716FF
      • GetProcAddress.KERNEL32(73B60000,QueryActCtxW), ref: 01471714
      • QueryActCtxW.KERNEL32 ref: 0147174B
      • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 014717A9
      • SetLastError.KERNEL32(0000006F), ref: 014717C0
      • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 01471819
      • GetProcAddress.KERNEL32(73B60000,CreateActCtxW), ref: 0147182E
      • CreateActCtxWWorker.KERNEL32 ref: 01471854
      • GetLastError.KERNEL32 ref: 01471861
      • LoadLibraryW.KERNELBASE(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 014718E2
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Module$AddressErrorHandleLastProc$CreateFileLibraryLoadNameQueryWorker
      • String ID: $@$Comctl32.dll$CreateActCtxW$GetModuleHandleExW$Kernel32.dll$QueryActCtxW
      • API String ID: 722819805-1516674335
      • Opcode ID: 7fbacdfa734aad5a19ae985d3725d11c5eaee33a70f76bae797b80307ce23945
      • Instruction ID: 964e735fdeabf7282d6bac87c8ee9d277c7a5dd6d89b266909a0f93bfc6918bc
      • Opcode Fuzzy Hash: 7fbacdfa734aad5a19ae985d3725d11c5eaee33a70f76bae797b80307ce23945
      • Instruction Fuzzy Hash: 7A51A771E413199BEB309F699C58BDA7BB8FB04F50F11429BE905E72A0DB749940CF50
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 86 1321c00-1321c63 RegOpenKeyExW 87 1321c65-1321c81 RegQueryValueExW 86->87 88 1321ccc-1321d01 RegOpenKeyExW 86->88 89 1321cc3-1321cc6 RegCloseKey 87->89 90 1321c83-1321c8b 87->90 91 1321d03-1321d1f RegQueryValueExW 88->91 92 1321d66-1321d6a 88->92 89->88 93 1321c90-1321c94 90->93 96 1321d21-1321d29 91->96 97 1321d5d-1321d60 RegCloseKey 91->97 94 1321d83-1321d95 call 15cc1c3 92->94 95 1321d6c-1321d6e 92->95 98 1321cb0-1321cb2 93->98 99 1321c96-1321c98 93->99 95->94 100 1321d70-1321d82 call 15cc1c3 95->100 102 1321d30-1321d34 96->102 97->92 105 1321cb5-1321cc0 98->105 103 1321c9a-1321ca0 99->103 104 1321cac-1321cae 99->104 108 1321d50-1321d52 102->108 109 1321d36-1321d38 102->109 103->98 111 1321ca2-1321caa 103->111 104->105 105->89 110 1321d55-1321d5a 108->110 113 1321d3a-1321d40 109->113 114 1321d4c-1321d4e 109->114 110->97 111->93 111->104 113->108 115 1321d42-1321d4a 113->115 114->110 115->102 115->114
      APIs
      • RegOpenKeyExW.KERNELBASE(80000002,Software\Adobe\Licensing\UserSpecificLicensing,00000000,?,?,?,?,00000000), ref: 01321C56
      • RegQueryValueExW.ADVAPI32(00000000,Enabled,00000000,00000000,?,0000000A,?,?,00000000), ref: 01321C79
      • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 01321CC6
      • RegOpenKeyExW.KERNELBASE(80000002,Software\Adobe\Identity\UserSpecificIdentity,00000000,?,?,?,?,00000000), ref: 01321CF9
      • RegQueryValueExW.ADVAPI32(00000000,Enabled,00000000,00000000,?,0000000A,?,?,00000000), ref: 01321D17
      • RegCloseKey.ADVAPI32(00000000,?,?,00000000), ref: 01321D60
      Strings
      • Enabled, xrefs: 01321D0F
      • Software\Adobe\Licensing\UserSpecificLicensing, xrefs: 01321C38
      • Software\Adobe\Identity\UserSpecificIdentity, xrefs: 01321CDA
      • Enabled, xrefs: 01321C71
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseOpenQueryValue
      • String ID: Enabled$Enabled$Software\Adobe\Identity\UserSpecificIdentity$Software\Adobe\Licensing\UserSpecificLicensing
      • API String ID: 3677997916-2449448046
      • Opcode ID: e1d26dffe2db7d664aee11af61e001d8068b6eaa72a0a7eb734e8c1b834abc9d
      • Instruction ID: 6506906ad9951f26f8f741340fadfce0088d2d65b894df997619c9c641fffbd4
      • Opcode Fuzzy Hash: e1d26dffe2db7d664aee11af61e001d8068b6eaa72a0a7eb734e8c1b834abc9d
      • Instruction Fuzzy Hash: 04413631E00228AADF11AFA4DD95BFEBBF9EF46318F580099E845B7151E3629908C760
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 116 131fdc0-131fdef 117 131fdf5-131fe51 call 1320b10 RegOpenKeyExW 116->117 118 131ff09-131ff2c call 15cc1c3 116->118 123 131fe53-131fe56 117->123 124 131fecc-131fee0 117->124 123->124 125 131fe58-131fea3 call 131e110 RegQueryValueExW 123->125 126 131fee2-131fef2 call 131ccd0 124->126 127 131fef5-131ff05 124->127 132 131fea5-131fea9 125->132 133 131feb7-131fec7 RegCloseKey call 131e620 125->133 126->127 127->118 132->133 134 131feab-131feb1 132->134 133->124 134->133
      APIs
      • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,?,SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\,0000002A,7DFC34E3), ref: 0131FE49
      • RegQueryValueExW.ADVAPI32(?,?,00000000,?), ref: 0131FE9B
      • RegCloseKey.ADVAPI32(?), ref: 0131FEBA
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\, xrefs: 0131FE0A
      • bIsSingleClientApp, xrefs: 0131FE58
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseOpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\$bIsSingleClientApp
      • API String ID: 3677997916-1952853169
      • Opcode ID: d23d6735590a20832196a84d2ae4ac286fd1e12b6735ef8d2dbcc9465e0a1db6
      • Instruction ID: f63d342d8e78b4b244504a69a95b12028a30cb59f63fbe9d107137587504d66e
      • Opcode Fuzzy Hash: d23d6735590a20832196a84d2ae4ac286fd1e12b6735ef8d2dbcc9465e0a1db6
      • Instruction Fuzzy Hash: 64414770D10249DEEF14DFA4CC59BEEBBB8FF04718F545129E401B6284E7B46A48CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 136 131fa10-131fa60 RegOpenKeyExW 137 131fa62-131fa80 RegQueryValueExW 136->137 138 131fab6-131fac6 call 15cc1c3 136->138 140 131fa82-131fa86 137->140 141 131faad-131fab0 RegCloseKey 137->141 140->141 142 131fa88-131fa8b 140->142 141->138 142->141 144 131fa8d-131faaa call 15e6470 142->144 144->141
      APIs
      • RegOpenKeyExW.KERNELBASE(80000002,Software\Adobe\Licensing\FeatureRestrictedLicensing,00000000,?,?,00000000), ref: 0131FA58
      • RegQueryValueExW.ADVAPI32(00000000,Enabled,00000000,00000000,?,00000014), ref: 0131FA78
      • RegCloseKey.ADVAPI32(00000000), ref: 0131FAB0
      Strings
      • Software\Adobe\Licensing\FeatureRestrictedLicensing, xrefs: 0131FA4E
      • Enabled, xrefs: 0131FA70
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseOpenQueryValue
      • String ID: Enabled$Software\Adobe\Licensing\FeatureRestrictedLicensing
      • API String ID: 3677997916-351268846
      • Opcode ID: b3019c5b8738101b62e6913341763e4de870fa32eb1c6c0bff4d38e931cb605e
      • Instruction ID: 427aaef3617e9b5ac7de4027e9b102504e58b48a77056fc27c5037cfe4f6f88d
      • Opcode Fuzzy Hash: b3019c5b8738101b62e6913341763e4de870fa32eb1c6c0bff4d38e931cb605e
      • Instruction Fuzzy Hash: EF1182B1A00209AFEF14DFA1DC55BEEB7FCEB08704F00016AE941E6140E6799908CF64
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 147 131fba0-131fbd8 RegOpenKeyExW 148 131fbda-131fbf6 RegQueryValueExW 147->148 149 131fc0c-131fc12 147->149 148->149 150 131fbf8-131fc0b 148->150
      APIs
      • RegOpenKeyExW.KERNELBASE(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00000001,?,00000000), ref: 0131FBD0
      • RegQueryValueExW.ADVAPI32(00000000,bIsNGLLicensing,00000000,00000000,00000000,00000004), ref: 0131FBEE
      Strings
      • bIsNGLLicensing, xrefs: 0131FBE6
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131FBB6
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: OpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement$bIsNGLLicensing
      • API String ID: 4153817207-1028593876
      • Opcode ID: 126b4a076cda85e8799dbbdbf7d9b1c751e73a7fe905815e117abb254815dbc8
      • Instruction ID: 27e7ae6e35c5ac586492c00d368b1deb0b4ae723bcdbe7c3c6d7d857a9d57fca
      • Opcode Fuzzy Hash: 126b4a076cda85e8799dbbdbf7d9b1c751e73a7fe905815e117abb254815dbc8
      • Instruction Fuzzy Hash: 77F06271A80208BBEF10CE95DC56BEEB7FCEB00719F10419AED05E2180E6B25A589A94
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 151 131f8e0-131f918 RegOpenKeyExW 152 131f943-131f949 151->152 153 131f91a-131f936 RegQueryValueExW 151->153 153->152 154 131f938-131f942 153->154
      APIs
      • RegOpenKeyExW.KERNELBASE(80000002,Software\Adobe\Adobe Acrobat\DC\Activation,00000000,00000001,?,00000000), ref: 0131F910
      • RegQueryValueExW.ADVAPI32(00000000,IsAMTEnforced,00000000,00000000,00000003,00000004), ref: 0131F92E
      Strings
      • Software\Adobe\Adobe Acrobat\DC\Activation, xrefs: 0131F8F6
      • IsAMTEnforced, xrefs: 0131F926
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: OpenQueryValue
      • String ID: IsAMTEnforced$Software\Adobe\Adobe Acrobat\DC\Activation
      • API String ID: 4153817207-1397981253
      • Opcode ID: 2e3a16fc7e33cef60cf45354658f178aa5699f99479b12f5892b7aac3ce0f171
      • Instruction ID: e2314337cca64c3aa8f9a5375c182268022c9048197ac7274517261f0bfb6fcf
      • Opcode Fuzzy Hash: 2e3a16fc7e33cef60cf45354658f178aa5699f99479b12f5892b7aac3ce0f171
      • Instruction Fuzzy Hash: 1EF03071A8520CBBEB20DEA5DC56FDDB7BCEB00718F2041A6E904A2180E7B16758DA54
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 155 131fca0-131fcd8 RegOpenKeyExW 156 131fd03-131fd09 155->156 157 131fcda-131fcf6 RegQueryValueExW 155->157 157->156 158 131fcf8-131fd02 157->158
      APIs
      • RegOpenKeyExW.KERNELBASE(80000002,Software\Adobe\Adobe Acrobat\DC\Activation,00000000,00000001,?,00000000), ref: 0131FCD0
      • RegQueryValueExW.ADVAPI32(00000000,IsNGLEnforced,00000000,00000000,00000003,00000004), ref: 0131FCEE
      Strings
      • Software\Adobe\Adobe Acrobat\DC\Activation, xrefs: 0131FCB6
      • IsNGLEnforced, xrefs: 0131FCE6
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: OpenQueryValue
      • String ID: IsNGLEnforced$Software\Adobe\Adobe Acrobat\DC\Activation
      • API String ID: 4153817207-896486528
      • Opcode ID: 8066c21d6bbdea55b3fb3ed617592d9472f602c807198765d319d699b1081fe4
      • Instruction ID: c1f0ec464a0ea9e764ba5fae5b31bdf20766d12d302ebb72ad0a7f1e54b58f7e
      • Opcode Fuzzy Hash: 8066c21d6bbdea55b3fb3ed617592d9472f602c807198765d319d699b1081fe4
      • Instruction Fuzzy Hash: E4F03671A41208FBEB20DE91DC56FDE77BCE700718F104196E905A2185E7B15658DB94
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      APIs
      • GetLastError.KERNEL32(017BD120,0000000C), ref: 015EC1F3
      • ExitThread.KERNEL32 ref: 015EC1FA
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorExitLastThread
      • String ID:
      • API String ID: 1611280651-0
      • Opcode ID: e0e4b285b2c105efc095349f4488c3a59276184b0607498b70db035e2483ef56
      • Instruction ID: 327b575a53d10d70c1e8aacbb060431198680ba8526ebd2fc6dc55c24d1568d9
      • Opcode Fuzzy Hash: e0e4b285b2c105efc095349f4488c3a59276184b0607498b70db035e2483ef56
      • Instruction Fuzzy Hash: 76F0DCB0A00206AFDB1AEFF0D819B2E7BA5FF44611F10409DE1029B2A0DB3098008B90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 196 13cc440-13cc48b 197 13cc48d-13cc49a 196->197 198 13cc4d9-13cc4ec 196->198 199 13cc49c-13cc4a0 call 131cc60 197->199 200 13cc4ef-13cc505 call 131ceb0 197->200 203 13cc4a5-13cc4d2 call 133b990 199->203 206 13cc507-13cc50f call 131ccd0 200->206 207 13cc512 200->207 203->198 206->207
      APIs
      • Concurrency::cancel_current_task.LIBCPMT ref: 013CC4EF
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_task
      • String ID:
      • API String ID: 118556049-0
      • Opcode ID: 28dbfe6269e1cb55c88011b0a601e92cee6aec6ae85dea9b24ee73fc422215fa
      • Instruction ID: 509832c8bdb079691904792b2e1f5315ecfb201aa10559960637eb5844cceac6
      • Opcode Fuzzy Hash: 28dbfe6269e1cb55c88011b0a601e92cee6aec6ae85dea9b24ee73fc422215fa
      • Instruction Fuzzy Hash: 2A21A2B1900216AFDB10DF6DCD44B5AFBF8FB15724F14862AE928E7780E775A910CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 211 14714e0-1471525 212 1471527-147152e 211->212 213 1471551-1471585 LoadLibraryW call 147158b 211->213 212->213 214 1471530-1471534 call 14715d0 212->214 218 1471539-147153b 214->218 218->213 219 147153d-147154e 218->219
      APIs
      • LoadLibraryW.KERNEL32(?), ref: 0147155B
        • Part of subcall function 014715D0: OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,01471539,00000000), ref: 014715E1
        • Part of subcall function 014715D0: GetLastError.KERNEL32(00000028,?,01471539,00000000), ref: 01471614
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: DebugErrorLastLibraryLoadOutputString
      • String ID:
      • API String ID: 3685684345-0
      • Opcode ID: 9aa19e7811aed9f646dd021d20c338f726b69688607c9b266e3cfd51ee116e99
      • Instruction ID: 9ae5a5988ed448f156e69cb9a39b9fc043c9d6614a83c86f31688c83b3404f94
      • Opcode Fuzzy Hash: 9aa19e7811aed9f646dd021d20c338f726b69688607c9b266e3cfd51ee116e99
      • Instruction Fuzzy Hash: E21182B2944259DFDB24DF99D944BAEBBB8F744B20F00462FE812E3390D7355404CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 220 16018d5-16018e0 221 16018e2-16018ec 220->221 222 16018ee-16018f4 220->222 221->222 223 1601922-160192d call 15ec55c 221->223 224 16018f6-16018f7 222->224 225 160190d-160191e RtlAllocateHeap 222->225 231 160192f-1601931 223->231 224->225 227 1601920 225->227 228 16018f9-1601900 call 1600194 225->228 227->231 228->223 233 1601902-160190b call 1609879 228->233 233->223 233->225
      APIs
      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0160123B,00000001,00000364,00000006,000000FF,?,?,015EC561,016015FB,?,?,015FDDD3), ref: 01601916
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 71e20cc9bf5487540dfd2ddeb84ca1ce17c8a97a49b971e9b379d9f851b2e514
      • Instruction ID: 2a8860e5f99fb6b0f7f255ae0da24e34dd3b72bfe6322a10f346910bb0e9b374
      • Opcode Fuzzy Hash: 71e20cc9bf5487540dfd2ddeb84ca1ce17c8a97a49b971e9b379d9f851b2e514
      • Instruction Fuzzy Hash: 76F082316012296BEB2F5BAA9C04B5B7B9DEF87770B058125F919EA2D4DB30DD0186E0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule

      Control-flow Graph

      • Executed
      • Not Executed
      control_flow_graph 236 16012fa-1601306 237 1601338-1601343 call 15ec55c 236->237 238 1601308-160130a 236->238 245 1601345-1601347 237->245 240 1601323-1601334 RtlAllocateHeap 238->240 241 160130c-160130d 238->241 242 1601336 240->242 243 160130f-1601316 call 1600194 240->243 241->240 242->245 243->237 248 1601318-1601321 call 1609879 243->248 248->237 248->240
      APIs
      • RtlAllocateHeap.NTDLL(00000000,?,?,?,01492F10,?,?,?,?,01311010,000000E0), ref: 0160132C
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AllocateHeap
      • String ID:
      • API String ID: 1279760036-0
      • Opcode ID: 056f51cc24420b37d1c68e6006ff68fce131074eebf52c14d9557703d87d6298
      • Instruction ID: f22ed8f9f6748b122558e2c2576199d7b2c8f95f01f526ff987c914c55d4ee93
      • Opcode Fuzzy Hash: 056f51cc24420b37d1c68e6006ff68fce131074eebf52c14d9557703d87d6298
      • Instruction Fuzzy Hash: E6E0E5315012229BE73F26699C00B5B3B49AF533A1F010164FD4596AC0CF20D80242E9
      Uniqueness

      Uniqueness Score: -1.00%

      Non-executed Functions

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      • GetACP.KERNEL32(?,?,?,?,?,?,015FF204,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0160B4C0
      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,015FF204,?,?,?,00000055,?,-00000050,?,?), ref: 0160B4EB
      • _wcschr.LIBVCRUNTIME ref: 0160B57F
      • _wcschr.LIBVCRUNTIME ref: 0160B58D
      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0160B654
      Strings
      • A62254DC881E46726AB08085A283BCD9550B21044DE806945F482E8690DE3E132DF33ECEC9DDB8AC5F4511EE2F0C3982242152209F6B8BFEF14B7122594369AD, xrefs: 0160B4C9
      • utf8, xrefs: 0160B5BD
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
      • String ID: A62254DC881E46726AB08085A283BCD9550B21044DE806945F482E8690DE3E132DF33ECEC9DDB8AC5F4511EE2F0C3982242152209F6B8BFEF14B7122594369AD$utf8
      • API String ID: 4147378913-2384799892
      • Opcode ID: cc74fddec7a4d79b01cc3b8dee7fdd4d5e92648ff1dee9c5ac7b665128cbfbc3
      • Instruction ID: 48f9ea292d2da3f829592b3f30ed632e11d6bc893b82f753d68b6b4e80c7b489
      • Opcode Fuzzy Hash: cc74fddec7a4d79b01cc3b8dee7fdd4d5e92648ff1dee9c5ac7b665128cbfbc3
      • Instruction Fuzzy Hash: B0710775600202AAE72FAF38CC45BBB77A9EF54750F11846DEA05DB2C0FB71E5408764
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: __floor_pentium4
      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
      • API String ID: 4168288129-2761157908
      • Opcode ID: c8d80ab4d5859462b932151ad63c43f0be361d97f1e25a8da2fb659edbcd0559
      • Instruction ID: 10196634c75e35fb5430652889b729a25081ee3bd275057689f27e0555a0c06a
      • Opcode Fuzzy Hash: c8d80ab4d5859462b932151ad63c43f0be361d97f1e25a8da2fb659edbcd0559
      • Instruction Fuzzy Hash: D7C25171E046298FDB2ACE28DD407EAB7B5FB48315F1445EAD90DE7280E775AE818F40
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetLocaleInfoW.KERNEL32(00000000,2000000B,0160BEC4,00000002,00000000,?,?,?,0160BEC4,?,00000000), ref: 0160BC3F
      • GetLocaleInfoW.KERNEL32(00000000,20001004,0160BEC4,00000002,00000000,?,?,?,0160BEC4,?,00000000), ref: 0160BC68
      • GetACP.KERNEL32(?,?,0160BEC4,?,00000000), ref: 0160BC7D
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID: ACP$OCP
      • API String ID: 2299586839-711371036
      • Opcode ID: d02aa7043e7cd52ccc9abfdc96974a2dd76ab83d93e59a857ceb96ee22d32726
      • Instruction ID: 3054c20a719844be8e361f683d9314369ad9b24eb1ea42e34cb30a45a44754bc
      • Opcode Fuzzy Hash: d02aa7043e7cd52ccc9abfdc96974a2dd76ab83d93e59a857ceb96ee22d32726
      • Instruction Fuzzy Hash: D321B62A604501ABEB3F8F18DD01B97B7A6EB80E54B46C464F90AD7395EF72DD41C350
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
        • Part of subcall function 01601099: _free.LIBCMT ref: 016010FB
        • Part of subcall function 01601099: _free.LIBCMT ref: 01601131
      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0160BE87
      • IsValidCodePage.KERNEL32(00000000), ref: 0160BED0
      • IsValidLocale.KERNEL32(?,00000001), ref: 0160BEDF
      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0160BF27
      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0160BF46
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
      • String ID:
      • API String ID: 949163717-0
      • Opcode ID: b2db33206c71b5166aee0ad55972b691ee17bf0bad22f2e231eaa2216867ef7d
      • Instruction ID: d134d840f195a3ade21d4224f3382161fd333f6a066582d2e24cbc062cdd243b
      • Opcode Fuzzy Hash: b2db33206c71b5166aee0ad55972b691ee17bf0bad22f2e231eaa2216867ef7d
      • Instruction Fuzzy Hash: BF51A175A00206AFEB2ADFA9DC50ABB77B9FF54740F188429E701E72D0E7709904CB61
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 013205D0: std::_Xinvalid_argument.LIBCPMT ref: 01320465
        • Part of subcall function 013205D0: std::_Xinvalid_argument.LIBCPMT ref: 01320475
      • Concurrency::cancel_current_task.LIBCPMT ref: 013208A4
      • Concurrency::cancel_current_task.LIBCPMT ref: 01320A13
      Strings
      • string too long, xrefs: 01320460
      • vector too long, xrefs: 01320470
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_
      • String ID: string too long$vector too long
      • API String ID: 3646673767-1617939282
      • Opcode ID: 3580f867d9cdd662aac58ea07f629bd2b92c3014ceed8d86c129d904e134ce74
      • Instruction ID: dfe795d8135f73ccbab0c8699d6d8b68688501a9e4f31c9b628784ae0a71b77a
      • Opcode Fuzzy Hash: 3580f867d9cdd662aac58ea07f629bd2b92c3014ceed8d86c129d904e134ce74
      • Instruction Fuzzy Hash: D6D1B771E00119ABCB18DFACD8808AEBBF9FF99314B14426AE915D7350D7319A14CBD0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,01765598), ref: 0160616C
      • _free.LIBCMT ref: 0160615A
        • Part of subcall function 016015D5: HeapFree.KERNEL32(00000000,00000000,?,015FDDD3), ref: 016015EB
        • Part of subcall function 016015D5: GetLastError.KERNEL32(?,?,015FDDD3), ref: 016015FD
      • _free.LIBCMT ref: 01606326
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$ErrorFreeHeapInformationLastTimeZone
      • String ID:
      • API String ID: 2155170405-0
      • Opcode ID: e64738ef4612cbd14cbb11ff525f6e0e262277a5aa734d8dad24098f837a4974
      • Instruction ID: 1c1824d17540089f0c5dde61f65b49601eb7439372c10b5301c371cfffbe3085
      • Opcode Fuzzy Hash: e64738ef4612cbd14cbb11ff525f6e0e262277a5aa734d8dad24098f837a4974
      • Instruction Fuzzy Hash: C8510771D0021AABDB2AEF69DC809AB7BBDAF44320B10816DE511972C1E7309E518B94
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 015E6199
      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 015E61A3
      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 015E61B0
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ExceptionFilterUnhandled$DebuggerPresent
      • String ID:
      • API String ID: 3906539128-0
      • Opcode ID: 2ca5299f108c93687aca21f11cf93fdd2c6b840f6aadcce02383e413b90dcaa1
      • Instruction ID: cd2e24afec4d9df151cfc394bc3cc6ff067a5b5e0ffe70f5ad70b59da31b84a1
      • Opcode Fuzzy Hash: 2ca5299f108c93687aca21f11cf93fdd2c6b840f6aadcce02383e413b90dcaa1
      • Instruction Fuzzy Hash: A731D375D012299BCB25DF68DD88B8DBBF8BF58350F5041EAE41CAA250E7709F858F44
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetCurrentProcess.KERNEL32(?,?,015FD2FE,?,?,?,?), ref: 015FD321
      • TerminateProcess.KERNEL32(00000000,?,015FD2FE,?,?,?,?), ref: 015FD328
      • ExitProcess.KERNEL32 ref: 015FD33A
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Process$CurrentExitTerminate
      • String ID:
      • API String ID: 1703294689-0
      • Opcode ID: c3ac06be097ed8acec74b987d870e31d47c26e8f5afbccaef2e74001187b627f
      • Instruction ID: 55aaac5486738c6ff0a77100873ca12f8c3d5fb0119fc1577393ebccee1fa703
      • Opcode Fuzzy Hash: c3ac06be097ed8acec74b987d870e31d47c26e8f5afbccaef2e74001187b627f
      • Instruction Fuzzy Hash: C0E08C32000209AFCF226F98ED1CA0C3F79FF40242B40401CFA049A174CB36DC62CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 8af2702f08044148ee84ead01a99c278225720cda3c2f24a0d427ecb11bc2b6c
      • Instruction ID: 3f897c2636dd304d0be9e038d6dbde5bcbe2c94fa2861e7255c9e8f4889ad8e3
      • Opcode Fuzzy Hash: 8af2702f08044148ee84ead01a99c278225720cda3c2f24a0d427ecb11bc2b6c
      • Instruction Fuzzy Hash: 5DF14F71E012199FDF14CFA8C880AADBBF5FF88314F15826EDA19AB345D731A901CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetSystemTimePreciseAsFileTime.KERNEL32(?,015D0C62,2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271,?,?,?,015D0C97,?,?,00000006,?,?,?,015CF7C6,00000006,00000001), ref: 015E13CB
      • GetSystemTimeAsFileTime.KERNEL32(016E92E8,?,?,015D0C62,2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271,?,?,?,015D0C97,?,?,00000006,?,?,?,015CF7C6), ref: 015E13CF
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Time$FileSystem$Precise
      • String ID:
      • API String ID: 743729956-0
      • Opcode ID: 4fa3eeccf04c9cfdce8810e327e80eebdaae0579c4c89b5230dbdc0f326b6f74
      • Instruction ID: 9e624e8c85d83ba2ee1e718a97ebedb47b98502467c7b0e890e7f39dc49cf0f5
      • Opcode Fuzzy Hash: 4fa3eeccf04c9cfdce8810e327e80eebdaae0579c4c89b5230dbdc0f326b6f74
      • Instruction Fuzzy Hash: F5D0A932901428E78B212B89BC184AD7BADFB08B603041052EA099A114CB602C104BD0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 015FE62C
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ExceptionRaise
      • String ID:
      • API String ID: 3997070919-0
      • Opcode ID: 7ac618ae5f254d5c4833721026656948b19cdc33caa3a404d676933fc90658c6
      • Instruction ID: a9fd45308432c8537524dc784837f6587693d7513ba73587e7e2aeb7533e50f0
      • Opcode Fuzzy Hash: 7ac618ae5f254d5c4833721026656948b19cdc33caa3a404d676933fc90658c6
      • Instruction Fuzzy Hash: 12B13B71610609CFE715CF2CC48AA697BE1FF45364F26865CEA99CF2A1D335E981CB40
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      • EnumSystemLocalesW.KERNEL32(0160B820,00000001,00000000,?,-00000050,?,0160BE5B,00000000,?,?,?,00000055,?), ref: 0160B764
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: cb7eab9f9b77727afacb578e87578ce5d23a195966ef6d233476e05c32d7baa0
      • Instruction ID: 254c4369b729015352f6d0be8e987281e7e5a99fbcf510fdfc8978a3e3500066
      • Opcode Fuzzy Hash: cb7eab9f9b77727afacb578e87578ce5d23a195966ef6d233476e05c32d7baa0
      • Instruction Fuzzy Hash: 1F11253A2003059FDB1DAF39DCA05BBBB92FF84359B18842DD98787B80D371A902C740
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      • EnumSystemLocalesW.KERNEL32(0160BA80,00000001,00000000,?,-00000050,?,0160BE1F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0160B7D7
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: 644f7f9302e600f1fc42110a794e0e4d9adf7b1c6993462088885628d2863c5c
      • Instruction ID: 8f7143739a839635771ad7d86f1a69cdceb27ca1a1c00ff3135cf4b9199f014c
      • Opcode Fuzzy Hash: 644f7f9302e600f1fc42110a794e0e4d9adf7b1c6993462088885628d2863c5c
      • Instruction Fuzzy Hash: 8EF0C23A2003045FDB2A9E399C90A7B7B95EF81768B09846DE9468B690D6B19C41C750
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01600271: EnterCriticalSection.KERNEL32(?,?,0160991C,?,017BD620,0000000C), ref: 01600280
      • EnumSystemLocalesW.KERNEL32(01601940,00000001,017BD420,0000000C,01601DAB,00000000), ref: 01601985
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CriticalEnterEnumLocalesSectionSystem
      • String ID:
      • API String ID: 1272433827-0
      • Opcode ID: 6517d2507bd8ab2e84d6439f0313f084efce2883398576edf70a07120d1cecb8
      • Instruction ID: c249d7b8511e2eeef85f3e9f64e39bfb83ae9132cc66d8253d18763575701c98
      • Opcode Fuzzy Hash: 6517d2507bd8ab2e84d6439f0313f084efce2883398576edf70a07120d1cecb8
      • Instruction Fuzzy Hash: A0F04976A04205EFDB14EFA8E881B9EBBF0EB48725F10812EE511DB290C7B59900CB80
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      • EnumSystemLocalesW.KERNEL32(0160B600,00000001,00000000,?,?,0160BE7D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0160B6DE
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast$EnumLocalesSystem
      • String ID:
      • API String ID: 2417226690-0
      • Opcode ID: 6aaf1d7f94e177bc41bc88f23839330fa7b2440ba6ba7745ef446d421502a979
      • Instruction ID: 7457994673ce75d83d3a74b0360e98bf9185200e19e785aa11481f99e57d47b1
      • Opcode Fuzzy Hash: 6aaf1d7f94e177bc41bc88f23839330fa7b2440ba6ba7745ef446d421502a979
      • Instruction Fuzzy Hash: E5F0E53A30025957CB1A9F3ADC65A7BBF94EFC1754B06805EEA06CB291C7729842C790
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,015FFD81,?,20001004,00000000,00000002,?,?,015FF36C), ref: 01601F3A
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: InfoLocale
      • String ID:
      • API String ID: 2299586839-0
      • Opcode ID: 4ffa885d37809608f49ebdf17d175802347b4334d064976ce6c07dc1d80748c8
      • Instruction ID: a09d4135704f8df72f0f162cfc9bdef02845c1986c2e9fab075183dace9c4e9d
      • Opcode Fuzzy Hash: 4ffa885d37809608f49ebdf17d175802347b4334d064976ce6c07dc1d80748c8
      • Instruction Fuzzy Hash: 72E09A35100118BBCB172F64EC04A9E3E6AEF59761F000018FE01212A0CB31CD209A98
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d0b261f5de8a3f3ca2a1be3e59719b223d15645e5d96039ccfddd9bbe321561a
      • Instruction ID: 1b055349f4fcdbe5a9d4dfe55d7a4295d307ae0439f64d53c438f954a2510a52
      • Opcode Fuzzy Hash: d0b261f5de8a3f3ca2a1be3e59719b223d15645e5d96039ccfddd9bbe321561a
      • Instruction Fuzzy Hash: 45516A70E0074A5AEF3F8A3C849CBBE6FD9BF91208F04491DD572DF282D616D944C252
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: ad0de9c9b75b628b0794124a21a510d17b2a43e4595c46f529451b33bcbf86cd
      • Instruction ID: 417146827d1d9e7ace8c7aefd0a89068605b0ca553bc8d8776c47e584dab806f
      • Opcode Fuzzy Hash: ad0de9c9b75b628b0794124a21a510d17b2a43e4595c46f529451b33bcbf86cd
      • Instruction Fuzzy Hash: 2421B373F205394B7B0CC47E8C562BDB6E1C78C501745827AF8A6EA2C1D968D917E2E4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 9da682b67b6e76839dcb618f2a1d69d9eb67ab82ffa0c0bce30ccfe69001b03e
      • Instruction ID: bdfa004fa8662e4d1de0131a413c3e0bcd48bce5087c12b5aeaa15b43ab1c142
      • Opcode Fuzzy Hash: 9da682b67b6e76839dcb618f2a1d69d9eb67ab82ffa0c0bce30ccfe69001b03e
      • Instruction Fuzzy Hash: 8511A723F30C255B675C81798C1327A91D3DBD815030F437AD826E72C4E894DE13C290
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5379c56c5339116fa515bbd403340ecbb0b14c6f88512186119c39f13819e676
      • Instruction ID: c87dce176048a29abbf6097bca15088250cef9fd7530fb826a67029f4b485885
      • Opcode Fuzzy Hash: 5379c56c5339116fa515bbd403340ecbb0b14c6f88512186119c39f13819e676
      • Instruction Fuzzy Hash: 31F03072A152249BCF2BC64CC805B5AB3B9EB45B69F51405AF505DB281D3B1EE50C7E0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 036fad3b38285c6e52aeae5abec6d738fe92eb7e6d0c60a1623e2d89cc1db0b2
      • Instruction ID: 10732cd7e828b2e5f74bfce1e04a5a4dc51a0d015f2bc1941ebd1d80fb07a397
      • Opcode Fuzzy Hash: 036fad3b38285c6e52aeae5abec6d738fe92eb7e6d0c60a1623e2d89cc1db0b2
      • Instruction Fuzzy Hash: E1E08C32A11238EBCB2ADB9CC94498AF7ECEB45B40B11009AF601E3280C670DE00C7D0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • ___free_lconv_mon.LIBCMT ref: 0160AA21
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C36
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C48
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C5A
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C6C
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C7E
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609C90
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CA2
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CB4
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CC6
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CD8
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CEA
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609CFC
        • Part of subcall function 01609C19: _free.LIBCMT ref: 01609D0E
      • _free.LIBCMT ref: 0160AA16
        • Part of subcall function 016015D5: HeapFree.KERNEL32(00000000,00000000,?,015FDDD3), ref: 016015EB
        • Part of subcall function 016015D5: GetLastError.KERNEL32(?,?,015FDDD3), ref: 016015FD
      • _free.LIBCMT ref: 0160AA38
      • _free.LIBCMT ref: 0160AA4D
      • _free.LIBCMT ref: 0160AA58
      • _free.LIBCMT ref: 0160AA7A
      • _free.LIBCMT ref: 0160AA8D
      • _free.LIBCMT ref: 0160AA9B
      • _free.LIBCMT ref: 0160AAA6
      • _free.LIBCMT ref: 0160AADE
      • _free.LIBCMT ref: 0160AAE5
      • _free.LIBCMT ref: 0160AB02
      • _free.LIBCMT ref: 0160AB1A
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
      • String ID:
      • API String ID: 161543041-0
      • Opcode ID: e0d7f4e87a8d932935f449cc2da4639e1fed441b26722eb17bf846784dca2954
      • Instruction ID: 8518032dd26fd6d35c5ee587843cbca0728245b1269af407f27822588998c72d
      • Opcode Fuzzy Hash: e0d7f4e87a8d932935f449cc2da4639e1fed441b26722eb17bf846784dca2954
      • Instruction Fuzzy Hash: 5C314C715007029EEB3BAAB9DD44B5B77EAAB113A0F14481DE4569B2D1EF31E9808714
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • std::locale::_Init.LIBCPMT ref: 013281B0
        • Part of subcall function 015CE534: std::_Lockit::_Lockit.LIBCPMT ref: 015CE546
        • Part of subcall function 015CE534: std::locale::_Setgloballocale.LIBCPMT ref: 015CE561
        • Part of subcall function 015CE534: _Yarn.LIBCPMT ref: 015CE577
        • Part of subcall function 015CE534: std::_Lockit::~_Lockit.LIBCPMT ref: 015CE5B7
      • std::ios_base::_Addstd.LIBCPMT ref: 01328289
      • _strftime.LIBCMT ref: 0132834C
      • __Mtx_unlock.LIBCPMT ref: 0132841D
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Lockitstd::_std::locale::_$AddstdInitLockit::_Lockit::~_Mtx_unlockSetgloballocaleYarn_strftimestd::ios_base::_
      • String ID: %d-%m-%Y %I:%M:%S$---$---$2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 3552534032-800858077
      • Opcode ID: 079365251b24654f772e720262044db8edfe1ee24d461f1b7b3bd96b109704e6
      • Instruction ID: afb9e92392e07ab00398b52f6c23b849203dfb1ceb86d3af0d6c2d0f624023bf
      • Opcode Fuzzy Hash: 079365251b24654f772e720262044db8edfe1ee24d461f1b7b3bd96b109704e6
      • Instruction Fuzzy Hash: 8D91F4B1D00315AFDB10EFA8DC88B9EBBE8FF58718F144159ED05AB385E77999048B90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • ___from_strstr_to_strchr.LIBCMT ref: 013C4473
      • ___from_strstr_to_strchr.LIBCMT ref: 013C4489
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ___from_strstr_to_strchr
      • String ID: %%.%dg$-1e+9999$-Infinity$1e+9999$Infinity$NaN$null
      • API String ID: 601868998-1955747591
      • Opcode ID: 49fee3b4020e5feabc3f7e83e4a8e67a31934d3e7e969c2b04eb23b89125edd0
      • Instruction ID: a7f4497607ae59bbb3f69f066b863626ee7492c2f93faac4e8028f9ffe02a3d2
      • Opcode Fuzzy Hash: 49fee3b4020e5feabc3f7e83e4a8e67a31934d3e7e969c2b04eb23b89125edd0
      • Instruction Fuzzy Hash: F24136B5900249ABDB11DF68DC15BFEBBB8FF01A0CF54415DE801AB241E7719A09CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,?), ref: 0131D9D6
      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 0131D9EB
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020006,?), ref: 0131DA17
      • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 0131DA41
      • RegSetValueExW.ADVAPI32(?,?,00000000,00000003,00000062,00000064), ref: 0131DA61
      • RegCloseKey.ADVAPI32(?), ref: 0131DA6D
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131DA0D
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131DA37
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseCreateOpenValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement$SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2501786468-283844744
      • Opcode ID: 8e069f34c3b262f45b154bfb65f93d45e913e506ed16ce4db49db814ecbc920e
      • Instruction ID: dcc57b439a17d71194c202969f06068f8a6dac1ca553b4f3358e2e1cb44c0421
      • Opcode Fuzzy Hash: 8e069f34c3b262f45b154bfb65f93d45e913e506ed16ce4db49db814ecbc920e
      • Instruction Fuzzy Hash: 35217531644315BFFB308F95EC16FAA7BADEB45B10F104295FA19F61C4DAB06910CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,?), ref: 0131D90B
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 0131D920
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020006,?), ref: 0131D93E
      • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 0131D969
      • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,00000004,00000004), ref: 0131D98D
      • RegCloseKey.ADVAPI32(?), ref: 0131D999
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131D934
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131D95F
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseCreateOpenValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement$SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2501786468-283844744
      • Opcode ID: ce45f9bae77aba945c83739c4ad656cb6c97921671fa3b1e24b22b59f9952585
      • Instruction ID: d8a1dc132aba0a8b5396d1cca7da53aef284027eadcfc280b3103e99293a6886
      • Opcode Fuzzy Hash: ce45f9bae77aba945c83739c4ad656cb6c97921671fa3b1e24b22b59f9952585
      • Instruction Fuzzy Hash: FC215E31644318BFEB309F95EC16F9977A9EB04B50F104196F719FA0D4D6B06950CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,00000001), ref: 0131DABC
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 0131DAD1
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020006,?), ref: 0131DAEF
      • RegCreateKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 0131DB1A
      • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,00000004,00000004), ref: 0131DB3E
      • RegCloseKey.ADVAPI32(?), ref: 0131DB4A
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131DAE5
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131DB10
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseCreateOpenValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement$SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2501786468-283844744
      • Opcode ID: 91d252ed6532428fafc1f8966500645d9fdedb613f5c3c7014fb74f7f64b84de
      • Instruction ID: f840144bdf335ae978948e2bfb69414711075a4067cc20f3f6aaad0cb761245a
      • Opcode Fuzzy Hash: 91d252ed6532428fafc1f8966500645d9fdedb613f5c3c7014fb74f7f64b84de
      • Instruction Fuzzy Hash: 45212E31644328BFEB309B959C16FA977B8AB05B50F104196B719FA0D4D6B0A950CBA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • __allrem.LIBCMT ref: 015EB87F
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015EB89B
      • __allrem.LIBCMT ref: 015EB8B2
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015EB8D0
      • __allrem.LIBCMT ref: 015EB8E7
      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015EB905
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
      • String ID: ios_base::failbit set
      • API String ID: 1992179935-3924258884
      • Opcode ID: 7d93b62e7d1e0e0a0392306af628f4ba7e0132a84151ca25d3fa0f9aba709697
      • Instruction ID: a96cdbea3c8de1561ba154fcc17cd0f1dab0d0a00b87a43d7b13afed4e99b0d7
      • Opcode Fuzzy Hash: 7d93b62e7d1e0e0a0392306af628f4ba7e0132a84151ca25d3fa0f9aba709697
      • Instruction Fuzzy Hash: 51813572E00B179BD729AE6CCC44B6A77E9BF50361F144629E541DE6D1EB30E9008B90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01601099: GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
        • Part of subcall function 01601099: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      • _memcmp.LIBVCRUNTIME ref: 015FFC36
      • _free.LIBCMT ref: 015FFCAA
      • _free.LIBCMT ref: 015FFCC3
      • _free.LIBCMT ref: 015FFD01
      • _free.LIBCMT ref: 015FFD0A
      • _free.LIBCMT ref: 015FFD16
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$ErrorLast$_memcmp
      • String ID: C
      • API String ID: 4275183328-1037565863
      • Opcode ID: 8388885b0f325669ad2c2b02c31fcfd9f061dfd14ed21caca4cb8152c6e49db1
      • Instruction ID: f63a4dbfd610b9f632298b7f73a5c2e2742445f5a2f14fe1a5ebf6f2f3495c31
      • Opcode Fuzzy Hash: 8388885b0f325669ad2c2b02c31fcfd9f061dfd14ed21caca4cb8152c6e49db1
      • Instruction Fuzzy Hash: 8AB14C7690122A9BDB25DF18C894BADB7B4FF48314F1445DED94AAB790E770AE80CF40
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RegOpenKeyExW.ADVAPI32(80000002,Software\Adobe\Designer\8.2,00000000,00000002,00000000,?,?,0131D3EA,00000000), ref: 01489ED6
      • RegDeleteValueW.ADVAPI32(00000000,MasterKey,?,?,0131D3EA,00000000), ref: 01489EE8
      • RegDeleteValueW.ADVAPI32(00000000,MasterApp,?,?,0131D3EA,00000000), ref: 01489EF6
      • RegCloseKey.ADVAPI32(00000000,?,?,0131D3EA,00000000), ref: 01489EFF
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: DeleteValue$CloseOpen
      • String ID: MasterApp$MasterKey$Software\Adobe\Designer\8.2
      • API String ID: 1772201698-2757307797
      • Opcode ID: ad74be981ec8670e0590e89c2b53c7ca56d2fe62b68261b0ff455ef98559e1c7
      • Instruction ID: ba9e27c80f4533551cd23c23224d6dda803ba234f7405d6698870e36a219c152
      • Opcode Fuzzy Hash: ad74be981ec8670e0590e89c2b53c7ca56d2fe62b68261b0ff455ef98559e1c7
      • Instruction Fuzzy Hash: 49E04F71644208FBDB219F92ED3BF5DBB38EB00601F101098FA05B0164DBB11A21DB50
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • CreateFileW.KERNEL32(00000001,C0000000,00000000,00000000,00000003,00190000,00000000,?,00000000,00000000,00000000,00000001), ref: 0131C3EC
      • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000001), ref: 0131C3F9
      • SetNamedPipeHandleState.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0131C41F
      • WriteFile.KERNEL32(00000000,00000003,00000004,00000001,00000000,?,00000000,00000000), ref: 0131C439
      • GetLastError.KERNEL32(?,00000000,00000000), ref: 0131C443
      • CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 0131C456
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorFileHandleLast$CloseCreateNamedPipeStateWrite
      • String ID:
      • API String ID: 1195787737-0
      • Opcode ID: ddc6bc9b788095afb89c208f2ff29e65aaf84bfb49f322bfcb7c642b0dc8f6f2
      • Instruction ID: 74b03fd2f52a9662584147abef32156cb0d14cb0f6d825766c465ad1342b165e
      • Opcode Fuzzy Hash: ddc6bc9b788095afb89c208f2ff29e65aaf84bfb49f322bfcb7c642b0dc8f6f2
      • Instruction Fuzzy Hash: F521A671A402286BEB319A99EC45BBE7BBCEB44A61F0051AAFD09F3194D7708A11C7D1
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RegOpenKeyExW.ADVAPI32(80000002,Software\Adobe\Adobe Acrobat\DC\Activation,00000000,00000001,?,?,00000000), ref: 0148A0EE
      • RegQueryValueExW.ADVAPI32(?,Disabled,00000000,00000000,00000000,00000004), ref: 0148A112
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: OpenQueryValue
      • String ID: Disabled$Software\Adobe\Adobe Acrobat\DC\Activation$en_US$zh_CN
      • API String ID: 4153817207-3686816119
      • Opcode ID: 39629bc2ee9ca630612bd77872acf0dd3ca0da81c070d6241740ec596d84f525
      • Instruction ID: b30c4212daf9abe36ec47f78f6718f4d00458005c03e259eb4fd70e823f5a2ee
      • Opcode Fuzzy Hash: 39629bc2ee9ca630612bd77872acf0dd3ca0da81c070d6241740ec596d84f525
      • Instruction Fuzzy Hash: 32A19B709043689FEB30DF68D848B9EBBF4BB04308F50846EE559AB351DBB1A549CF51
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID: api-ms-$ext-ms-
      • API String ID: 0-537541572
      • Opcode ID: 4e29cb6625787b6b1a3f9494858ab133ffb048cc72d45909fb62073271f3a543
      • Instruction ID: 8ffb0b13870d2d3d458fcea0a786a940fa9d38dd3f754883b652228090c9bdc4
      • Opcode Fuzzy Hash: 4e29cb6625787b6b1a3f9494858ab133ffb048cc72d45909fb62073271f3a543
      • Instruction Fuzzy Hash: F721D871A01A21ABD73B9A699C94F2B77A8AB427A4F150551FD06E73D1F770EC0086E0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 0160A34F: _free.LIBCMT ref: 0160A374
      • _free.LIBCMT ref: 0160A651
        • Part of subcall function 016015D5: HeapFree.KERNEL32(00000000,00000000,?,015FDDD3), ref: 016015EB
        • Part of subcall function 016015D5: GetLastError.KERNEL32(?,?,015FDDD3), ref: 016015FD
      • _free.LIBCMT ref: 0160A65C
      • _free.LIBCMT ref: 0160A667
      • _free.LIBCMT ref: 0160A6BB
      • _free.LIBCMT ref: 0160A6C6
      • _free.LIBCMT ref: 0160A6D1
      • _free.LIBCMT ref: 0160A6DC
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$ErrorFreeHeapLast
      • String ID:
      • API String ID: 776569668-0
      • Opcode ID: 9771e65f1d495e9572a28e565a02ea9162a5f769647979ca51d29ea56db4d033
      • Instruction ID: eb196c582aed3ced45f45d702d26eaf628e0c5055b86f829dc487fecfec3c618
      • Opcode Fuzzy Hash: 9771e65f1d495e9572a28e565a02ea9162a5f769647979ca51d29ea56db4d033
      • Instruction Fuzzy Hash: 92115171540B05ABD53BB7F1CC05FCB77AE5F11B90F48081DA29AAB0D0FAA6F5044754
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,00000064,?), ref: 01323303
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 01323318
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020019,?), ref: 01323339
      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,0000012C), ref: 0132337A
      • RegCloseKey.ADVAPI32(?), ref: 0132338B
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0132332F
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseOpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2332129513-717607756
      • Opcode ID: f69cdb39d9e4ce9ee2ddc084ce563e1417476456bf208782341447ea1849daf5
      • Instruction ID: 530e39e2e36e5006db454ba090492def04a3db9e09e52b121a6d9a70c5783acf
      • Opcode Fuzzy Hash: f69cdb39d9e4ce9ee2ddc084ce563e1417476456bf208782341447ea1849daf5
      • Instruction Fuzzy Hash: 90114271A44218BFEB209F91DC05FEA77BCEB45710F104196FA09F61C0DA706A54CBA5
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,0131C753,?), ref: 0131D813
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 0131D828
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020019,?), ref: 0131D849
      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,0000012C), ref: 0131D88A
      • RegCloseKey.ADVAPI32(?), ref: 0131D89B
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131D83F
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseOpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2332129513-717607756
      • Opcode ID: 5eea2aeb24b4eebff58fb8cdb0f5a07f5b14318a24912f4bc3a5614cfdd4917d
      • Instruction ID: 0caf8121c02e7506bab75592f7ebd12bfa3b824ced371f903f3d18ff820da6d2
      • Opcode Fuzzy Hash: 5eea2aeb24b4eebff58fb8cdb0f5a07f5b14318a24912f4bc3a5614cfdd4917d
      • Instruction Fuzzy Hash: F2118271A00218BFEB209F91DC05FEA77ACEB45710F104196FA09F61C0DA706A54CBA0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,?), ref: 01323250
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 01323265
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020019,?), ref: 01323286
      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000004,00000000,00000004), ref: 013232B4
      • RegCloseKey.ADVAPI32(?), ref: 013232C9
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0132327C
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseOpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2332129513-717607756
      • Opcode ID: 0be888ee88fd89415c6e8a77b9ff372191836284b240ef33472229b526406417
      • Instruction ID: e19ca156436ebbf874ced72eca5f6875ba836e40a1da1685ee26d5c920721550
      • Opcode Fuzzy Hash: 0be888ee88fd89415c6e8a77b9ff372191836284b240ef33472229b526406417
      • Instruction Fuzzy Hash: A8211971A40229AFEB209F91DC15FDAB7B8EB04710F1042D6FA1DB71D0DA716A54CFA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,00000000,00000000,0131C773), ref: 0131D760
      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000062,000000FF,?,00000000), ref: 0131D775
      • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,00000000,00020019,?), ref: 0131D796
      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000004,00000000,00000004), ref: 0131D7C4
      • RegCloseKey.ADVAPI32(?), ref: 0131D7D9
      Strings
      • SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement, xrefs: 0131D78C
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharMultiWide$CloseOpenQueryValue
      • String ID: SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement
      • API String ID: 2332129513-717607756
      • Opcode ID: fcf0dfdd22717afbc26eb60dce939f8a5d6878e6b2b18bd029e3bd71612c9c6c
      • Instruction ID: c3eab9686df111f834387b151f18d7f5a9d6145ee21c8d7251a05e433d012ced
      • Opcode Fuzzy Hash: fcf0dfdd22717afbc26eb60dce939f8a5d6878e6b2b18bd029e3bd71612c9c6c
      • Instruction Fuzzy Hash: 1D210771A00229AFEB209F91DC15FDAB7B8AB04710F1042D6FA0DB6190DA706A84CFA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • lstrcpyA.KERNEL32(0131C773,0172EB67,?,00000000,?,0131C753,?), ref: 0148A428
      • lstrcpyA.KERNEL32(0131C753,0172EBF6,?,0131C753,?), ref: 0148A434
      • lstrcpyA.KERNEL32(0131C773,ACRO,?,0131C753,?), ref: 0148A467
      • lstrcpyA.KERNEL32(0131C753,00000000,?,0131C753,?), ref: 0148A474
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: lstrcpy
      • String ID: ACRO$APEX$APRO
      • API String ID: 3722407311-2711017224
      • Opcode ID: b60a3e1ac4da1a06b3f972d3fe4899c5b899fab56274fb3a66b25d0ba935607e
      • Instruction ID: c6ba1efc36dd45870e6df40cb6aaef44bfd3efedcf7a4f8d739de504785326b0
      • Opcode Fuzzy Hash: b60a3e1ac4da1a06b3f972d3fe4899c5b899fab56274fb3a66b25d0ba935607e
      • Instruction Fuzzy Hash: A5F0B470140226779B203E1AEC18CAEF668AB45A60720822FF10AF3564DFB061534FD5
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetConsoleCP.KERNEL32(8304488B,015E77B1,00000000), ref: 01602A4E
      • __fassign.LIBCMT ref: 01602C2D
      • __fassign.LIBCMT ref: 01602C4A
      • WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01602C92
      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 01602CD2
      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 01602D7E
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: FileWrite__fassign$ConsoleErrorLast
      • String ID:
      • API String ID: 4031098158-0
      • Opcode ID: 6b0099b9d8e168360ae1d777fe7e6237b755eebeee67491433962c1643b3bd38
      • Instruction ID: 612996718f20f6601253ac596336819605222564f0f90d430db4b41bcd5e776c
      • Opcode Fuzzy Hash: 6b0099b9d8e168360ae1d777fe7e6237b755eebeee67491433962c1643b3bd38
      • Instruction Fuzzy Hash: EBD1BC75D002599FCB1ACFA8C8949EEBBB5BF48314F28415EE815BB381D730AD46CB50
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323C20
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323C42
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323C6A
      • __Getctype.LIBCPMT ref: 01323D40
      • std::_Facet_Register.LIBCPMT ref: 01323D7E
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323DDE
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
      • String ID:
      • API String ID: 1102183713-0
      • Opcode ID: d59579120bb63c1d6297576524b67c4a332560712608f660a8169009de1a88bb
      • Instruction ID: 9a0958dfedfb09da046352b2a6e67926e32e87e0985de5b63c61db22e63b14de
      • Opcode Fuzzy Hash: d59579120bb63c1d6297576524b67c4a332560712608f660a8169009de1a88bb
      • Instruction Fuzzy Hash: 1C619FB1A0022ADFDF11DF98C944BAEBBB4FF54718F144059D815AB341EB79AA05CB81
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 01323E00: std::_Lockit::_Lockit.LIBCPMT ref: 01323E34
        • Part of subcall function 01323E00: std::_Lockit::_Lockit.LIBCPMT ref: 01323E54
        • Part of subcall function 01323E00: std::_Lockit::~_Lockit.LIBCPMT ref: 01323E7C
        • Part of subcall function 01323E00: std::_Lockit::~_Lockit.LIBCPMT ref: 01323FC4
      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0132560D
      Strings
      • ios_base::eofbit set, xrefs: 01325542
      • 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271, xrefs: 01325385
      • ios_base::badbit set, xrefs: 01325534, 01325559, 01325592
      • ios_base::failbit set, xrefs: 0132553D
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Ios_base_dtorstd::ios_base::_
      • String ID: 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 1566447432-3405666089
      • Opcode ID: 0c4dfcfb0f5e7414b4eede14312f230ceaeae88c464b4f8391bc073365d655c2
      • Instruction ID: a494e16e402b08ebb83abb0d52a8d2bb6cbbbbef4ead53862f679c1e9934a5b2
      • Opcode Fuzzy Hash: 0c4dfcfb0f5e7414b4eede14312f230ceaeae88c464b4f8391bc073365d655c2
      • Instruction Fuzzy Hash: 0E816CB5A00219DFDB10DF98D880AADBBF8FF48314F14419EE916AB351D735AE01CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • ___std_exception_copy.LIBVCRUNTIME ref: 01324DF2
      Strings
      • ios_base::eofbit set, xrefs: 01324D7A
      • 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271, xrefs: 01324DC3
      • ios_base::badbit set, xrefs: 01324D6B, 01324D94, 01324DC2
      • ios_base::failbit set, xrefs: 01324D75
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ___std_exception_copy
      • String ID: 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
      • API String ID: 2659868963-3405666089
      • Opcode ID: 0fd5e60f6b6c94bf2caff7c2dece5cd5fab5ff7de11c0558aeabe4ceedadff79
      • Instruction ID: 9299cf6effb278967b959185983155fc5ee009e262c1fc05e59cb6f9cd8909bf
      • Opcode Fuzzy Hash: 0fd5e60f6b6c94bf2caff7c2dece5cd5fab5ff7de11c0558aeabe4ceedadff79
      • Instruction Fuzzy Hash: 3A61BE75A00619EFCB10DF58D984B99BBF8FF09324F1481AAE915AB352D774AE00CF90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0131C65C
      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104), ref: 0131C678
      • SetCurrentDirectoryW.KERNEL32(?), ref: 0131C69C
      • SetCurrentDirectoryW.KERNEL32(?), ref: 0131C762
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CurrentDirectory$ByteCharMultiWide
      • String ID: \amt_assets
      • API String ID: 1927298138-3216911787
      • Opcode ID: e6ad44c20258e0da3c2ccdd7d3d2e3b9fa4eb80762fac41c82c366d682caddf3
      • Instruction ID: c287b4d0a35810ed742ddca0075ed617daa564724448d9fd7f4b969d78f82f7f
      • Opcode Fuzzy Hash: e6ad44c20258e0da3c2ccdd7d3d2e3b9fa4eb80762fac41c82c366d682caddf3
      • Instruction Fuzzy Hash: 23411A72A8021D5FDB24EB689C45FDE73ACAB64714F040596F654EB184DBB09A848B90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetVolumeInformationW.KERNEL32(C:\,?,00000105,00000000,00000000,00000000,?,00000105,?,?,?,?,?,00000000), ref: 0131C1A0
      • lstrlenW.KERNEL32(00000208,?,?,?,?,?,00000000), ref: 0131C1BF
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: InformationVolumelstrlen
      • String ID: C:\$TsnIorcAeBoda$thsnYaVieBoda
      • API String ID: 2744656266-46497372
      • Opcode ID: 57d4189f6ee89193322307da4d084641a9fa6e0db3b8e17eb5d62c8d832dff27
      • Instruction ID: ae053a5a88acfe92147da912f44b6a70a7a1938881fabc2b9fd21a174b36e26a
      • Opcode Fuzzy Hash: 57d4189f6ee89193322307da4d084641a9fa6e0db3b8e17eb5d62c8d832dff27
      • Instruction Fuzzy Hash: 9C21D4B1A8021DABEB21DF54CC45FDE77BCAB15708F800095F604E6185DBB09A848FA9
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RegCreateKeyExW.ADVAPI32(80000001,Software\Adobe\Adobe Acrobat\DC\AdobeViewer,00000000,00000000,00000000,00000002,00000000,0131C8B5,00000000), ref: 0132016C
      • RegSetValueExW.ADVAPI32(00000000,EULAAcceptedForBrowser,00000000,00000004,00000001,00000004,00000000), ref: 0132018F
      • RegCloseKey.ADVAPI32(00000000), ref: 0132019A
      Strings
      • Software\Adobe\Adobe Acrobat\DC\AdobeViewer, xrefs: 0132015D
      • EULAAcceptedForBrowser, xrefs: 01320187
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseCreateValue
      • String ID: EULAAcceptedForBrowser$Software\Adobe\Adobe Acrobat\DC\AdobeViewer
      • API String ID: 1818849710-3804961394
      • Opcode ID: d39130529e80edcd1bd2d49b53ddbdd3934fd6d8c1b0e0c816cd922a4575382c
      • Instruction ID: 4f53155c8a58e328b843e4dc5b03def0c42166ad29f3ffc6d296a17840e74bc6
      • Opcode Fuzzy Hash: d39130529e80edcd1bd2d49b53ddbdd3934fd6d8c1b0e0c816cd922a4575382c
      • Instruction Fuzzy Hash: 33F01235A80308BAEB309E90AD0AFD97BA89B01B15F204194FF04B61D0D7B16A24D795
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RegCreateKeyExW.ADVAPI32(0131C83D,Software\Adobe\Adobe Acrobat\DC\AdobeViewer,00000000,00000000,00000000,00000002,00000000,?,00000000), ref: 013201FC
      • RegSetValueExW.ADVAPI32(00000000,Launched,00000000,00000004,00000001,00000004), ref: 0132021F
      • RegCloseKey.ADVAPI32(00000000), ref: 0132022A
      Strings
      • Software\Adobe\Adobe Acrobat\DC\AdobeViewer, xrefs: 013201ED
      • Launched, xrefs: 01320217
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseCreateValue
      • String ID: Launched$Software\Adobe\Adobe Acrobat\DC\AdobeViewer
      • API String ID: 1818849710-41317194
      • Opcode ID: ab9d8fba567f5d40d2de46dc77483c23af7bec4d5d2eed80ddb883868fd15f49
      • Instruction ID: e1beed71e09bf33d5432a01f6ce4d31c728ffcf036770f5e16dc93a0ed9d7f2d
      • Opcode Fuzzy Hash: ab9d8fba567f5d40d2de46dc77483c23af7bec4d5d2eed80ddb883868fd15f49
      • Instruction Fuzzy Hash: D1F01275A80308BAEB309E90AD0AFD97BB8EB01B15F104194FF04B61D0D6B15A14D799
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetModuleHandleW.KERNEL32(Kernel32.dll,73B77610,?,014718D9,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 0147148C
      • GetProcAddress.KERNEL32(73B60000,FindActCtxSectionStringW), ref: 014714A1
      • FindActCtxSectionStringW.KERNEL32(?,014718D9,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 014714D1
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AddressFindHandleModuleProcSectionString
      • String ID: FindActCtxSectionStringW$Kernel32.dll
      • API String ID: 1814600871-2752986935
      • Opcode ID: 65819728f3db6a554f14e7259b0c1b6bd199e6e9b5a86547f91c99ce89a8fdf5
      • Instruction ID: 1300d3ea8a6f0a7685c5cae714f66b1fd78f67cc2eb79c054526d55396031a8b
      • Opcode Fuzzy Hash: 65819728f3db6a554f14e7259b0c1b6bd199e6e9b5a86547f91c99ce89a8fdf5
      • Instruction Fuzzy Hash: E8F01272A45229ABCB329FB5BC149AB3F69FB04AB57009026FD0596325D7359820DB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetModuleHandleW.KERNEL32(Kernel32.dll,00000028,?,01471610,00000028,?,01471539,00000000), ref: 014713CC
      • GetProcAddress.KERNEL32(73B60000,ActivateActCtx), ref: 014713E1
      • ActivateActCtx.KERNEL32(?,01471610,00000028,?,01471539,00000000), ref: 01471408
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ActivateAddressHandleModuleProc
      • String ID: ActivateActCtx$Kernel32.dll
      • API String ID: 722951063-1680618737
      • Opcode ID: 4bf4a82a38006969c362c8ade6b5d9d85f1ed7b0dea8d8c333ce0ced9983df5b
      • Instruction ID: 80682fbb4b79920204233890cbe535e714e911eab65398ef96ff6c8606847650
      • Opcode Fuzzy Hash: 4bf4a82a38006969c362c8ade6b5d9d85f1ed7b0dea8d8c333ce0ced9983df5b
      • Instruction Fuzzy Hash: 99F08272B06229AB9B315FB9BD1499B7FACFB04AB57009027FC04D6A24D7309810CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetModuleHandleW.KERNEL32(Kernel32.dll,00000000,?,014715BE,00000000,00000000,01471572), ref: 0147142C
      • GetProcAddress.KERNEL32(73B60000,DeactivateActCtx), ref: 01471441
      • DeactivateActCtx.KERNEL32(?,014715BE,00000000,00000000,01471572), ref: 01471468
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AddressDeactivateHandleModuleProc
      • String ID: DeactivateActCtx$Kernel32.dll
      • API String ID: 2931768472-3029746753
      • Opcode ID: 90debe412d3335398d7e5872735cd55eb196d13dc143f8748189d05408a5a956
      • Instruction ID: 5a804dc470d52dc93a4858d801fb30bb3ab7c5b8833414bfc8d9c0b80a5b8546
      • Opcode Fuzzy Hash: 90debe412d3335398d7e5872735cd55eb196d13dc143f8748189d05408a5a956
      • Instruction Fuzzy Hash: 9EF08272B066299B8B315FB5BC5499B7F6CFB04AB57009027FC09E6224D7309810DBD0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,015FD336,?,?,015FD2FE,?,?,?), ref: 015FD356
      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 015FD369
      • FreeLibrary.KERNEL32(00000000,?,?,015FD336,?,?,015FD2FE,?,?,?), ref: 015FD38C
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AddressFreeHandleLibraryModuleProc
      • String ID: CorExitProcess$mscoree.dll
      • API String ID: 4061214504-1276376045
      • Opcode ID: b48d4c4cf5d7bc0e834aac310f1a7224e059a04749478a5190dc38ae1bff6095
      • Instruction ID: def3be8675c6eb4b09c565482a7dc2274d52548597379a7024bb26d817571d4b
      • Opcode Fuzzy Hash: b48d4c4cf5d7bc0e834aac310f1a7224e059a04749478a5190dc38ae1bff6095
      • Instruction Fuzzy Hash: 86F08235501219FBDB219FD5ED1AB9EBE7DFB04755F144098EA05A11A0CB708E10DB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$InformationTimeZone
      • String ID:
      • API String ID: 597776487-0
      • Opcode ID: f56b03d5ae2198ed11523face8255015867e93b1517ba58443327a2e69377d3f
      • Instruction ID: 3a0b2314b110d2299a16db4566f23cf5f1633dc9091bc83344835a1dc6b9b88f
      • Opcode Fuzzy Hash: f56b03d5ae2198ed11523face8255015867e93b1517ba58443327a2e69377d3f
      • Instruction Fuzzy Hash: 08C1277190021AABDB2BEF6CCD40AAB7BBAEF55360F1440ADE542973C1E7319A41CB54
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 016012FA: RtlAllocateHeap.NTDLL(00000000,?,?,?,01492F10,?,?,?,?,01311010,000000E0), ref: 0160132C
      • _free.LIBCMT ref: 015FF621
      • _free.LIBCMT ref: 015FF638
      • _free.LIBCMT ref: 015FF655
      • _free.LIBCMT ref: 015FF670
      • _free.LIBCMT ref: 015FF687
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$AllocateHeap
      • String ID:
      • API String ID: 3033488037-0
      • Opcode ID: 0ebe317c75d651874d820cd8f9728299d5b719348a3f37215fd96554f46f4bf3
      • Instruction ID: e68e7e6918025ad4cc05b6dcbfccabda50d858ddf4879c7370454d9c86ee1ff9
      • Opcode Fuzzy Hash: 0ebe317c75d651874d820cd8f9728299d5b719348a3f37215fd96554f46f4bf3
      • Instruction Fuzzy Hash: 5651B373A00205AFDB25DF69CC40A6A77F5FF58720F14456EEA06DB6A0EB31EA01CB44
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323A34
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323A54
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323A7C
      • std::_Facet_Register.LIBCPMT ref: 01323B74
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323BD1
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
      • String ID:
      • API String ID: 459529453-0
      • Opcode ID: 223d8467dfa91a93bc3485d0fad8bc5b022d6c2da718cb04579ae6bf6289d493
      • Instruction ID: 9a09d659f482fd9dc06169d9e9c00858198e56ee7aaa44f7aaa7d412349f4c39
      • Opcode Fuzzy Hash: 223d8467dfa91a93bc3485d0fad8bc5b022d6c2da718cb04579ae6bf6289d493
      • Instruction Fuzzy Hash: EA51C170A01219DFEB11DF98C984BAEBBB4FF58318F14846DD8056B381DB79AE05CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323E34
      • std::_Lockit::_Lockit.LIBCPMT ref: 01323E54
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323E7C
      • std::_Facet_Register.LIBCPMT ref: 01323F67
      • std::_Lockit::~_Lockit.LIBCPMT ref: 01323FC4
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
      • String ID:
      • API String ID: 459529453-0
      • Opcode ID: eb62a8b775cb528ad9ffe8300242188ef3bd0830b6af5f354003ecf705fbdb8f
      • Instruction ID: 39055dd5001b7b0c63c6e70a4c388d243d5546a6a6e7a140a7192ddacd407ca3
      • Opcode Fuzzy Hash: eb62a8b775cb528ad9ffe8300242188ef3bd0830b6af5f354003ecf705fbdb8f
      • Instruction Fuzzy Hash: 6C51D171A00329DFDB11DF98C984BAEBBB4FF58318F14405DD845AB381D779AA09CB91
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • _free.LIBCMT ref: 0160A0EF
        • Part of subcall function 016015D5: HeapFree.KERNEL32(00000000,00000000,?,015FDDD3), ref: 016015EB
        • Part of subcall function 016015D5: GetLastError.KERNEL32(?,?,015FDDD3), ref: 016015FD
      • _free.LIBCMT ref: 0160A101
      • _free.LIBCMT ref: 0160A113
      • _free.LIBCMT ref: 0160A125
      • _free.LIBCMT ref: 0160A137
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free$ErrorFreeHeapLast
      • String ID:
      • API String ID: 776569668-0
      • Opcode ID: 0eeb3679ef2ee13346b2c0cf8cc9710b3e65ab6e1f166f631eebdf0a48bd5615
      • Instruction ID: 4c8ebce3db6bff24d6c2552c12ef80254096894af3efa72c77dfbdbcfa2f1380
      • Opcode Fuzzy Hash: 0eeb3679ef2ee13346b2c0cf8cc9710b3e65ab6e1f166f631eebdf0a48bd5615
      • Instruction Fuzzy Hash: 81F0AF720042016B923AEA99FC94C1777FAAA443B0758480DF146DBA80CF30F8C08764
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: __freea
      • String ID: a/p$am/pm
      • API String ID: 240046367-3206640213
      • Opcode ID: 02744503f0ec11e1fdaccc06a88a572f1909a21bbc487315a7f58bb1e978d8f2
      • Instruction ID: e342fa6169532a481b934d3cdffdd7637f95f593df2d58410098eccc398e98b9
      • Opcode Fuzzy Hash: 02744503f0ec11e1fdaccc06a88a572f1909a21bbc487315a7f58bb1e978d8f2
      • Instruction Fuzzy Hash: EDC1CD35900216DAEB259FACC994EBFBBB2FF1A700F18404DEB01AF254D3319945CBA5
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • std::_Lockit::_Lockit.LIBCPMT ref: 0131E33B
      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0131E39E
        • Part of subcall function 015CE634: _Yarn.LIBCPMT ref: 015CE653
        • Part of subcall function 015CE634: _Yarn.LIBCPMT ref: 015CE677
      • ___std_exception_copy.LIBVCRUNTIME ref: 0131E411
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::____std_exception_copy
      • String ID: bad locale name
      • API String ID: 951334191-1405518554
      • Opcode ID: 50239358b228be09d337de703cf990b6e40ff19a898bde8cc0f904be9ddb6033
      • Instruction ID: d1b0206da5cdee4ee48cb838e0302f7112df3b6e60bfbc3589afc53feabcbfa9
      • Opcode Fuzzy Hash: 50239358b228be09d337de703cf990b6e40ff19a898bde8cc0f904be9ddb6033
      • Instruction Fuzzy Hash: A541A0B1904784EFD720CF68C904B8BBFF8EB15724F108A5EE85597780E3B5AA04CB90
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • InitOnceExecuteOnce.KERNELBASE(?,015CF0EE,?,013282CC), ref: 015E141B
      • SetLastError.KERNEL32(0000000D,?,015CF0EE,?,013282CC,?,00000000,?,01323944,017D0460,01323960,017D0464,01328468,?,013282CC,?), ref: 015E1479
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Once$ErrorExecuteInitLast
      • String ID: ios_base::failbit set
      • API String ID: 3407056439-3924258884
      • Opcode ID: c195195294078fbbd536c4db61532759c1021da4eda19a250407dac4dee56234
      • Instruction ID: 71ef8c2aceb6721696b81f96739fcd4109fb921d597d92359ab5bdef71a8d853
      • Opcode Fuzzy Hash: c195195294078fbbd536c4db61532759c1021da4eda19a250407dac4dee56234
      • Instruction Fuzzy Hash: 8411C832700129AFDF265E64DC885AEBBE9FF48751B008039FA55DA310D7708C118BD0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • OpenMutexW.KERNEL32(00100000,00000000,Global\ARM Update Mutex,0131C1CF,?,?,?,?,?,00000000), ref: 0131C22C
      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0131C237
      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0131C243
      Strings
      • Global\ARM Update Mutex, xrefs: 0131C220
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseErrorHandleLastMutexOpen
      • String ID: Global\ARM Update Mutex
      • API String ID: 4249120315-3247037459
      • Opcode ID: 8716ea50f7da85f4943c8f2725fd084987ad71da8239d4f68cd06de592555a93
      • Instruction ID: b703af6d6d2e731f4f44971702b72167dd4976480176478d4096295fe4e1186b
      • Opcode Fuzzy Hash: 8716ea50f7da85f4943c8f2725fd084987ad71da8239d4f68cd06de592555a93
      • Instruction Fuzzy Hash: D6D012707803015BDF7116B4BC1D7563558A704F46F5034D4F105E10DCEB94C451C760
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • OpenMutexW.KERNEL32(00100000,00000000,Global\Acro Update Mutex,0131C2B2), ref: 0131C26C
      • CloseHandle.KERNEL32(00000000), ref: 0131C277
      • GetLastError.KERNEL32 ref: 0131C283
      Strings
      • Global\Acro Update Mutex, xrefs: 0131C260
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseErrorHandleLastMutexOpen
      • String ID: Global\Acro Update Mutex
      • API String ID: 4249120315-954496354
      • Opcode ID: 38b0f1ba56b354abbcdf9861debfc21f0d49bee0336323c474b0ac875efa2594
      • Instruction ID: 88b6bf52292a0ae85dd62e2ad834310c498d06bc1e48c9adf9d933bb50d0c13e
      • Opcode Fuzzy Hash: 38b0f1ba56b354abbcdf9861debfc21f0d49bee0336323c474b0ac875efa2594
      • Instruction Fuzzy Hash: 8ED0127078030157DF7116B4BC5D7563558B700F46F5034D4F109E10ECDB98C411C760
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _strrchr
      • String ID:
      • API String ID: 3213747228-0
      • Opcode ID: 6617e7864c7d08f008faa25ec7d3b74228eea2198e77ec31322edf05b9142cbc
      • Instruction ID: 461096fc1fdd983fa34d8e48c9d97c4bea4aae5b27e5b9e496ce7c57e2898fea
      • Opcode Fuzzy Hash: 6617e7864c7d08f008faa25ec7d3b74228eea2198e77ec31322edf05b9142cbc
      • Instruction Fuzzy Hash: FDB1F2329042469FDB2ACF6CCC807AFBBE5EF95250F1441AADA559B3C1DB349D02CB60
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0131C7EC
      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000104), ref: 0131C807
      • SetCurrentDirectoryW.KERNEL32(?), ref: 0131C832
      • SetCurrentDirectoryW.KERNEL32(?), ref: 0131C8BC
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CurrentDirectory$ByteCharMultiWide
      • String ID:
      • API String ID: 1927298138-0
      • Opcode ID: c1560a30c5ad67b30e6236c135f5d9b2dd45a152001060cc5d6ed1e0f4d2d0f6
      • Instruction ID: e56169ef3abe158526d2b9b9b2f53b7b556e268b70a17bf876ce26ca67d12751
      • Opcode Fuzzy Hash: c1560a30c5ad67b30e6236c135f5d9b2dd45a152001060cc5d6ed1e0f4d2d0f6
      • Instruction Fuzzy Hash: 3C31FBB1A0011D9BDB20EF69DC84BDDB7B8EF54314F5045EAFA18A7155DA708D808BA4
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 40fe6a7217d7f030423dd041db857c62228e184ba07e4a44c0bb38cbc6b55577
      • Instruction ID: bbac3984c13a21dc2a95c9cd95c796defaf6453cdbf002a06527a3d494ea1119
      • Opcode Fuzzy Hash: 40fe6a7217d7f030423dd041db857c62228e184ba07e4a44c0bb38cbc6b55577
      • Instruction Fuzzy Hash: 6A218072A04117AFDF29AE65DC8896F77EDFF402667004515F425DA190EB71EC5087A0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,015EC205,017BD120,0000000C), ref: 0160109E
      • _free.LIBCMT ref: 016010FB
      • _free.LIBCMT ref: 01601131
      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC205,017BD120,0000000C), ref: 0160113C
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast_free
      • String ID:
      • API String ID: 2283115069-0
      • Opcode ID: b0128e6ee27583bc414a3f22f2845d3dde0c03a74164d6a5e13d5e00ab9c993c
      • Instruction ID: ad2931289ca9abf2574d9a0ef00de93172b029f85fc931ac72158dd65bed3e8d
      • Opcode Fuzzy Hash: b0128e6ee27583bc414a3f22f2845d3dde0c03a74164d6a5e13d5e00ab9c993c
      • Instruction Fuzzy Hash: E811CA323005066F963F76B9EC94D3B266E9BC33B6714052CF326962D4EE61CC028764
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetLastError.KERNEL32(?,?,?,015EC561,016015FB,?,?,015FDDD3), ref: 016011F5
      • _free.LIBCMT ref: 01601252
      • _free.LIBCMT ref: 01601288
      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,015EC561,016015FB,?,?,015FDDD3), ref: 01601293
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ErrorLast_free
      • String ID:
      • API String ID: 2283115069-0
      • Opcode ID: 564303206e05e028912a795aa7f3eae6c5bc455a435e1eb0d763856ec2fbfc45
      • Instruction ID: 87015d36e2c5ddbbd661523198909e35656a4afd07c26bbae604b94f3e6904a5
      • Opcode Fuzzy Hash: 564303206e05e028912a795aa7f3eae6c5bc455a435e1eb0d763856ec2fbfc45
      • Instruction Fuzzy Hash: FA11E5B23002066FD72B66B9AC94D3B276EABD73B5714822DF615D62D4EE21CC824364
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • RegOpenKeyExW.ADVAPI32(80000001,0148A314,00000000,00020006,00000000,00000000,?,0148A497,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,bZHCNLocale,0148A314,?,0148A314,00000000), ref: 01330297
      • RegCreateKeyExW.ADVAPI32(80000001,0148A314,00000000,00000000,00000000,0002001F,00000000,00000000,00000000,?,0148A497,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,bZHCNLocale,0148A314,?,0148A314), ref: 013302BC
      • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000004,0148A314,00000004,?,0148A497,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,bZHCNLocale,0148A314,?,0148A314,00000000), ref: 013302D6
      • RegCloseKey.ADVAPI32(00000000,?,0148A497,SOFTWARE\Adobe\Adobe Acrobat\DC\AVEntitlement,bZHCNLocale,0148A314,?,0148A314,00000000,?,?,00000000), ref: 013302DF
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CloseCreateOpenValue
      • String ID:
      • API String ID: 776291540-0
      • Opcode ID: 78447c2e3ff9ed1a2271b9b4590bbf0d085b9b92a7a14b32241376e009bf8a20
      • Instruction ID: d7e222e210848be5747c0d9fc88445b1d280a62b45ad76cafd6f13a7f569d8d6
      • Opcode Fuzzy Hash: 78447c2e3ff9ed1a2271b9b4590bbf0d085b9b92a7a14b32241376e009bf8a20
      • Instruction Fuzzy Hash: FFF01D35680308FBFB318E90EC16FA97B69EB04B40F204054FB04E90E1D6B19620DB98
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • WriteConsoleW.KERNEL32(015E77B1,015CFB87,?,00000000,015E77B1,?,0160DDC4,015E77B1,00000001,015E77B1,015E77B1,?,01602DDB,00000000,8304488B,015E77B1), ref: 01610F8E
      • GetLastError.KERNEL32(?,0160DDC4,015E77B1,00000001,015E77B1,015E77B1,?,01602DDB,00000000,8304488B,015E77B1,00000000,015E77B1,?,0160332F,00000010), ref: 01610F9A
        • Part of subcall function 01610F60: CloseHandle.KERNEL32(FFFFFFFE,01610FAA,?,0160DDC4,015E77B1,00000001,015E77B1,015E77B1,?,01602DDB,00000000,8304488B,015E77B1,00000000,015E77B1), ref: 01610F70
      • ___initconout.LIBCMT ref: 01610FAA
        • Part of subcall function 01610F22: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,01610F51,0160DDB1,015E77B1,?,01602DDB,00000000,8304488B,015E77B1,00000000), ref: 01610F35
      • WriteConsoleW.KERNEL32(015E77B1,015CFB87,?,00000000,?,0160DDC4,015E77B1,00000001,015E77B1,015E77B1,?,01602DDB,00000000,8304488B,015E77B1,00000000), ref: 01610FBF
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
      • String ID:
      • API String ID: 2744216297-0
      • Opcode ID: 3f708b40659f5f2961067ac80dce7ae35764b242667a8ddf49263f0e5f13915d
      • Instruction ID: cd3a396cdb45a6e7adb8d2c3949311ad5f3d76aa3bf05e8692c35dbca4181dda
      • Opcode Fuzzy Hash: 3f708b40659f5f2961067ac80dce7ae35764b242667a8ddf49263f0e5f13915d
      • Instruction Fuzzy Hash: C9F01C36901259BFCF222FA9EC0599A3F67FF083B0B149054FE08D6129D73289709BA0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • SleepConditionVariableCS.KERNELBASE(?,015CC5CF,00000064), ref: 015CC655
      • LeaveCriticalSection.KERNEL32(017D4FBC,00000002,?,015CC5CF,00000064,?,013C13CC,017D0718,7DFC34E3,00000000,0164098C,000000FF,?,013C2FBD,?,0163FD9B), ref: 015CC65F
      • WaitForSingleObjectEx.KERNEL32(00000002,00000000,?,015CC5CF,00000064,?,013C13CC,017D0718,7DFC34E3,00000000,0164098C,000000FF,?,013C2FBD,?,0163FD9B), ref: 015CC670
      • EnterCriticalSection.KERNEL32(017D4FBC,?,015CC5CF,00000064,?,013C13CC,017D0718,7DFC34E3,00000000,0164098C,000000FF,?,013C2FBD,?,0163FD9B,?), ref: 015CC677
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
      • String ID:
      • API String ID: 3269011525-0
      • Opcode ID: 86c250d9d576763711b65252823106b147e8f8d6b1bbe8b7927e953826a1d280
      • Instruction ID: 63df0eed9adf30353efd2cb974daf270753ba25c940a6a1c7f62530af611723e
      • Opcode Fuzzy Hash: 86c250d9d576763711b65252823106b147e8f8d6b1bbe8b7927e953826a1d280
      • Instruction Fuzzy Hash: 13E09232505228BBCB212F85FD1CA8EBFB9BB0AA61B0850D9F90A66534C7701C618BC0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Strings
      • {"chainedWorkflow" : false, "entryResourceId" : "%s", "entryQueryString" : "%s", "id" : "%s", "instanceId" : "<guid>", "interceptUrl" : "https://oobe.adobe.com/", "type" : "%s", "version" : %d, "workflowIdCode" : %d}, xrefs: 015FDC00
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free
      • String ID: {"chainedWorkflow" : false, "entryResourceId" : "%s", "entryQueryString" : "%s", "id" : "%s", "instanceId" : "<guid>", "interceptUrl" : "https://oobe.adobe.com/", "type" : "%s", "version" : %d, "workflowIdCode" : %d}
      • API String ID: 269201875-2169768307
      • Opcode ID: cbf921fc2e1b8ee1c7f947533fa47ab3e49fd8f37a3c82b1eabe74941acbcb01
      • Instruction ID: 4232746aa9b64661f30c7eef10b9e8c948e6c8c13f5864ff46869f153626f812
      • Opcode Fuzzy Hash: cbf921fc2e1b8ee1c7f947533fa47ab3e49fd8f37a3c82b1eabe74941acbcb01
      • Instruction Fuzzy Hash: 6541A036A00205AFDB24DFA8C980A6EB7F6FF89714B15456DD616EF381DB71E901CB80
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: _free
      • String ID: ios_base::failbit set
      • API String ID: 269201875-3924258884
      • Opcode ID: 2908372ded9ae887122bd55f7350047283e500cdef2ab58d07e9270d0c5c2b6b
      • Instruction ID: 3d3147431640111c5e046f1b59a6bacc4e05658a6fc7e5dcc5fc8dd3331191d0
      • Opcode Fuzzy Hash: 2908372ded9ae887122bd55f7350047283e500cdef2ab58d07e9270d0c5c2b6b
      • Instruction Fuzzy Hash: 4D318471C0024AEFDF1ADF99C984ADEBFF5BF59211F14406AE910AB250D7319A11CBA1
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 015CFA26: __EH_prolog3_GS.LIBCMT ref: 015CFA2D
        • Part of subcall function 015E219C: RaiseException.KERNEL32(E06D7363,00000001,00000003,0131CECC,?,?,?,0131CECC,?,0177FF78), ref: 015E21FC
      • std::_Xfsopen.LIBCPMT ref: 015CFB4B
      • std::_Xfsopen.LIBCPMT ref: 015CFB6B
      Strings
      • 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271, xrefs: 015CFAC4, 015CFAD5, 015CFAFD
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: Xfsopenstd::_$ExceptionH_prolog3_Raise
      • String ID: 2CFA9046A773DAC36A267C57BA2D87ABFB9793F7C57B462A88F893252D76A85E4DECB50E547BFD187591DD72A40330CD47B9B37E73439CE2D0E963A620E4D271
      • API String ID: 1716935052-2184126485
      • Opcode ID: 55630f5d017c24ca479344749231dfbaf224c94d16ac0dd1d65b6e8d627c3553
      • Instruction ID: e2674f73d5f3a824d0bc24c0ab334a5daa17a13233cc262619d52c3a1cb4522f
      • Opcode Fuzzy Hash: 55630f5d017c24ca479344749231dfbaf224c94d16ac0dd1d65b6e8d627c3553
      • Instruction Fuzzy Hash: E9210731A003176FEF285D9CDC25BAE7B9BBF51E68F08402EFE48AE050D724DD128690
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
        • Part of subcall function 015E7BE8: _free.LIBCMT ref: 015E7BF6
        • Part of subcall function 0160488E: MultiByteToWideChar.KERNEL32(01609201,00000100,E8458D00,00000000,00000000,00000020,?,0160A8AA,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 016048FE
      • GetLastError.KERNEL32(?,?,?,?,?,?,7DFC34E3,01328351,?,00000000,?,?,00000006,7DFC34E3,00000006,00000000), ref: 015E7B3E
      • __dosmaperr.LIBCMT ref: 015E7B45
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: ByteCharErrorLastMultiWide__dosmaperr_free
      • String ID: ios_base::failbit set
      • API String ID: 4030486722-3924258884
      • Opcode ID: 2443a789c406e8be4b5fb4b1de7e1b8dce78e408f66db0a2be3e17d65d567840
      • Instruction ID: 669eac4d12fcf3e4479dbd1d406db5832f5249062bd0395bbce82016d3b1124f
      • Opcode Fuzzy Hash: 2443a789c406e8be4b5fb4b1de7e1b8dce78e408f66db0a2be3e17d65d567840
      • Instruction Fuzzy Hash: D621C631D006166BDF2A9F198C04A5E77EDFF99230B104519EA299F190EB70E9108BD0
      Uniqueness

      Uniqueness Score: -1.00%

      Download Yara Rule
      APIs
      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,0147176D,GetModuleHandleExW), ref: 01471661
      • GetProcAddress.KERNEL32(73B60000,0147176D), ref: 01471674
      Strings
      Memory Dump Source
      • Source File: 00000000.00000002.911285434.0000000001311000.00000020.00020000.sdmp, Offset: 01310000, based on PE: true
      • Associated: 00000000.00000002.911273292.0000000001310000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911695193.000000000166F000.00000002.00020000.sdmp Download File
      • Associated: 00000000.00000002.911919196.00000000017C3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911931712.00000000017C6000.00000008.00020000.sdmp Download File
      • Associated: 00000000.00000002.911940916.00000000017D0000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911946359.00000000017D3000.00000004.00020000.sdmp Download File
      • Associated: 00000000.00000002.911961446.00000000017D7000.00000002.00020000.sdmp Download File
      Joe Sandbox IDA Plugin
      • Snapshot File: hcaresult_0_2_1310000_acrotray.jbxd
      Similarity
      • API ID: AddressHandleModuleProc
      • String ID: Kernel32.dll
      • API String ID: 1646373207-1926710522
      • Opcode ID: b7981eb2a468d1e572b35ab130f69801744bf20b3e6863a3e1433201eed6b131
      • Instruction ID: ddad04cd82ec00b420c2d9106aec2c9604df152a85d1a3b38c24ffc90c7a6805
      • Opcode Fuzzy Hash: b7981eb2a468d1e572b35ab130f69801744bf20b3e6863a3e1433201eed6b131
      • Instruction Fuzzy Hash: F9D05EB63052099B97209FF9BD58AA37BACAB14A547049426F908C2524EB30E020DB24
      Uniqueness

      Uniqueness Score: -1.00%