Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Acrobat.exe

Overview

General Information

Sample Name:Acrobat.exe
Analysis ID:564109
MD5:3278b84676d51b36581579cd32e34ad0
SHA1:e7df282e19dcc52a33473cf9b5a250e21a733b34
SHA256:11358342f7c94f499c85068edfb003bb427b39423936c16244fb382dd4a7fea0
Errors
  • Corrupt sample or wrongly selected analyzer. Details: 36B1

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6708 cmdline: "C:\Users\user\Desktop\Acrobat.exe" MD5: 3278B84676D51B36581579CD32E34AD0)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Acrobat.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
Source: Acrobat.exeStatic PE information: certificate valid
Source: Acrobat.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatExe.pdb source: Acrobat.exe
Source: Acrobat.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Acrobat.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: Acrobat.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Acrobat.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Acrobat.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Acrobat.exeString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Acrobat.exeString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: Acrobat.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Acrobat.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Acrobat.exeString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Acrobat.exeString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: Acrobat.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Acrobat.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Acrobat.exeString found in binary or memory: http://ocsp.digicert.com0H
Source: Acrobat.exeString found in binary or memory: http://ocsp.digicert.com0I
Source: Acrobat.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: Acrobat.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: Acrobat.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Acrobat.exeString found in binary or memory: https://clients2.google.com/service/update2/crxupdate_urlBrowser
Source: Acrobat.exeString found in binary or memory: https://mail.google.com/
Source: Acrobat.exeString found in binary or memory: https://msmip.reader.com/authorize
Source: Acrobat.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: Acrobat.exeString found in binary or memory: https://www.google.com/m8/feeds
Source: Acrobat.exeString found in binary or memory: https://www.googleapis.com/auth/contacts.readonly
Source: Acrobat.exeString found in binary or memory: https://www.googleapis.com/auth/drive
Source: Acrobat.exeString found in binary or memory: https://www.googleapis.com/auth/gmail.compose
Source: Acrobat.exeString found in binary or memory: https://www.googleapis.com/auth/userinfo.profile
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00234190 GetCurrentProcessId,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetProcessWindowStation,SetProcessWindowStation,LocalFree,CreateDesktopW,LocalFree,SetProcessWindowStation,CreateWellKnownSid,GetSecurityInfo,CopySid,SetEntriesInAclW,SetSecurityInfo,LocalFree,LocalFree,0_2_00234190
Source: Acrobat.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
Source: Acrobat.exe, 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: /\VarFileInfo\Translation\D:\B\T\Imports\Open\Chrome\Chrome\src\base\file_version_info_win.ccCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls vs Acrobat.exe
Source: Acrobat.exeBinary or memory string: M\VarFileInfo\Translation\D:\B\T\Imports\Open\Chrome\Chrome\src\base\file_version_info_win.ccCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls vs Acrobat.exe
Source: Acrobat.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: Acrobat.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Acrobat.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0025B0C00_2_0025B0C0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002481B00_2_002481B0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0041529C0_2_0041529C
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003FD4B00_2_003FD4B0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0023E5600_2_0023E560
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002385600_2_00238560
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0040A58D0_2_0040A58D
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003046600_2_00304660
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0025A8600_2_0025A860
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_004169AE0_2_004169AE
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00315A100_2_00315A10
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00416ACE0_2_00416ACE
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0022EAB00_2_0022EAB0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00259A800_2_00259A80
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00334AC00_2_00334AC0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003F4B6D0_2_003F4B6D
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0024BBF00_2_0024BBF0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00232BC40_2_00232BC4
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00358C300_2_00358C30
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00234C500_2_00234C50
Source: C:\Users\user\Desktop\Acrobat.exeCode function: String function: 00231DE0 appears 170 times
Source: Acrobat.exeStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002F6790 FormatMessageA,GetLastError,0_2_002F6790
Source: Acrobat.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00307890 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00307890
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002AE8A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,InitiateSystemShutdownW,AdjustTokenPrivileges,CloseHandle,0_2_002AE8A0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002B6C70 Sleep,TerminateProcess,SetLastError,OpenProcess,CreateFileW,GetLastError,WaitNamedPipeW,CreateFileW,LoadResource,LockResource,SizeofResource,GetCurrentProcessId,SetNamedPipeHandleState,TransactNamedPipe,CloseHandle,CreateFileW,0_2_002B6C70
Source: Acrobat.exeString found in binary or memory: acrobat2020://dc/launchToolWithFiles?
Source: Acrobat.exeString found in binary or memory: browser-startup-dialog
Source: Acrobat.exeString found in binary or memory: enable-service-binary-launcher
Source: Acrobat.exeString found in binary or memory: gpu-launcher
Source: Acrobat.exeString found in binary or memory: gpu-sandbox-start-early
Source: Acrobat.exeString found in binary or memory: gpu-startup-dialog
Source: Acrobat.exeString found in binary or memory: ppapi-plugin-launcher
Source: Acrobat.exeString found in binary or memory: ppapi-startup-dialog
Source: Acrobat.exeString found in binary or memory: renderer-startup-dialog
Source: Acrobat.exeString found in binary or memory: utility-startup-dialog
Source: Acrobat.exeString found in binary or memory: gpu2-startup-dialog
Source: Acrobat.exeString found in binary or memory: pkS/w/a/if/ubDisableApplyReadPolicyDDEOpenacrobat2018://dc.acrobat.com/link/review?acrobat2018://documentcloud.adobe.com/link/review?acrobat2018://dc.stage.acrobat.com/link/review?acrobat2020://dc/launchToolWithFiles?tool=&DefaultAppEditPDFAppCommentAppProtectAppRedactApp/U\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Software\Adobe\Adobe Acrobat\DC\InstallPath\plug_ins\Test_Tools\aaFEAT.api\plug_ins\MSRMS.apibAllowTestDomainsSOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebugDebuggerdrwtsn32.exe\WerFault.exe\DWwin.exe%ld%lu%p%x%X "%s -u -p %d -s %d%s -x -s %udwwin.exeNWbIsUserEntitledRegistry set for Kaizen Purchase from Browser D:\B\T\Acrobat\Viewer\win\sandbox_broker\server\policy_configurator.cppCommonSoftware\Adobe\Adobe Acrobat\DC\FEAT\cFeatDir*.ajt*.uifProgramW6432\Adobe\Acrobat\Privileged\DC\Microsoft\Crypto\RSA\Arcot\Ids\Microsoft\Outlook*.dll*.manifest*.config*.p12*.pfx\Adobe\Acrobat\%d.0\Microsoft\IME*\Microsoft\IMJP*\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\\Adobe\OperatingConfigs\*\Adobe\Asnps\*\Adobe\Certificates\*\Adobe\Adobe PDF\*.joboptions\Adobe\XMP\\Adobe\PIITEMPTMP\Temp\JFEAT_temp*\Temp\Low\Temp\Adobe\Acrobat\DC`
Source: Acrobat.exeString found in binary or memory: Hrunas/PRODUCT:Acrobat /VERSION:21.0 /MODE:Adobe_Acrobat_DC_2Acrobat_SCA_Mini_InterENU_LOCAcrobat_SCA_Inter_FullAcrobat_SCA_Mini_FullFont_Dict_PackReader_Old_SCA_Mini_Acrobat_Old_SCA_InterAcrobat_Old_SCA_ExtendedAcrobat_SCA_Full_Opt/InstallOnDemand: /LANG: /dUI /mUI{AC76BA86-0000-0000-7760-7E8A45000000}InstallLocation/ArmPrefs /PRODUCT:Acrobat /PRODUCT_CODE: /MODE:\Adobe\ARM\1.0\AdobeARMHelper.exeAdobe_Acrobat_DC /ARGS:@@/setupcmd /slf@@Adobe_Acrobat_DC_Classic_2017Adobe_Acrobat_DC_Classic /ARGS:@@ISX_SERIALNUMBER= /setupcmd /smUA /slf@@\Eula.exeAdobe Acrobat Reader DC;%u;%uC63E89DC-9712-40e4-9CDB-B3BE855B6C79C7764963-1E50-4f24-91A4-A1BC5EBA2747C43FCC54-5B86-4525-B9C3-5C382D06C790%s%x %s%x %s%x %u --alloweddir="%s"%s%x %s%x %s%x %u\AcroTextExtractor.exe"%s" -cDigital EditionsAdobe Digital Editions SOFTWARE\AdobeInstallPath.etd.edn\plug_ins\Test_Tools\pi_brokers\*.exe\plug_ins\pi_brokers\*.exe\plug_ins\Test_Tools\pi_brokers\bEnable3rdPartyBroker64BitMAPIBroker.exe\plug_ins\pi_brokers\"%s" --broker=%s --ipc=%s --proc=%s"%s" --ipc=%s --proc=%sbRunMSRMSBrokerLowIntegrityMSRMSPIBroker.exe\Acrobat.exe--channeltypecom.adobe.acrobat.rna.%s.%s.0com.adobe.acrobat.rna.%x
Source: Acrobat.exeBinary string: O\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dllkernel32.dll
Source: Acrobat.exeBinary string: HNtOpenKeyExNtCreateKey: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\registry_dispatcher.ccConsider modifying policy using this policy rule: REG_ALLOW_ANYNtOpenKey: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
Source: Acrobat.exeBinary string: A@\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
Source: Acrobat.exeBinary string: A4057363broker_pdfshell_sh/if/id %uAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Software\Adobe\Acrobat Reader\DC\FeatureStateSoftware\Adobe\Adobe Acrobat\DC\FeatureState
Source: Acrobat.exeBinary string: 4075174mmdevapi.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: H\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: jump url received err = %dPDApp.exePerpetualV7{}AcrobatCont-12-Win-GM\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\invalid stod argumentstod argument out of range%fpgh
Source: Acrobat.exeBinary string: FNtCreateSection: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\signed_dispatcher.ccreal_path: NtOpenSection: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
Source: Acrobat.exeBinary string: M\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Acrobat_BaseAcrobat_ProfessionalAcrobat_DistillerAMT_SUBSCRIPTIONAMT_REDUCED_TRIAL_NAGS_NONEAMT_ACTIVATION_DISABLEDAMT_ALLOW_DRAGDROP_INSTALLAMT_RESIDUAL_MODE$gh
Source: Acrobat.exeBinary string: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\dch
Source: Acrobat.exeBinary string: M\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\SystemTopicsSysItemsSystemFormatsCF_TEXTStatusReadyHelpYou are connected to Adobe Acrobat.ReturnMessage
Source: Acrobat.exeBinary string: GCreateEvent: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sync_dispatcher.ccOpenEvent: STATUS_ACCESS_DENIEDConsider modifying policy using these policy rules: EVENTS_ALLOW_ANY\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\7d
Source: Acrobat.exeBinary string: L\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Ntdll.dllNtQueryInformationProcessSTATIC_acroS_winAcroPDF.dllAcroPDFImpl.dllNPPdf32.dllPDFPrevHndlr.dllPDFPrevHndlrShim.dllPDFThumbHndlr.dllPDFShell.dllPDFPropHndlr.dllAcroSBL/b/id/id4057363/if%s_%lu_%lu/acGeckoPluginWindowplugin-container.exe4021007AcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exeSTATICswBrowser|acr|\FNP_Act_Installer.dll|acr|\SynchronizerApp.exe|acr|\Javascripts\JSByteCodeWin.bin|acr|\AdobeUpdater.dll|sys|\ddraw.dll|sys|\dciman32.dllAdobeAcrobatSpeedLaunchCmdWndSOFTWARE\Adobe\Adobe Acrobat\DC\AcroSpeedLaunchAcrobatSDIWindowAdobeAcrobatAcrobatTimerWndAcrobat runningMcShieldAvSynMgrnavapsvcAntiVirServiceAVPekrnIsVirusCheckerPresentServicesActivefound servicerunningIsVirusCheckerPresent doneAbortWM_CLOSEerr in TimeoutOrExitWaitUntilTimeoutOrMustExitOrVirusCheckerPresenterr in checkerSetThreadPriority worker thread lownot all ops, go into vc modewaitingmsvcr100.dllmsvcp100.dlldo Opsworker throw!worker doneTerminate thread!
Source: Acrobat.exeBinary string: :Zone.Identifierfeatmonitorapp.exeIPTip_Main_WindowSoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32%CommonProgramFiles%CommonProgramW6432Software\Adobe\Adobe Acrobat\DC\AVGeneralbProtectedModebHasAcrobatConsentDCSoftware\Adobe\Acrobat Reader\DC\PrivilegedContinuous.lnk\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\SeChangeNotifyPrivilegeS:(ML;;;;;)S-1-16-16384S-1-16-12288S-1-16-8192S-1-16-6144S-1-16-4096S-1-16-2048S-1-16-0NtCreateLowBoxToken\Sessions\%d\AppContainerNamedObjects\%lsNtCreateDirectoryObject\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: XFatlTraceGeneral\??\\Device\\\?\UNC\\??\UNC\/?/UNC/atlTraceCOM\?\UNC\\??\pipe\\??\mailslot\atlTraceQI\\?\\\.\\\atlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLib:Invalid DateTimeInvalid DateTimeSpanMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exceptionMath overflow exception (cont.) (cont.)Math overflow exceptionrSOFTWARE\Adobe\AcroPerfMath overflow exceptionbLaunchTimingMath overflow exceptionbExtendedProfilingMath overflow exceptionbDetailedHandlerProfilingMath overflow exceptiontOutputDirMath overflow exceptionMath overflow exceptionlabeled blockMath overflow exceptionMath overflow exceptionbFilemonMarkersrpYh
Source: Acrobat.exeBinary string: #O\\.\\\?\CreateNamedPipe: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\named_pipe_dispatcher.ccname: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\invalid stoull argumentstoull argument out of range
Source: Acrobat.exeBinary string: XFPDFMOutlook.PDFMOutlookSubjectEntryID\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\$
Source: Acrobat.exeBinary string: ^\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\,mh0
Source: Acrobat.exeBinary string: ONtCreateFile: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\filesystem_dispatcher.ccreal path: NtOpenFile: STATUS_ACCESS_DENIEDNtQueryAttributesFile: STATUS_ACCESS_DENIEDNtQueryFullAttributesFile: STATUS_ACCESS_DENIEDNtSetInformationFile: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\kernel32.dll
Source: Acrobat.exeBinary string: JVKerberos\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\\.\pipe\ko.%x.%x.%x
Source: Acrobat.exeBinary string: \"}{\LogTransport2.exeLogTransport2.exeNOVALUE\verclsid.exeverclsid.exe/S/C/I/XIMEPADSV.EXEEmbeddingimjpuex.exeimjpdct.exeifSharedPathModulePathSOFTWARE\Microsoft\IMEJPSOFTWARE\Microsoft\IMEJP\%s\directories\ime\shared\acrotray.exe/Q\acrodist.exe--UseSystemFonts--EditSecurity-C:7--HWND:-J/E/N/P/J/O.pdf.psupdatepvbpreferencepersistmachineiddontsendcreatedumpsendlogsolutionurlopenadobetermsandconditionsopensolutionurldummy\CRWindowsClientService.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Photoshop.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Illustrator.execImageEditorcObjectEditorSOFTWARE\Classes\Applications\mspaint.exe\shell\edit\commandbEnableEditUsingacrobat_sbxSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\notepad++.execJSEditorSOFTWARE\Classes\Applications\notepad.exe\shell\edit\commandD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\process_thread_dispatcher.ccexe name: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
Source: Acrobat.exeBinary string: AcroCEF\AcroCEF.exeAcroCEF.exeHKEY_PERFORMANCE_TEXTHKEY_PERFORMANCE_NLSTEXT\Device\HarddiskVolumepipe\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\4202392~NtQueryObjectRtlNtStatusToDosErrorRtlCompareUnicodeString\Device\WinDFSA:CdmRedirectorVolume\Device\HarddiskVolumeDirectoryFileEventSectionKey<>:"\|?*Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDownbEnableSameObjectCheckbSupportRDSUPDSYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettingsUvhdEnabledbFilePathPreprocessingShortcutEnabled
Source: Acrobat.exeBinary string: O@:Fg_interceptionsNtMapViewOfSectionNtUnmapViewOfSectiong_originals\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Invalid Object foundD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\filesystem_policy.ccrequested path: actual path: Unexpected handle for path: Unexpected handle\/?/?\?:?:\\/?/?\UNC\Failed to process path (recursion detected): error code:Failed to process path:Unexpected error in path processing of:Unexpected error in source path processing of:::$DATA:$I30:$INDEX_ALLOCATION::$INDEX_ALLOCATION\\.\pipe\\\.\mailslot\Invalid path: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\\?\pipe\\Device\NamedPipe\SameObject check failed: D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\named_pipe_policy.ccntdll.dllkernel32.dllNtAllocateVirtualMemoryNtCloseNtDuplicateObjectNtFreeVirtualMemoryNtProtectVirtualMemoryNtQuerySectionNtQueryVirtualMemoryNtSignalAndWaitForSingleObjectNtWaitForSingleObjectRtlAllocateHeapRtlAnsiStringToUnicodeStringRtlCreateHeapRtlCreateUserThreadRtlDestroyHeapRtlFreeHeap_strnicmpstrlenwcslenmemcpy_wcsnicmpswprintf_sNtQueryInformationThreadNtSetInformationFileNtDeleteValueKeyNtCreateMutantNtOpenMutantNtOpenSectionNtAddAtomNtFindAtomNtDeleteAtomNtQueryInformationAtomg_ntNtSetInformationThreadNtOpenThreadTokenNtOpenThreadTokenEx\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtSuspendProcessNtResumeProcessNtCreateProcessExntdll.dllInitializeProcThreadAttributeListUpdateProcThreadAttributeCreateProcessWAction: STATUS_ACCESS_DENIEDD:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\process_thread_policy.ccapp name: command line: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ for: Unexpected D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\registry_policy.ccReal path: CreateKeyOpenKey\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Handle AccessCheck failed: D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\signed_policy.cc\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtQuerySymbolicLinkObjectNtOpenSymbolicLinkObject%d\Sessions\BNOLINKSNtCreateEventNtOpenEvent\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\0nF
Source: Acrobat.exeBinary string: CTmuomusReinstallMode\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: J=GetCurrentPackageFullNameGetCurrentApplicationUserModelIdGetCurrentPackagePathacrobat2021.oauth2:/gdlogin/?redirect_urlreader2021.oauth2:/gdlogin/?acrobat2021.oauth2://boxlogin/?reader2021.oauth2://boxlogin/?acrobat2021.oauth2://dboxlogin/?reader2021.oauth2://dboxlogin/?acrobat2021.oauth2://odplogin/?reader2021.oauth2://odplogin/?acrobat2021.oauth2://odblogin/?reader2021.oauth2://odblogin/?session_stateerroraccess_deniedWinHttpAddRequestHeadersWinhttp.dllWinHttpOpenWinHttpConnectWinHttpOpenRequestWinHttpSendRequestWinHttpReceiveResponseWinHttpQueryHeadersWinHttpQueryAuthSchemesWinHttpSetCredentialsWinHttpQueryDataAvailableWinHttpReadDataWinHttpCloseHandleWinHttpSetTimeouts\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: B\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: verifier.dllD:\B\T\Imports\Open\Chrome\Chrome\src\base\process\launch_win.cc\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\1.3.14.3.2.26\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Rich Text FormatASELHTML FormatXML Spreadsheetair:reference:TEXT_LAYOUT_MARKUPair:serialization:TEXT_LAYOUT_MARKUPEnterpriseDataProtectionId\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Mozilla / 3.0 (compatible; Adobe NGL; Windows)\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: VFileGroupDescriptorObject DescriptorXMLNetscape BookmarkUniformResourceLocatorUniformResourceLocatorWCsvXMLDataCF_ENHMETAFILENotes Private DataAcrobat32_Broker_Drop_HandlerAcrobat32_Broker_Drop_Handler_This_Ptr\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Shell32.dllSHCreateItemFromParsingName6Q
Source: Acrobat.exeBinary string: \\\?\.dll.apibad allocationSOFTWARE\Adobe\Adobe Acrobat\DC\InstallPathSOFTWARE\Adobe\Acrobat Reader\DC\InstallPath|ci||cpg||cc||cpt||cpe||cf||csu||cr||cst||cbb||csm||cdd||cdr||cn||cnh||cfo||ct||ccsm||ccp||ccs||ccd||cad||cph||cas||cca||ccf||cic||cco||ch||cmm||cla||ccad||cpf||cmp||cpfc||ccdc||crs||crl||ccam||cat||tmp||win||sys||root||ladl||acr||acrp||rdr||rdrp|An update to Acrobat or Reader is being installed. Please wait until installation is complete and then try again.atlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistraratlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinAcroUnloadStubMsgAcroReloadStubMsgAcrobatUnloadMsgAcrobatReloadMsgAcroStubUnloadWClassAcroStubUnloadWClassAcroStubUnloadWClassatlTraceNotImplatlTraceAllocationSOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUISOFTWARE\Adobe\Adobe Acrobat\DC\LanguageUIAcroUnloadStubMsgAcroReloadStubMsgatlTraceExceptionAcroRd32.dllAcrobat.dllAcRd32_D.dllAcroDbg.dllSOFTWARE\Adobe\Adobe Acrobat\DC\appvatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPISMDBValForceRemoveNoRemoveDeleteAppIDCLSIDComponent CategoriesFileTypeInterfaceHardwareMimeSAMSECURITYSYSTEMSoftwareTypeLibAcrobat.dllAcrobat32OL.dllSoftware\Adobe\Adobe Acrobat\DC\SecurityDEPSoftware\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDownbEnableATL7Compatkernel32.dllGetProcessDEPPolicykernel32.dllSetProcessDEPPolicyntdll.dllNtSetInformationProcess\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\AppDoNotTakePDFOwnershipAtLaunchAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt /if/if pdfshell_prev/CRlaunchCEFInLowIntegrityAdobeAcrobatSpeedLaunchCmdWndAdobeReaderSpeedLaunchCmdWndAcrobat Viewer Safe DDEacrobat_sbxEDIT/if/CR/ac/actuser32.dllSetProcessDPIAwareacrobatres.dllAXE8SharedExpat.dll/dllLoad AppInitEventbProtectedModeSOFTWARE\Policies\Adobe\Adobe Acrobat\DCbIPMTurnedPMONbLastExitNormaliForceExitReasonSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\ExitSectionSoftware\Adobe\Adobe Acrobat\DC\ExitSectioniPMFallbackSoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegediPMFallbackbProtectedMode\x86\Acrobat\Acrobat.exe/dllLoadbLTEnableDLLOptimizationAdobe AcrobatSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownDC_AcroAppTimerAcroExe load doneacrord32_super_sbx/if/ifpdfshell_prev/slModebAllowWindowCreationOnBrowserSoftware\Adobe\Adobe Acrobat\DC\PrivilegedUseSandboxModalWndReparenting/slModeopenSoftware\Adobe\Adobe Acrobat\DC\AVGeneraliSLExitTimeHighPartiSLExitTimeLowPartFatal ErrorAcrobat failed to load its Core DLLhttps://helpx.adobe.com/acrobat/kb/acrobat-failed-load-core-dll.htmlAcroWinMainSandbox\??\AcroviewA21CALS_PreflightDdeService\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ControlCALS_DropletCALS_DdeDropletFileCALS_DdeFileNa
Source: Acrobat.exeBinary string: cadialhk.dllacpiz.dllactivedetect32.dllactivedetect64.dllairfoilinject3.dllakinsofthook32.dllassistant_x64.dllatcuf64.dllavcuf64.dllavgrsstx.dllbabylonchromepi.dllbtkeyind.dllcmcsyshk.dllcmsetac.dllcooliris.dllcplushook.dlldockshellhook.dlleasyhook32.dlleasyhook64.dllesspd.dllgoogledesktopnetwork3.dllfwhook.dllguard64.dllhookprocesscreation.dllhookterminateapis.dllhookprintapis.dllimon.dllicatcdll.dllicdcnl.dllioloHL.dllkloehk.dlllawenforcer.dlllibdivx.dlllvprcinj01.dllmadchook.dllmdnsnsp.dllmoonsysh.dllmpk.dlln64hooks.dllnpdivx32.dllnpggNT.desnpggNT.dllnphooks.dlloawatch.dllpastali32.dllpavhook.dllpavlsphook.dllpavshook.dllpavshookwow.dllpctavhook.dllpctgmhk.dllpicrmi32.dllpicrmi64.dllprntrack.dllprochook.dllprotector.dllradhslib.dllradprlib.dllrapportnikko.dllrlhook.dllrooksdol.dllrndlpepperbrowserrecordhelper.dllrpchromebrowserrecordhelper.dllr3hook.dllsahook.dllsbrige.dllsc2hook.dllsdhook32.dllsguard.dllsmum32.dllsmumhook.dllssldivx.dllsyncor11.dllsystools.dlltfwah.dllwblind.dllwbhelp.dllwindowsapihookdll32.dllwindowsapihookdll64.dllwinstylerthemehelper.dllD:\B\T\Imports\Open\Chrome\Chrome\src\services\service_manager\sandbox\win\sandbox_win.ccCreateAppContainerProfileSandbox container for Acrobat Reader Protected ModeAdobe Acrobat Reader DC Protected ModeAdobe.AcrobatReaderDC.ProtectedMode|bLTEnableConcurrencyInBrokerInit01DWSPY36.dll:1|CwComijt.dll:1|cscore.dll:1|vozokopot.dll:1|DreyeiMHook.dll:1|Dev2Dl32.dll:1|Nsccor01.dll:1|nsccor03.dll:1|DSTermPr.dll:1|jesterrun0.dll:1|DreyelMhook.dll:1|druver.dll:1|vpnlsp_x32.dll:1|msnhook.dll:1|hooker.dll:1|pcsw.dll:1|AntiExploitCore.dll:1|netchatidle.dll:1tDllLoadPermtDllLoadPerm_Computeonly4220220S-1-15-2-3805855342-111495108-2588610986-3809954156-747251120-2599371852-2534338891policy error:acrobat.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\RtlInitUnicodeStringntdll.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: H\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\IsWow64Process2SetDefaultDllDirectoriesSetProcessMitigationPolicy\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\NtSetInformationProcesssecurity descriptor - error:D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\target_process.ccCreateProcessAsUserW failed to create sandbox process - error:job object - error:set thread token - error:g_shared_sectiong_shared_IPC_sizeg_shared_policy_size\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: pkS/w/a/if/ubDisableApplyReadPolicyDDEOpenacrobat2018://dc.acrobat.com/link/review?acrobat2018://documentcloud.adobe.com/link/review?acrobat2018://dc.stage.acrobat.com/link/review?acrobat2020://dc/launchToolWithFiles?tool=&DefaultAppEditPDFAppCommentAppProtectAppRedactApp/U\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Software\Adobe\Adobe Acrobat\DC\InstallPath\plug_ins\Test_Tools\aaFEAT.api\plug_ins\MSRMS.apibAllowTestDomainsSOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebugDebuggerdrwtsn32.exe\WerFault.exe\DWwin.exe%ld%lu%p%x%X "%s -u -p %d -s %d%s -x -s %udwwin.exeNWbIsUserEntitledRegistry set for Kaizen Purchase from Browser D:\B\T\Acrobat\Viewer\win\sandbox_broker\server\policy_configurator.cppCommonSoftware\Adobe\Adobe Acrobat\DC\FEAT\cFeatDir*.ajt*.uifProgramW6432\Adobe\Acrobat\Privileged\DC\Microsoft\Crypto\RSA\Arcot\Ids\Microsoft\Outlook*.dll*.manifest*.config*.p12*.pfx\Adobe\Acrobat\%d.0\Microsoft\IME*\Microsoft\IMJP*\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\\Adobe\OperatingConfigs\*\Adobe\Asnps\*\Adobe\Certificates\*\Adobe\Adobe PDF\*.joboptions\Adobe\XMP\\Adobe\PIITEMPTMP\Temp\JFEAT_temp*\Temp\Low\Temp\Adobe\Acrobat\DC`
Source: Acrobat.exeBinary string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplicationSOFTWARE\Adobe\Adobe Acrobat\{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 IS_COEX_REPAIR=1 /qn/i msiexec.exe/i AppDoNotTakePDFOwnershipAtLaunch ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qnmsiexec.exeAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Dev
Source: Acrobat.exeBinary string: TSOFTWARE\Microsoft\Office\11.0\Common\InstallRootSOFTWARE\Microsoft\Office\11.0\Outlook\InstallRoot\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\invalid stol argumentstol argument out of range
Source: Acrobat.exeBinary string: NUnknownDefaultNtCreateFileNtOpenFileNtQueryAttributesFileNtQueryFullAttributesFileCreateNamedPipeWNtOpenThreadNtOpenProcessNtOpenProcessTokenNtOpenProcessTokenExCreateProcessWNtCreateKeyNtOpenKeyCreateThreadNtCreateSectioncompute-only-brokercompute-only-rendereripc-co-channelipc-rdr-channeltyperenderershell-broker-channelipc-cef-channellocaleservice-sandbox-typenonenone_and_elevatednetworkppapiutilitycdmprint_compositoraudiosharing_servicespeech_recognitionvideo_capturepdf_conversionproxy_resolverxr_compositingallow-no-sandbox-joballow-sandbox-debuggingdisable-gpu-sandboxdisable-namespace-sandboxdisable-seccomp-filter-sandboxdisable-setuid-sandboxdisable-win32k-lockdownenable-audio-service-sandboxgpu-sandbox-allow-sysv-shmgpu-sandbox-failures-fatalno-sandboxallow-third-party-modulesadd-gpu-appcontainer-capsno-sandbox-and-elevatedadd-xr-appcontainer-capsgpu-processnacl-brokernacl-loaderppapi-brokerppapiutilityservicezygotentdll.dll\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\@`
Source: Acrobat.exeBinary string: @jH\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\`lh
Source: Acrobat.exeBinary string: eH', pattern = ', semantics = , subsystem = error = Failed to add sandbox rule.D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sandbox_policy_base.ccinterceptions setup failed - error:process initialization failed - error:g_shared_delayed_integrity_levelg_shared_delayed_mitigationsCreateAppContainerToken\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: A\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: XF\??\\Device\x
Source: Acrobat.exeBinary string: Q{"chainedWorkflow" : false, "entryResourceId" : "%s", "entryQueryString" : "%s", "id" : "%s", "instanceId" : "<guid>", "interceptUrl" : "https://oobe.adobe.com/", "type" : "%s", "version" : %d, "workflowIdCode" : %d}\Common Files\Adobe\OOBE\PDApp\P7\IMSLib.dllfdaa587852001bad7bf1e81ed275b822d2bc812f4eeeab092da60b7066ab2bfa--signout--proxycredentials--updateidentity--filepathNGLUInfomodesourceproxyusernameproxypasswordprofileinfodevicetokendeviceiduserprofileuserguidsignoutproxycredentialsupdateidentity\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: FNtCreateMutant: STATUS_ACCESS_DENIEDD:\B\T\Acrobat\Viewer\win\sandbox_broker\server\mutant_dispatcher.ccNtOpenMutant: STATUS_ACCESS_DENIED\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\4jh
Source: Acrobat.exeBinary string: NBrokerEvent0x%XFailed to construct job object for sandbox process - error:D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\broker_services.ccFailed to construct restricted tokens for sandbox process - error:4277065__security_cookieg_sandbox_winsta_handleg_sandbox_desktop_handleg_sandbox_main_thread_idg_broker_already_in_job_that_prohibits_breakawayg_is_compute_only_sandboxg_under_appv_virtualizationg_in_pm_appcontainerg_in_pv_appcontainer%sg_appcontainer_named_object_directory_handleg_appcontainer_object_dirg_broker_process_idFailed to add target - error:AcroBrokerSessionEndMsgListenerClassAcroBrokerSessionEndMsgListener\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: MAPIAddresssmtp:\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: XFatlTraceGeneralatlTraceCOMatlTraceQI\??\atlTraceRegistrar\Device\\\?\UNC\atlTraceRefcount\??\UNC\/?/UNC/\?\UNC\atlTraceWindowing\??\pipe\\??\mailslot\\\?\atlTraceControls\\.\\\atlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceExceptionatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPI%d.%u.%d/cr/bbEnforceReadRestrictionsSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownbEnableAlternateLaunchDesktopSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdownbEnableAlternateTempDirectorySoftware\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbEnableHeapMitigationsbEnableProcessIntegrityMitigationsbEnableEnhancedPolicyRestrictionsbEnableGlobalAtomRestrictionsbPreventCreatingExecutablesbEnableBinaryPlantingProtectionbDisableMultiplePrefetchiPMAppContainerStateSoftware\Adobe\Adobe Acrobat\DC\AVGeneraliSandboxExitCodeSoftware\Adobe\Adobe Acrobat\DC\AVGeneral\cSandboxLaunchFailureiOptionSelectediLastErrorValueiIsBrowserLaunchiIsCaptiveReaderLaunchiSandboxResultCodeiIsProtectedViewbIPMEnabledAppContainerpdfshell_prevbEnableStrictHandleCheckProtectionbEnableNonsystemFontRestrictionsbPVAppContainerFallback0x%XbEnableRemoteDllLoadRestrictionsbPMAppContainerFallback.bEnableLowLabelDllLoadRestrictionsSoftware\Adobe\Adobe Acrobat\DC\AVGeneralCoInitializeSecurity() failed, result=0xSoftware\Adobe\Adobe Acrobat\DC\AVGeneral\cSandboxLaunchFailure/if/mspSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbEnableProtectedModeAppContainer/CRDebugSOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown/ifSiPMAppContainerLaunchFailureFallbackSandbox Process Initialization Failed - error:/CRMbEnableProtectedViewAppContainer/ICDbEnableProtectedModeAppContainerbIPMTurnedPMONbPMSandboxFallbackbProtectedModeFailed to create a security descriptor4057363BbAllowFallbackForAdminEnforcedSandbox/b/l/ifNoRemovebEnableAppContainerForDebuggingbEnableProtectedModeAppContainer/idInvalid DateTimeSoftware\Adobe\Adobe Acrobat\DC\PrivilegedbProtectedModeHandshake with Sandbox Process FailedD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppbProtectedMode/CRInvalid DateTimeSpanD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppbProtectedMode/CR:Software\Adobe\Adobe Acrobat\DC\PrivilegedSoftware\Adobe\Adobe Acrobat\DC\PrivilegediPVAppContainerLaunchFailureFallbackReleaseAppIDbEnableProtectedViewAppContainer/CRCLSIDbEnableProtectedViewWin32kLockdownD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppMakeScopedAbsoluteSd() failedAcrobatComponent CategoriesD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp/bAcroCEF\AcroCEF.exeFileTypeD:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cppUnknown process type/r/VAcroCEF\RdrCEF.exeRdrCEF.exeAcroCEF.exe
Source: Acrobat.exeBinary string: Wh@#M4Xhp"M\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: yTROOTMYROOTCATrustUserDSADDRESSBOOKAdobe Proxy UsernameAdobe Proxy PasswordAdobe App Info Adobe App Info (STG) Adobe App Prefetched InfoAdobe App Prefetched Info (STG)Adobe User InfoAdobe User Info (STG)Adobe User OS InfoAdobe Dummy CredentialAlgorithm GroupHWND HandleSmartCardPinECCPUBLICBLOBHASH\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\Hdh
Source: Acrobat.exeBinary string: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\ntdll.dll
Source: Acrobat.exeBinary string: ?\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: cnullbooleanintegerdoublestringbinarydictionarylist\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: V\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\
Source: Acrobat.exeBinary string: \??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\widthheightredirect_urihttps://oobe.adobe.comLOCALLY_STORED_WORKFLOWworkflow_completed=trueworkflow_completed=falsehttps://oobe.adobe.com/delegation_starthttps://oobe.adobe.com/delegation_endhttps://oobe.adobe.com/delegation_errorhttps://oobe.adobe.com/federation_starthttps://oobe.adobe.com/federation_endhttps://oobe.adobe.com/federation_errorinternal_urlworkflow=LOADINGexternal_urllaunch_externalrenga-idprovider/pages/newwindow?new_url=navigation_errorresize_containerresize_redirect?error=target_url@
Source: Acrobat.exeBinary string: ((((44448888<<<<\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\>><<dialogTitleinfoURLlchostNamecachingEnabledtrackingEnabledtrackingDefaultcontrolWidthcontrolHeightstaticPanelWidthmarginreturnCodecachingConfirmedtrackingConfirmedcookieString
Source: Acrobat.exeBinary string: P`(@\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\DISPLAY\\.\DISPLAYDISPLAY\\.\DISPLAYSbxWINSPOOLWINSPOOLLPK.DLLGDI32.DLLGdiInitializeLanguagePack4221516VT$m\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\dummyHandleMozilla/3.0 (compatible; Acrobat 5.0; Windows)dummyHandleMozilla/3.0 (compatible; Acrobat 5.0; Windows)\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\CicMarshalWndClassmsctf.dllMSUIM.Msg.RpcSendReceiveAVL_AVViewSWFlash_PlaceholderXshell32.dllshlwapi.dllshcore.dllwindows.storage.dllsapi.dll%.*s%s%.*s
Source: Acrobat.exeBinary string: IDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsDocOpenDocPrintFilePrintFilePrintExFilePrintSilentFilePrintSilentExFilePrintToFilePrintToExFileTrustedPrintToExFileTrustedPrintSilentExFileTrustedPrintExFileOpenUntitledFileOpenFileOpenExFileOpenMinimizedFileTrustedOpenMinimizedFileTrustedOpenExFileOpenWithParamsFileTrustedOpenWithParamsHandleAcroURLAcroCEF\RdrCEF.exeAcroCEF\AcroCEF.exeRdrCEF.exeAcroCEF.exe\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\list too longatlTraceGeneralatlTraceCOMatlTraceQIatlTraceRegistrar_pptExport.emfatlTraceRefcountatlTraceWindowingatlTraceControlsatlTraceHostingatlTraceDBClientatlTraceDBProvideratlTraceSnapinatlTraceNotImplatlTraceAllocationatlTraceException.tmp.pdfatlTraceTimeatlTraceCacheatlTraceStencilatlTraceStringatlTraceMapatlTraceUtilatlTraceSecurityatlTraceSyncatlTraceISAPICount
Source: Acrobat.exeBinary string: Ywww.stage.acrobat.comacro_purchase_signacro_purchase_completeacro_purchase_tntacro_purchase_closeBrowserims\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\`
Source: Acrobat.exeBinary string: cCZECSYGREELLSUOFINPOLPLKRUMROMTURTRKMNGMONESPESN\Locale\\brdlang32.Software\Adobe\Adobe Acrobat\DC\Language\current\brdlang32SYSTEM\CurrentControlSet\Control\FileSystemLongPathsEnabled\??\\Device\\\?\UNC\\??\UNC\/?/UNC/\?\UNC\\??\pipe\\??\mailslot\\\?\\\.\\\P
Source: classification engineClassification label: unknown6.winEXE@1/0@0/0
Source: Acrobat.exeStatic file information: File size 3797216 > 1048576
Source: Acrobat.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: Acrobat.exeStatic PE information: certificate valid
Source: Acrobat.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x222c00
Source: Acrobat.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Acrobat.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Acrobat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\B\T\BuildResults\bin\Release\AcrobatExe.pdb source: Acrobat.exe
Source: Acrobat.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Acrobat.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Acrobat.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Acrobat.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Acrobat.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00227A5D push ecx; ret 0_2_00227A70
Source: Acrobat.exeStatic PE information: section name: .didat
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00238468 VirtualQuery,GetSystemInfo,0_2_00238468
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003DC215 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003DC215
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_002420E0 mov eax, dword ptr fs:[00000030h]0_2_002420E0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0040282A mov eax, dword ptr fs:[00000030h]0_2_0040282A
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0022C1A0 OutputDebugStringA,GetLastError,0_2_0022C1A0
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00224150 GetProcessHeap,0_2_00224150
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003DC215 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003DC215
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003F731E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_003F731E
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003DB971 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_003DB971
Source: Acrobat.exeBinary or memory string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplicationSOFTWARE\Adobe\Adobe Acrobat\{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 IS_COEX_REPAIR=1 /qn/i msiexec.exe/i AppDoNotTakePDFOwnershipAtLaunch ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qnmsiexec.exeAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Dev
Source: Acrobat.exe, 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: Software\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770/\ADelRCP.exeClick on 'Change' to select default PDF handler.pdfpropertiesShowAppPickerForPDF.exeProgram ManagerPROGMANClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoiceSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplicationSOFTWARE\Adobe\Adobe Acrobat\{A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdfTrunk{AC76BA86-0000-0000-7760-7E8A45000000}BetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonAcrobat.Document.SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.11.pdfSOFTWARE\Google\Chrome\NativeMessagingHosts\.com.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj{AC76BA86-0000-0000-7760-7E8A45000000}VersionMajorLowerCoExVersionSOFTWARE\Adobe\Adobe Acrobat\DC\InstallerCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionINSTALLUWPAPP=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 IS_COEX_REPAIR=1 /qn/i msiexec.exe/i AppDoNotTakePDFOwnershipAtLaunch ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qnmsiexec.exeAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Dev
Source: C:\Users\user\Desktop\Acrobat.exeCode function: __EH_prolog3_GS,EnterCriticalSection,GetModuleFileNameW,GetLocaleInfoW,PathFileExistsW,GetModuleFileNameW,PathRemoveFileSpecW,PathAppendW,PathAppendW,PathAppendW,PathFileExistsW,LeaveCriticalSection,0_2_002A2091
Source: C:\Users\user\Desktop\Acrobat.exeCode function: EnumSystemLocalesW,0_2_004140B7
Source: C:\Users\user\Desktop\Acrobat.exeCode function: EnumSystemLocalesW,0_2_00414102
Source: C:\Users\user\Desktop\Acrobat.exeCode function: EnumSystemLocalesW,0_2_0041419D
Source: C:\Users\user\Desktop\Acrobat.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_004145B6
Source: C:\Users\user\Desktop\Acrobat.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0041478B
Source: C:\Users\user\Desktop\Acrobat.exeCode function: EnumSystemLocalesW,0_2_0040D91D
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00222648 cpuid 0_2_00222648
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_0022DC30 GetVersionExW,GetProductInfo,0_2_0022DC30
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_003CA29E GetSystemTimeAsFileTime,0_2_003CA29E
Source: C:\Users\user\Desktop\Acrobat.exeCode function: 0_2_00221290 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,__Mtx_init_in_situ,0_2_00221290

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts2
Command and Scripting Interpreter		1
Create Account		1
Access Token Manipulation		1
Access Token Manipulation		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Process Injection		1
Process Injection		LSASS Memory3
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 564109 Sample: Acrobat.exe Startdate: 01/02/2022 Architecture: WINDOWS Score: 6 4 Acrobat.exe 2->4         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Acrobat.exe0%VirustotalBrowse
Acrobat.exe0%MetadefenderBrowse
Acrobat.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://msmip.reader.com/authorize0%VirustotalBrowse
https://msmip.reader.com/authorize0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://msmip.reader.com/authorizeAcrobat.exefalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/m8/feedsAcrobat.exefalse
    		high
    https://mail.google.com/Acrobat.exefalse
      		high
      https://clients2.google.com/service/update2/crxupdate_urlBrowserAcrobat.exefalse
        		high

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:34.0.0 Boulder Opal
        Analysis ID:564109
        Start date:01.02.2022
        Start time:13:57:10
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 4m 6s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:Acrobat.exe
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:4
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:UNKNOWN
        Classification:unknown6.winEXE@1/0@0/0
        EGA Information:Failed
        HDC Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 170
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .exe
        • Unable to launch sample, stop analysis
        • Corrupt sample or wrongly selected analyzer. Details: 36B1
        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe
        • Excluded IPs from analysis (whitelisted): 20.50.102.62, 23.54.113.45
        • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, client.wns.windows.com, store-images.s-microsoft.com, arc.trafficmanager.net, e16646.dscg.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, storeedgefd.dsx.mp.microsoft.com
        • Execution Graph export aborted for target Acrobat.exe, PID 6708 because there are no executed function

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):6.077434348805156
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:Acrobat.exe
        File size:3797216
        MD5:3278b84676d51b36581579cd32e34ad0
        SHA1:e7df282e19dcc52a33473cf9b5a250e21a733b34
        SHA256:11358342f7c94f499c85068edfb003bb427b39423936c16244fb382dd4a7fea0
        SHA512:7edd70248ee0e53aad8fc0b64d669a00e669e1547302803c8d7136bd5ca7895392faf468c1d5a3e352f66c03b6f2e8800c78935b26e638e9d8ba7765c1be3678
        SSDEEP:49152:w6M89QAsDsaQYm3DQEgXxNFIFFHzJDlkSvv74v/tuqhFo4O8b8ITDnlkvkh/nBlZ:w6M1As8OxNGDTvv7G/wqLSa
        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......T..G............K.......K.......................................K...3...K.......K...........t.....................'.......O....

        File Icon

        Icon Hash:ce925272784cf4cc

        Static PE Info

        General

        Entrypoint:0x402110
        Entrypoint Section:.text
        Digitally signed:true
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
        DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Time Stamp:0x60D8129A [Sun Jun 27 05:54:34 2021 UTC]
        TLS Callbacks:0x4020a0
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:2236403598faaae9c6df564dd4b30ce4

        Authenticode Signature

        Signature Valid:true
        Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
        Signature Validation Error:The operation completed successfully
        Error Number:0
        Not Before, Not After
        • 12/18/2020 4:00:00 PM 12/21/2022 3:59:59 PM
        Subject Chain
        • CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
        Version:3
        Thumbprint MD5:1ED822CC08BA08413C4A60023E0D590C
        Thumbprint SHA-1:5DA6AD39FC524D0D2BEC6741DFDBF67DF5AF3ECA
        Thumbprint SHA-256:B184F0677143FFA39C7DABF083FB0B613015CEA696DFDEBA11D5CAFD4CF8B8D8
        Serial:011F39A2261A993DD15176DA6FE4FBEA
        Instruction
        call 00007F0E386E6E42h
        jmp 00007F0E388A08ADh
        int3
        int3
        int3
        int3
        int3
        int3
        push ebp
        mov ebp, esp
        mov eax, 00001020h
        call 00007F0E388A06E8h
        mov eax, dword ptr [006BCA24h]
        xor eax, ebp
        mov dword ptr [ebp-04h], eax
        cmp dword ptr [006C7D84h], 00000000h
        mov eax, dword ptr [ebp+08h]
        push ebx
        mov ebx, dword ptr [ebp+0Ch]
        push esi
        push edi
        mov edi, dword ptr [ebp+14h]
        mov dword ptr [ebp-00001020h], eax
        je 00007F0E386E6DDAh
        test ebx, ebx
        je 00007F0E386E6DD2h
        test edi, edi
        je 00007F0E386E6DCAh
        push 00000800h
        lea eax, dword ptr [ebp-00000804h]
        push 00000000h
        push eax
        call 00007F0E388B8DDCh
        push 00000814h
        lea eax, dword ptr [ebp-00001018h]
        push 00000000h
        push eax
        call 00007F0E388B8DC9h
        mov eax, dword ptr [edi+04h]
        add esp, 18h
        mov dword ptr [ebp-0000101Ch], 0000080Eh
        test eax, eax
        je 00007F0E386E6CD0h
        mov esi, dword ptr [006C9CFCh]
        lea ecx, dword ptr [ebp-0000101Ch]
        push ecx
        push 0000080Eh
        lea ecx, dword ptr [ebp-00001018h]
        push ecx
        push 00000001h
        push eax
        mov ecx, esi
        call dword ptr [006248A0h]
        call esi
        test eax, eax
        jne 00007F0E386E6D62h
        mov ax, word ptr [ebp-00001018h]
        shr ax, 1
        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x2b60b00xb0.rdata
        IMAGE_DIRECTORY_ENTRY_IMPORT0x2b61600x78.rdata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ce0000xb5390.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x39d4000x1ce0.reloc
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3840000x21780.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x27e1100x54.rdata
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x27e1640x18.rdata
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2731f00x40.rdata
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x2240000x8a0.rdata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2b42280x260.rdata
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x222bba0x222c00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        .rdata0x2240000x954160x95600False0.269776412134data4.13497204737IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .data0x2ba0000x129600xdc00False0.159108664773DOS executable (block device driver)5.07476964662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        .didat0x2cd0000x4780x600False0.372395833333data3.87548527878IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        .rsrc0x2ce0000xb53900xb5400False0.0496161099138data3.24269398266IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x3840000x217800x21800False0.602786847015data6.66081587841IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
        NameRVASizeTypeLanguageCountry
        PNG0x2d04100x5d1PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States
        PNG0x2d09e80x5bePNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States
        TYPELIB0x2da3680x4d4dataEnglishIndia
        RT_BITMAP0x2d0fa80x1b2adataEnglishIndia
        RT_BITMAP0x2d2ad80x755adataEnglishIndia
        RT_BITMAP0x2da0380x32aGLS_BINARY_LSB_FIRSTEnglishIndia
        RT_ICON0x2dd8980x42028dataEnglishUnited States
        RT_ICON0x31f8c00x10828dataEnglishUnited States
        RT_ICON0x3300e80x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
        RT_ICON0x3343100x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 134217728, next used block 117440512EnglishUnited States
        RT_ICON0x3368b80x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
        RT_ICON0x3379600x468GLS_BINARY_LSB_FIRSTEnglishUnited States
        RT_ICON0x337e280x468GLS_BINARY_LSB_FIRSTEnglishUnited States
        RT_ICON0x3382900x988dataEnglishUnited States
        RT_ICON0x338c180x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
        RT_ICON0x339cc00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
        RT_ICON0x33c2680x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 16777215, next used block 16777215EnglishUnited States
        RT_ICON0x3404900x42028dataEnglishUnited States
        RT_DIALOG0x2cecc00x1e2dataEnglishUnited States
        RT_DIALOG0x2ceea80xfcdataEnglishUnited States
        RT_DIALOG0x2cefa80xecdataEnglishUnited States
        RT_DIALOG0x2cf0980x244dataEnglishUnited States
        RT_DIALOG0x2cf2e00x35adataEnglishUnited States
        RT_DIALOG0x2cf6400x2fedataEnglishUnited States
        RT_DIALOG0x2cf9400x3f4dataEnglishUnited States
        RT_DIALOG0x2d00080xe4dataEnglishUnited States
        RT_DIALOG0x2cfd380x2ccdataEnglishUnited States
        RT_DIALOG0x2d00f00x80dataEnglishUnited States
        RT_DIALOG0x2d01700x1eadataEnglishUnited States
        RT_STRING0x2da8400xc44dataEnglishUnited States
        RT_STRING0x2dbd800x86adataEnglishUnited States
        RT_STRING0x2dc5f00x76cdataEnglishUnited States
        RT_STRING0x2dcf200x7b4dataEnglishUnited States
        RT_STRING0x2dd7800x118dataEnglishUnited States
        RT_STRING0x2dd6d80xa6dataEnglishUnited States
        RT_STRING0x2db4880x382dataEnglishUnited States
        RT_STRING0x2db8100x570DOS executable (COM, 0x8C-variant)EnglishUnited States
        RT_STRING0x2dcd600x1bcdataEnglishUnited States
        RT_RCDATA0x3829a00x5edataEnglishUnited States
        RT_RCDATA0x382a000x5edataEnglishUnited States
        RT_MESSAGETABLE0x2cea400x280Hitachi SH big-endian COFF object file, not stripped, 0 section, 1073741824 symbols, optional header size 4096EnglishUnited States
        RT_GROUP_ICON0x337dc80x5adataEnglishUnited States
        RT_GROUP_ICON0x3824b80x5adataEnglishUnited States
        RT_VERSION0x3825180x482dataEnglishUnited States
        RT_MANIFEST0x382a600x92fXML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminatorsEnglishUnited States
        None0x2d03600xaashared libraryEnglishUnited States
        DLLImport
        KERNEL32.dllSetFilePointer, GetSystemInfo, VirtualQueryEx, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, LoadLibraryExA, GetTempPathA, GetSystemDirectoryA, GetWindowsDirectoryA, WideCharToMultiByte, SetErrorMode, QueryPerformanceCounter, HeapSetInformation, ReleaseSemaphore, WaitForMultipleObjects, CreateSemaphoreW, CreateProcessW, GetSystemTime, GetSystemTimeAsFileTime, AddAtomW, SystemTimeToFileTime, IsProcessorFeaturePresent, GetVersionExW, UpdateProcThreadAttribute, DeleteProcThreadAttributeList, InitializeProcThreadAttributeList, FindFirstFileA, CreateFileA, GetSystemPowerStatus, GetModuleFileNameA, TerminateThread, SetThreadPriority, GetCurrentThread, CreateEventA, lstrcmpW, lstrcmpA, GetSystemDirectoryW, OutputDebugStringW, QueryDosDeviceW, GetFileAttributesW, FindFirstFileW, FindClose, GetCurrentDirectoryW, MultiByteToWideChar, SetDllDirectoryW, LoadLibraryA, LoadLibraryExW, FreeLibrary, GetExitCodeProcess, GetLongPathNameW, SetCurrentDirectoryW, GetCommandLineW, GetTickCount, OpenMutexW, GetVolumeInformationW, CreateThread, CreateEventW, CreateMutexW, WaitForSingleObject, ResetEvent, SetEvent, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, WaitNamedPipeW, CreateNamedPipeW, TransactNamedPipe, SetNamedPipeHandleState, DisconnectNamedPipe, ConnectNamedPipe, WriteFile, ReadFile, GetFileType, CreateFileW, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, WriteConsoleW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, GetTimeZoneInformation, ReadConsoleW, EnumSystemLocalesW, IsValidLocale, GetTimeFormatW, GetDateFormatW, GetStdHandle, PeekNamedPipe, GetFinalPathNameByHandleW, SetStdHandle, GetConsoleMode, GetConsoleCP, RtlUnwind, QueryDepthSList, InterlockedFlushSList, FreeLibraryAndExitThread, GetThreadTimes, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, LoadLibraryW, FindResourceW, SizeofResource, LockResource, LoadResource, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, FindResourceExW, OpenProcess, TerminateProcess, Sleep, DeleteCriticalSection, InitializeCriticalSectionEx, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, HeapDestroy, SetLastError, RaiseException, DecodePointer, OutputDebugStringA, GetStartupInfoW, lstrlenW, GetCurrentProcessId, GetCurrentProcess, GetTempPathW, CreateDirectoryW, FreeEnvironmentStringsW, GetEnvironmentStringsW, VerifyVersionInfoW, lstrcmpiW, LocalFree, LocalAlloc, GetCurrentThreadId, GetLastError, CloseHandle, VerSetConditionMask, GetProcAddress, GetFileAttributesA, CreateTimerQueue, VirtualAlloc, FlushInstructionCache, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, LCMapStringW, CompareStringW, GetCPInfo, EncodePointer, InitializeCriticalSectionAndSpinCount, TryEnterCriticalSection, GetStringTypeW, SwitchToThread, WaitForSingleObjectEx, QueryFullProcessImageNameW, MulDiv, GlobalHandle, GlobalLock, GlobalUnlock, GlobalSize, OpenFileMappingW, GetComputerNameExW, OpenEventW, CreateDirectoryExW, EndUpdateResourceW, UpdateResourceW, BeginUpdateResourceW, GetExitCodeThread, GetFullPathNameW, GetFileTime, CompareFileTime, GlobalFree, ExitProcess, FindNextFileA, VirtualProtect, VirtualQuery, ExpandEnvironmentStringsW, ProcessIdToSessionId, DeleteFileW, GetFileSizeEx, GetLocalTime, FormatMessageA, GetProcessId, DuplicateHandle, GetProcessTimes, GetNativeSystemInfo, GetProductInfo, IsWow64Process, GetCPInfoExW, ReleaseSRWLockExclusive, UnregisterWaitEx, RegisterWaitForSingleObject, GetThreadPriority, GetThreadId, QueryPerformanceFrequency, QueryThreadCycleTime, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetUserDefaultLangID, AcquireSRWLockExclusive, TlsGetValue, GetFileAttributesExW, CopyFileW, MoveFileExW, TlsAlloc, TlsSetValue, TlsFree, FlushFileBuffers, GetFileInformationByHandle, SetEndOfFile, SetFilePointerEx, FindFirstFileExW, FindNextFileW, GetWindowsDirectoryW, lstrcmpiA, GetEnvironmentVariableW, SetEnvironmentVariableW, GetLocaleInfoW, GetDriveTypeW, GetFileSize, GetVolumeInformationByHandleW, GetVolumeNameForVolumeMountPointW, GetVolumePathNamesForVolumeNameW, DeviceIoControl, VirtualAllocEx, VirtualProtectEx, ReadProcessMemory, WriteProcessMemory, VirtualFreeEx, GetProfileStringW, CreateIoCompletionPort, GetQueuedCompletionStatus, PostQueuedCompletionStatus, TerminateJobObject, SetInformationJobObject, UnregisterWait, ResumeThread, IsProcessInJob, QueryInformationJobObject, DebugBreak, GetUserDefaultLCID, GetUserDefaultLocaleName, SetProcessDEPPolicy, AssignProcessToJobObject, SetHandleInformation, SignalObjectAndWait, CreateJobObjectW, CreateRemoteThread, VirtualFree, SetThreadAffinityMask, ExitThread, SearchPathW, GetModuleHandleExA, GetTempFileNameW, GlobalAlloc, GetModuleHandleExW
        USER32.dllSetPropW, GetActiveWindow, GetDlgItem, SendMessageW, GetPropW, RemovePropW, MessageBoxW, DdeDisconnect, DdeConnect, DdeAddData, DdeCreateDataHandle, DdeQueryStringA, DdeGetData, EnumThreadWindows, IsWindowVisible, DdeFreeStringHandle, DdeCreateStringHandleW, DdeNameService, DdeUninitialize, DdeInitializeW, SetWindowLongW, SendNotifyMessageW, RegisterWindowMessageA, CloseDesktop, SetThreadDesktop, OpenInputDesktop, CreateWindowExW, RegisterClassExW, DefWindowProcW, RegisterWindowMessageW, LoadIconA, LoadCursorA, FindWindowA, KillTimer, SetTimer, GetThreadDesktop, PostThreadMessageW, IsWindowEnabled, DispatchMessageW, PeekMessageW, MsgWaitForMultipleObjects, CloseWindowStation, GetFocus, RegisterClassW, SetDlgItemTextW, GetAsyncKeyState, EnableWindow, SetActiveWindow, GetDC, ReleaseDC, GetWindowTextLengthW, EnumChildWindows, FindWindowExW, CreateIconFromResourceEx, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetAncestor, GetRawInputDeviceInfoW, GetRawInputDeviceList, DdeClientTransaction, SendDlgItemMessageW, LoadIconW, LoadCursorW, GetClipboardSequenceNumber, GetClipboardOwner, GetClipboardViewer, SetClipboardData, GetClipboardData, RegisterClipboardFormatW, CountClipboardFormats, EnumClipboardFormats, GetClipboardFormatNameA, GetClipboardFormatNameW, IsClipboardFormatAvailable, GetPriorityClipboardFormat, GetOpenClipboardWindow, CloseWindow, GetMessageW, GetWindowDC, BeginPaint, EndPaint, SystemParametersInfoW, SetFocus, CallWindowProcW, GetClassInfoExW, IsChild, MoveWindow, CreateDialogIndirectParamW, SetCapture, ReleaseCapture, CreateAcceleratorTableW, DestroyAcceleratorTable, InvalidateRect, InvalidateRgn, RedrawWindow, GetClientRect, SetWindowContextHelpId, SetCursor, ClientToScreen, ScreenToClient, MapWindowPoints, GetSysColor, FillRect, LoadBitmapW, IsDialogMessageW, MapDialogRect, UpdateWindow, AdjustWindowRectEx, SetRect, IsRectEmpty, MonitorFromRect, DestroyWindow, CreateWindowExA, RegisterClassExA, UnregisterClassA, PostQuitMessage, DefWindowProcA, DispatchMessageA, TranslateMessage, GetMessageA, UserHandleGrantAccess, GetWindow, EnumWindows, SetParent, GetWindowLongW, GetWindowTextW, IsWindow, GetDesktopWindow, GetWindowRect, SetForegroundWindow, GetSystemMetrics, BringWindowToTop, SendMessageTimeoutW, EnumDesktopWindows, SetWindowTextW, GetForegroundWindow, CharNextW, EndDialog, DialogBoxParamW, GetGUIThreadInfo, GetWindowThreadProcessId, FindWindowW, AllowSetForegroundWindow, SwitchToThisWindow, EmptyClipboard, CloseClipboard, OpenClipboard, SetWindowPos, ShowWindow, UnregisterClassW, PostMessageW, GetUserObjectInformationW, GetProcessWindowStation, SetProcessWindowStation, CreateWindowStationW, CreateDesktopW, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetClassNameW, GetParent
        ADVAPI32.dllCryptGenKey, RegGetValueW, RegOpenKeyExA, RegQueryValueA, RegQueryValueExA, RegOpenKeyA, EqualSid, AllocateAndInitializeSid, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCreateKeyW, ReportEventW, RegisterEventSourceW, CloseEventLog, ConvertSidToStringSidW, MakeAbsoluteSD, InitiateSystemShutdownW, LookupPrivilegeValueW, AdjustTokenPrivileges, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, SetSecurityInfo, GetSecurityInfo, SetEntriesInAclW, SetTokenInformation, GetSecurityDescriptorSacl, GetLengthSid, FreeSid, DuplicateTokenEx, CreateWellKnownSid, CopySid, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, OpenProcessToken, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyExW, RegEnumValueW, RegNotifyChangeKeyValue, SystemFunction036, OpenThreadToken, AccessCheck, InitializeAcl, InitializeSecurityDescriptor, MapGenericMask, SetSecurityDescriptorDacl, GetNamedSecurityInfoW, GetAce, GetKernelObjectSecurity, SetKernelObjectSecurity, InitializeSid, AddAce, GetAclInformation, RevertToSelf, RegDisablePredefinedCache, CreateRestrictedToken, DuplicateToken, CreateProcessAsUserW, SetThreadToken, CheckTokenMembership, SaferiIsExecutableFileType, CryptAcquireContextA, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, CryptSetKeyParam, CryptSetHashParam, CryptGetHashParam, CryptSetProvParam, CryptGetProvParam, CryptGenRandom, CryptGetUserKey, CryptImportKey, CryptDecrypt, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptSignHashA, CryptSignHashW, CryptContextAddRef, CredWriteW, CredReadW, CredDeleteW, CredFree, ImpersonateAnonymousToken, GetUserNameW
        SHLWAPI.dllUrlIsW, PathCanonicalizeW, PathRemoveBackslashW, PathAppendW, PathFileExistsW, PathRemoveFileSpecW, PathFindExtensionA, UrlUnescapeW, PathIsUNCServerShareW, UrlCanonicalizeW, PathCreateFromUrlW, PathIsUNCW, PathFindFileNameW, PathAddBackslashW, AssocQueryStringW, UrlGetPartW, PathIsDirectoryW, PathIsRelativeW, PathFindExtensionW, PathCombineW, PathIsURLW
        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
        NameOrdinalAddress
        AcroRd32IsBrokerProcess10x4d12f0
        GetHandleVerifier20x4171a0
        GetWinstaDesktopInfo30x4176f0
        IsSandboxedProcess40x4ec420
        DescriptionData
        LegalCopyrightCopyright 1984-2021 Adobe Systems Incorporated and its licensors. All rights reserved.
        FileVersion21.5.20058.441104
        CompanyNameAdobe Systems Incorporated
        ProductNameAdobe Acrobat DC
        ProductVersion21.5.20058.441104
        FileDescriptionAdobe Acrobat DC
        OriginalFilenameAcrobat.exe
        Translation0x0409 0x04e4

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States
        EnglishIndia

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        0246810s020406080100

        Click to jump to process

        Memory Usage

        0246810sMB

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:13:58:09
        Start date:01/02/2022
        Path:C:\Users\user\Desktop\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Users\user\Desktop\Acrobat.exe"
        Imagebase:0x220000
        File size:3797216 bytes
        MD5 hash:3278B84676D51B36581579CD32E34AD0
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Show Windows behavior

        Memory Activities


        Disassembly

        Non-executed Functions

        APIs
        • EnterCriticalSection.KERNEL32(00000002,00000000), ref: 002385FA
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023860E
        • EnterCriticalSection.KERNEL32(00000002,?,0044E88C,00000002,?,/CR,00000003,?,/if,00000003,?,0044E884,00000002), ref: 0023892C
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238943
        • EnterCriticalSection.KERNEL32(00000002), ref: 0023895A
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238971
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238988
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023899F
        • EnterCriticalSection.KERNEL32(00000002), ref: 002389B6
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002389CD
        • EnterCriticalSection.KERNEL32(00000002), ref: 002389F2
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238A03
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238A1E
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238A2F
        • GetCurrentProcess.KERNEL32(bEnableInitComEx,00000000,80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,80000000), ref: 00238AF7
        • EnterCriticalSection.KERNEL32(00000002,80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,80000000), ref: 00238BCD
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238BDF
        • GetForegroundWindow.USER32(bEnableInitComEx,00000000,80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,80000000), ref: 00238BF5
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238C07
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238C18
          • Part of subcall function 0023A090: EnterCriticalSection.KERNEL32(00000002,BB40E64E,?,00000002,?,00425060,000000FF,?,002DD9B7,?), ref: 0023A0BA
          • Part of subcall function 0023A090: LeaveCriticalSection.KERNEL32(00000002,?,002DD9B7), ref: 0023A0CE
        • EnterCriticalSection.KERNEL32(00000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,80000000), ref: 00238DA9
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238DB7
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238E6A
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238E78
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238E8C
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238E9B
        • EnterCriticalSection.KERNEL32(00000002), ref: 00238F4A
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00238F58
        • EnterCriticalSection.KERNEL32(00000002), ref: 00239010
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023901E
        • EnterCriticalSection.KERNEL32(00000002), ref: 00239040
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023904E
        • EnterCriticalSection.KERNEL32(00000002), ref: 00239069
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00239077
        • EnterCriticalSection.KERNEL32(00000002), ref: 002390A9
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002390B7
        • EnterCriticalSection.KERNEL32(00000002), ref: 002390D2
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002390E0
        • EnterCriticalSection.KERNEL32(00000002), ref: 002390FB
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00239109
        • EnterCriticalSection.KERNEL32(00000002), ref: 00239138
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00239146
        • EnterCriticalSection.KERNEL32(00000002), ref: 0023927B
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00239293
        • EnterCriticalSection.KERNEL32(00000002), ref: 002392C7
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002392D5
        • EnterCriticalSection.KERNEL32(00000002), ref: 0023933E
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023934C
        • GetLastError.KERNEL32(?,00000000), ref: 002394EB
          • Part of subcall function 002AC9F0: GetExitCodeProcess.KERNEL32(00000000,?,BB40E64E,?,?,00000000), ref: 002ACA42
        • GetLastError.KERNEL32(?,?,00000000), ref: 00239428
        • RegCreateKeyW.ADVAPI32(80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00000000,0000006B,002E0FA0,00000000,00000000,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown,80000000,?,?,?,?,?,00000000), ref: 0023981D
        • RegSetValueExW.ADVAPI32(00000000,bProtectedMode,00000000,00000004,00000000,00000004,?,?,?,?,?,00000000), ref: 0023983F
        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,00000000), ref: 00239860
        • SetCurrentDirectoryW.KERNEL32(?,?,00000000), ref: 00239902
        • SetDllDirectoryW.KERNEL32(00000000,?,00000000), ref: 0023990A
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$CurrentDirectoryErrorLastProcess$CloseCodeCreateExitForegroundValueWindow
        • String ID: ,|N$/CR$/cr$/if$/if$0x%X$2$3$D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$Handshake with Sandbox Process Failed$O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW)$SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown$SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown$Sandbox Process Initialization Failed - error:$Software\Adobe\Adobe Acrobat\DC\Privileged$Software\Adobe\Adobe Acrobat\DC\Privileged$Software\Adobe\Adobe Acrobat\DC\Privileged$Software\Adobe\Adobe Acrobat\DC\Privileged$bAllowFallbackForAdminEnforcedSandbox$bEnableAppContainerForDebugging$bEnableBinaryPlantingProtection$bEnableEnhancedPolicyRestrictions$bEnableGlobalAtomRestrictions$bEnableInitComEx$bEnableProtectedModeAppContainer$bEnableProtectedModeAppContainer$bEnableStrictHandleCheckProtection$bEnforceReadRestrictions$bIPMTurnedPMON$bImproveSaveExperience$bPMSandboxFallback$bPreventCreatingExecutables$bProtectedMode$bProtectedMode$bProtectedMode$bProtectedMode$compute-only-broker$compute-only-renderer$iPMAppContainerLaunchFailureFallback$pdfshell_prev$renderer$type
        • API String ID: 2045944676-2697229670
        • Opcode ID: a5aec13ab75403e36f33f02db7d2753c65f4686d73f216f6b897313443d82815
        • Instruction ID: 63471dea53f4f935d06a45bde22e37b1092efafbb897d9f70f9ab400aa4362f6
        • Opcode Fuzzy Hash: a5aec13ab75403e36f33f02db7d2753c65f4686d73f216f6b897313443d82815
        • Instruction Fuzzy Hash: 35C2F0B48212A9EADB20DF60DC49BDDBBB4AF06304F1440D9E94977282DBB45F98CF51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,?,00000000), ref: 0023E5AB
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023E5BF
        • EnterCriticalSection.KERNEL32(?), ref: 0023E5EA
        • LeaveCriticalSection.KERNEL32(?), ref: 0023E5F8
        • EnterCriticalSection.KERNEL32(00000002,00000000,80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown,00020019), ref: 0023E679
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023E68D
        • CreateThread.KERNEL32(00000000,00000000,0025E970,00000000,00000000,00000000), ref: 0023E6C8
        • CreateThread.KERNEL32(00000000,00000000,00265080,00000000,00000000,00000000), ref: 0023E8F3
        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0023E99C
        • GetCurrentThreadId.KERNEL32(?,00000000,?,?), ref: 0023EC15
        • EnterCriticalSection.KERNEL32(00000002,?,?,00000000,?,?), ref: 0023ECC8
        • LeaveCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ECD9
        • SetDllDirectoryW.KERNEL32(0044CCA8,?,00000000,?,?), ref: 0023ECF3
        • EnterCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED0C
        • LeaveCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED1D
        • AllowSetForegroundWindow.USER32(?,?,?,00000000,?,?), ref: 0023ED2A
        • EnterCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED41
        • LeaveCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED52
        • EnterCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED74
        • LeaveCriticalSection.KERNEL32(00000002,?,00000000,?,?), ref: 0023ED85
        • ResumeThread.KERNEL32(?,?,?), ref: 0023EDAC
          • Part of subcall function 0023C150: GetLastError.KERNEL32(BB40E64E,?,00000002,00000000,0043181B,00000000,00425398,000000FF,?,002DDA22,00000000), ref: 0023C188
          • Part of subcall function 0023C150: SetLastError.KERNEL32(00000000,?,002DDA22,00000000), ref: 0023C1BD
          • Part of subcall function 0023C150: GetCurrentProcess.KERNEL32(BB40E64E,?,00000002,00000000,0043181B,00000000,00425398,000000FF), ref: 0023C1CE
          • Part of subcall function 00284CA0: GetLastError.KERNEL32(?,00000002,0043181B,00000000,?,0023EDD3,00000000,00000000), ref: 00284CC6
          • Part of subcall function 00284CA0: SetLastError.KERNEL32(0023EDD3,?,0023EDD3,00000000,00000000), ref: 00284D02
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$ErrorLast$Thread$CreateCurrent$AllowDirectoryForegroundProcessResumeWindow
        • String ID: 0x%X$D:\B\T\Imports\Open\Chrome\Chrome\src\services\service_manager\sandbox\win\sandbox_win.cc$SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockdown$bLTEnableConcurrencyInBrokerInit$compute-only-renderer$k$policy error:$renderer
        • API String ID: 3489004292-1002855050
        • Opcode ID: c70935a3a06c34f802a6f4b66302cce03c95de6ddee04982a7766ec909149ab9
        • Instruction ID: b0da0ce5b67f308ecf53a37a4ccf49cf6f36c31fd37662c6195a02506322cfb6
        • Opcode Fuzzy Hash: c70935a3a06c34f802a6f4b66302cce03c95de6ddee04982a7766ec909149ab9
        • Instruction Fuzzy Hash: 4C62A0B4D10249EFDF11EFA4D845BAEBBB4AF45300F244169E805A72C2DB74AE19CF91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcessId.KERNEL32(sbox_alternate_desktop_,00000017,BB40E64E,?,?,?), ref: 00259C81
        • GetCurrentThreadId.KERNEL32(?,?), ref: 00259CBD
        • GetThreadDesktop.USER32(00000000), ref: 00259CC4
        • GetSecurityInfo.ADVAPI32(00000000,00000007,00000004,00000000,00000000,?,00000000,?), ref: 00259D05
        • GetProcessWindowStation.USER32 ref: 00259D19
        • SetProcessWindowStation.USER32(?), ref: 00259D26
        • LocalFree.KERNEL32(00000000), ref: 00259D33
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentStationThreadWindow$DesktopFreeInfoLocalSecurity
        • String ID: 0x%X$ZJ#$ZJ#$local_winstation_$sbox_alternate_desktop_$type
        • API String ID: 130871965-433533203
        • Opcode ID: 916f96a778e1a2fc769fcbf0b0ae607d328e006adc658114b14cfa4514dc5b59
        • Instruction ID: 45202cff45647f5539b36f62202288fec705f376c1d75ff4957bd55e1d39a654
        • Opcode Fuzzy Hash: 916f96a778e1a2fc769fcbf0b0ae607d328e006adc658114b14cfa4514dc5b59
        • Instruction Fuzzy Hash: BAD1E475A10218EBDB24DFA8DC45BADB7B9EF88701F14012EFD05E7281DB705968CB98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __EH_prolog3_GS.LIBCMT ref: 002A209B
        • EnterCriticalSection.KERNEL32(00000002,000002DC,002E1FCB,BB40E64E,00000000,?,0043181B), ref: 002A20BA
        • GetModuleFileNameW.KERNEL32(00000000,?,00000105), ref: 002A2103
        • PathFileExistsW.SHLWAPI(?,?,?,\brdlang32.,?,\Locale\,DEU), ref: 002A231C
          • Part of subcall function 0022C0B0: LoadLibraryExW.KERNEL32(00000000,?,0022BD44), ref: 0022C123
        • GetLocaleInfoW.KERNEL32(?,00000003,?,0000000A,?,?,?,00000000,00000000), ref: 002A21DF
          • Part of subcall function 00255390: PathIsRelativeW.SHLWAPI(00000002,?,?,00255AD0,00000002,00000000,0044CCA8), ref: 002553AC
        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,0044CCA8,?), ref: 002A24E9
        • PathRemoveFileSpecW.SHLWAPI(?), ref: 002A2509
        • PathAppendW.SHLWAPI(?,locale), ref: 002A2523
        • PathAppendW.SHLWAPI(?,?), ref: 002A254C
        • PathAppendW.SHLWAPI(?,?,?,00000000,brdlang32), ref: 002A25AE
        • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002A25F6
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002A26F4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$File$Append$CriticalExistsModuleNameSection$EnterH_prolog3_InfoLeaveLibraryLoadLocaleRelativeRemoveSpec
        • String ID: DEU$Software\Adobe\Adobe Acrobat\DC\Language$\Locale\$\brdlang32.$\current\$brdlang32$locale
        • API String ID: 444202103-2546478005
        • Opcode ID: 9caf5cc8d54d7004bdc77d863c44ab0afda22f93987b3d1dbb934fea76a1151b
        • Instruction ID: 702402df2a6b18728f3036fb237a1bce79b184ca786f40675a4f884813797628
        • Opcode Fuzzy Hash: 9caf5cc8d54d7004bdc77d863c44ab0afda22f93987b3d1dbb934fea76a1151b
        • Instruction Fuzzy Hash: B5022971915229EFDF64DF68DC99BEDB3B8BB05300F1005EAE509A21A1DB349E98CF14
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcessId.KERNEL32(BB40E64E,?,00233945), ref: 00234249
        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,00000000,00000000,S:(ML;;NW;;;LW),0000000F,?,?,?,?,?,?,?,?,00233945), ref: 002342ED
        • GetProcessWindowStation.USER32(?,00000001,00000000,00000000,S:(ML;;NW;;;LW),0000000F,?,?,?,?,?,?,?,?,00233945), ref: 0023430A
        • SetProcessWindowStation.USER32(?,?,?,?,?,?,?,00233945), ref: 0023431F
        • LocalFree.KERNEL32(?,?,?,?,?,?,?,00233945), ref: 00234330
        • CreateDesktopW.USER32(?,00000000,00000000,00000000,000E0003,0000000C,?,?,?,?,?,?,00233945), ref: 002343CB
        • LocalFree.KERNEL32(?,?,?,?,?,?,?,00233945), ref: 002343D6
        • SetProcessWindowStation.USER32(?,?,?,?,?,?,?,00233945), ref: 002343E3
        • CreateWellKnownSid.ADVAPI32(00000012,00000000,?,?,?,?,?,?,?,?,00233945), ref: 00234410
        • GetSecurityInfo.ADVAPI32(?,00000007,00000004,00000000,00000000,?,00000000,?,?,?,?,?,?,?,00233945), ref: 00234440
        • CopySid.ADVAPI32(00000044,?,?,?,?,?,?,?,?,00233945), ref: 0023445E
        • SetEntriesInAclW.ADVAPI32(00000001,?,00000000,00000000,?,?,?,?,?,?,00233945), ref: 002344C6
        • SetSecurityInfo.ADVAPI32(?,00000007,00000004,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00233945), ref: 002344DB
        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00233945), ref: 002344E4
        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00233945), ref: 002344ED
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: FreeLocalProcessSecurity$StationWindow$CreateDescriptorInfo$ConvertCopyCurrentDesktopEntriesKnownStringWell
        • String ID: 0x%X$S:(ML;;NW;;;LW)
        • API String ID: 3408567392-2557424324
        • Opcode ID: 678536c1533053a860cd859d07c90c2750cca13ae242406775498c60aae0300c
        • Instruction ID: 2de4de52ba5c159d3e56f764e65addd743774372f8b19cac0a972373c7f0164e
        • Opcode Fuzzy Hash: 678536c1533053a860cd859d07c90c2750cca13ae242406775498c60aae0300c
        • Instruction Fuzzy Hash: B9A126B5910318AFEB20DFA0DC49BEEBBB8FF45304F200199E909AB281DB746954CF54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(00000000,type,00000000,00000000,00000410,00000000,0000040C,00000000,00000000,00000000), ref: 002B6CA6
        • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00190000,00000000), ref: 002B6CBD
        • GetLastError.KERNEL32 ref: 002B6CCA
        • WaitNamedPipeW.KERNEL32(00000000,?), ref: 002B6CDF
        • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00190000,00000000), ref: 002B6CFE
        • LoadResource.KERNEL32(00000000), ref: 002B6D10
        • GetCurrentProcessId.KERNEL32 ref: 002B6D4F
        • SetNamedPipeHandleState.KERNEL32(00000000,?), ref: 002B6D6A
        • TransactNamedPipe.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 002B6D86
        • CloseHandle.KERNEL32(00000000), ref: 002B6D94
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: NamedPipe$CreateErrorFileHandleLast$CloseCurrentLoadProcessResourceStateTransactWait
        • String ID: type
        • API String ID: 211988831-2363381545
        • Opcode ID: c985af75835ad11f40987f76d869890a21a7f15ac4c62a03ddfe5b7b82b231d5
        • Instruction ID: 2e213328dcaea2a267eedfbeae487da13329e62000a72f4279f8d4d9796d4aeb
        • Opcode Fuzzy Hash: c985af75835ad11f40987f76d869890a21a7f15ac4c62a03ddfe5b7b82b231d5
        • Instruction Fuzzy Hash: 5041A23571021AABCB20DFA4DC89FEEBBB8FF49791F144169F915E2290C7749920CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,BB40E64E,?,?,00000000), ref: 00358D5F
        • RegCreateKeyExW.ADVAPI32(80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00000000,00000000,00000000,00020006,00000000,00000000,00000000), ref: 00358F1E
        • RegSetValueExW.ADVAPI32(00000000,tHostWhiteList,00000000,00000001,?,?), ref: 00358F46
        • RegCloseKey.ADVAPI32(00000000), ref: 00358F5F
        • LeaveCriticalSection.KERNEL32(?), ref: 00358FC0
        • EnterCriticalSection.KERNEL32(0000002C,?,?,00000000), ref: 00359075
          • Part of subcall function 002AE8A0: GetCurrentProcess.KERNEL32(00000028,?,?), ref: 002AE8D0
          • Part of subcall function 002AE8A0: OpenProcessToken.ADVAPI32(00000000), ref: 002AE8D7
          • Part of subcall function 002AE8A0: LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 002AE8EB
          • Part of subcall function 002AE8A0: AdjustTokenPrivileges.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 002AE914
          • Part of subcall function 002AE8A0: InitiateSystemShutdownW.ADVAPI32(00000000,00000000,0000000A,00000000,00000001), ref: 002AE926
          • Part of subcall function 002AE8A0: AdjustTokenPrivileges.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 002AE947
          • Part of subcall function 002AE8A0: CloseHandle.KERNEL32(?,?,?,?,?,00000002,000000FF,?,0022D2BA,?,?,00000000,?), ref: 002AE955
        • LeaveCriticalSection.KERNEL32(0000002C,00000010,?,?), ref: 00359131
        Strings
        • tHostWhiteList, xrefs: 00358F3E
        • Software\Adobe\Adobe Acrobat\DC\Privileged, xrefs: 00358F14
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$Token$AdjustCloseEnterLeavePrivilegesProcessValue$CreateCurrentHandleInitiateLookupOpenPrivilegeShutdownSystem
        • String ID: Software\Adobe\Adobe Acrobat\DC\Privileged$tHostWhiteList
        • API String ID: 4106711956-3240305332
        • Opcode ID: eff19cb7b9d3ba36e19b4ccc5b568ea06f09ef79866c572721e1791d76681c5a
        • Instruction ID: dbeaece7a12efa1a991c1bfc0b116bfe526025ae4ee178075044bbbd5344b76a
        • Opcode Fuzzy Hash: eff19cb7b9d3ba36e19b4ccc5b568ea06f09ef79866c572721e1791d76681c5a
        • Instruction Fuzzy Hash: F2F18071A10209EFDB14CFA8D885BDEFBF5FF48314F14412AE905A7291DB74AA15CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 003C77C7: std::invalid_argument::invalid_argument.LIBCONCRT ref: 003C77D3
        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 002AE8D0
        • OpenProcessToken.ADVAPI32(00000000), ref: 002AE8D7
        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 002AE8EB
        • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000000), ref: 002AE914
        • InitiateSystemShutdownW.ADVAPI32(00000000,00000000,0000000A,00000000,00000001), ref: 002AE926
        • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 002AE947
        • CloseHandle.KERNEL32(?,?,?,?,?,00000002,000000FF,?,0022D2BA,?,?,00000000,?), ref: 002AE955
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Token$AdjustPrivilegesProcess$CloseCurrentHandleInitiateLookupOpenPrivilegeShutdownSystemValuestd::invalid_argument::invalid_argument
        • String ID: SeShutdownPrivilege$invalid string position
        • API String ID: 237598817-3466185085
        • Opcode ID: 50fde57ecdfb1059459b5ebca252814f03e671e8704ad1f48a5b71d20218b8d1
        • Instruction ID: ee6d78132ae96fa099fe096487e86152640bcf80c6a10c840885289a4ee67c38
        • Opcode Fuzzy Hash: 50fde57ecdfb1059459b5ebca252814f03e671e8704ad1f48a5b71d20218b8d1
        • Instruction Fuzzy Hash: D6211575A4031AABEB60DFA0DC4AFAE77B8EB05B00F110024BF05B61D0DBB459548B99
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000000,?,BB40E64E,CCCCFFFF,BB40E64E), ref: 00334B60
        • EnterCriticalSection.KERNEL32(-0000002C), ref: 00334B77
        • LeaveCriticalSection.KERNEL32(-0000002C), ref: 003352AA
        • LeaveCriticalSection.KERNEL32(?), ref: 003352BD
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 056df6eb9582cafcf44a51afe5a3f9109860395868b960f643aaa94e50ff3a40
        • Instruction ID: 9a206407005326f25126db3859eabd4ea15d6853c35f959dd37f11aa87d5e883
        • Opcode Fuzzy Hash: 056df6eb9582cafcf44a51afe5a3f9109860395868b960f643aaa94e50ff3a40
        • Instruction Fuzzy Hash: 55423470D10269DFDF65CFA8C984BDDBBB1BF48304F1081AAE808A7651E775AA94CF50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: __floor_pentium4
        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
        • API String ID: 4168288129-2761157908
        • Opcode ID: 0b22f9b3d914b2f559e3a07e2632d900f2a27298f856f579e3e3ee544a0eb8fb
        • Instruction ID: 645d0f6b80d623c76d1336ae2832ad12e12ea0d08ace60591f0ebbe0cbf30ad7
        • Opcode Fuzzy Hash: 0b22f9b3d914b2f559e3a07e2632d900f2a27298f856f579e3e3ee544a0eb8fb
        • Instruction Fuzzy Hash: 23C23771E046288FDB25CE28DD407EAB7B5EB88305F1541EBD84DE7240E778AE858F85
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,?,?,BB40E64E,00000000,?), ref: 0025B1CA
        • LeaveCriticalSection.KERNEL32(00000002,?,?,BB40E64E,00000000,?), ref: 0025B1DE
        Strings
        • DWSPY36.dll:1|CwComijt.dll:1|cscore.dll:1|vozokopot.dll:1|DreyeiMHook.dll:1|Dev2Dl32.dll:1|Nsccor01.dll:1|nsccor03.dll:1|DSTermPr., xrefs: 0025B125
        • , xrefs: 0025BF33
        • tDllLoadPerm_Computeonly, xrefs: 0025B1F5
        • tDllLoadPerm, xrefs: 0025B1B3
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: $DWSPY36.dll:1|CwComijt.dll:1|cscore.dll:1|vozokopot.dll:1|DreyeiMHook.dll:1|Dev2Dl32.dll:1|Nsccor01.dll:1|nsccor03.dll:1|DSTermPr.$tDllLoadPerm$tDllLoadPerm_Computeonly
        • API String ID: 3168844106-148821917
        • Opcode ID: 9fd7d26426b9ccabf3677c8e3458ffc5bc40164c00ac6fa93a3304a8a5f39b58
        • Instruction ID: e55e486025b0c94ee813d25ae25cf59dd3cb57875c698b825b878221f1e517b5
        • Opcode Fuzzy Hash: 9fd7d26426b9ccabf3677c8e3458ffc5bc40164c00ac6fa93a3304a8a5f39b58
        • Instruction Fuzzy Hash: A8A2DF71D10218DFCF15CFA8C844BEDBBB5BF48304F244299E819A7291DB34AA99CF95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 003C77A7: std::invalid_argument::invalid_argument.LIBCONCRT ref: 003C77B3
          • Part of subcall function 0024B600: DeleteCriticalSection.KERNEL32(0000002C,0041A51D), ref: 0024B687
          • Part of subcall function 0024B940: EnterCriticalSection.KERNEL32(0000002C,BB40E64E,00000000,15555555,?,0041A524,?), ref: 0024B96D
          • Part of subcall function 0024B940: LeaveCriticalSection.KERNEL32(0000002C,?,0041A524,?,0041A524), ref: 0024B9AE
        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,?), ref: 0024BF2C
        • EnterCriticalSection.KERNEL32(0000002C,?), ref: 0024BF71
        • LeaveCriticalSection.KERNEL32(0000002C,?,?), ref: 0024BFA8
          • Part of subcall function 0024C670: EnterCriticalSection.KERNEL32(0000002C,BB40E64E,00000000,00000000,0041A535,?,?), ref: 0024C69D
          • Part of subcall function 0024C670: LeaveCriticalSection.KERNEL32(0000002C,?), ref: 0024C6DB
          • Part of subcall function 0041A250: EnterCriticalSection.KERNEL32(0000002C,BB40E64E,00000000,?,?,?,?), ref: 0041A289
          • Part of subcall function 0041A250: LeaveCriticalSection.KERNEL32(0000002C,?), ref: 0041A2AA
        • LeaveCriticalSection.KERNEL32(0000002C,?,?), ref: 0024BFBD
          • Part of subcall function 00232620: SignalObjectAndWait.KERNEL32(00000000,0000000F,000003E8,?,?,00000000,?,00000000,00000004,00000000,00000000,?,00000000,?,?), ref: 00232678
        • SetLastError.KERNEL32(?,00000000,?,00000005,?,00000004,00000000,00000004,00000004,00000000,00000000,00000000,00000005,00000003,?,00000004), ref: 0024C130
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$Leave$Enter$DeleteErrorFreeLastObjectSignalVirtualWaitstd::invalid_argument::invalid_argument
        • String ID: list too long
        • API String ID: 3664480730-1124181908
        • Opcode ID: 4b83f7ad3a259b5315bf84751d8b220faa41b7def1c9f34c6d43232c5833e2a9
        • Instruction ID: 09d5120e5f83567f660fd7a85d81bfda71726d193aa029ce5318f1eb0a83c20b
        • Opcode Fuzzy Hash: 4b83f7ad3a259b5315bf84751d8b220faa41b7def1c9f34c6d43232c5833e2a9
        • Instruction Fuzzy Hash: 1B029F71A1020A9FDB25DFA4C841BAEB7B4FF48310F248169E919AB381D771ED61CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • std::locale::_Init.LIBCPMT ref: 00315EE6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Initstd::locale::_
        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
        • API String ID: 1620887387-1866435925
        • Opcode ID: 63d487a471d637b7078136291d5700d244a4b027883118a9ca98e50e860d734a
        • Instruction ID: f194b1765b2eb181db3d06a720357d28197b47797a3d915de95e4f64b6cfdcb3
        • Opcode Fuzzy Hash: 63d487a471d637b7078136291d5700d244a4b027883118a9ca98e50e860d734a
        • Instruction Fuzzy Hash: 64229C75A00615DFCB19CF68C881AAEBBF5FF89310F25466EE815AB791D730AD40CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • FormatMessageA.KERNEL32(00001200,00000000,?,00000000,?,00000100,00000000,BB40E64E,?,O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW)), ref: 002F67E3
        • GetLastError.KERNEL32(?), ref: 002F68FA
        Strings
        • O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW), xrefs: 002F67B1
        • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 002F6907
        • (0x%lX), xrefs: 002F6838
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorFormatLastMessage
        • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)$O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW)
        • API String ID: 3479602957-2083956470
        • Opcode ID: 590e1edc0ab4ba1fd4be817649fd50bfdcd916124e5b415f4b74bd4cb7ef7897
        • Instruction ID: 429b29093edb5f98bbe492f3e16f0632825c59b273748b255ba3912a5594caee
        • Opcode Fuzzy Hash: 590e1edc0ab4ba1fd4be817649fd50bfdcd916124e5b415f4b74bd4cb7ef7897
        • Instruction Fuzzy Hash: 59519471910218EBDB29DF64CC55FEAB778FF09700F0006E9E50967292DB71AA98CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLocaleInfoW.KERNEL32(00000005,2000000B,004148D4,00000002,00000000,?,?,?,004148D4,?,00000000), ref: 0041464F
        • GetLocaleInfoW.KERNEL32(00000005,20001004,004148D4,00000002,00000000,?,?,?,004148D4,?,00000000), ref: 00414678
        • GetACP.KERNEL32(?,?,004148D4,?,00000000), ref: 0041468D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: InfoLocale
        • String ID: ACP$OCP
        • API String ID: 2299586839-711371036
        • Opcode ID: 81cf316abdfaccd85a1ea08deb264c63ead6b8f325959647e3a13c783c081f19
        • Instruction ID: d787d6d6f7cf1e679d9857ac3861cda1ef51cd42a09fa5706f85efe7431da981
        • Opcode Fuzzy Hash: 81cf316abdfaccd85a1ea08deb264c63ead6b8f325959647e3a13c783c081f19
        • Instruction Fuzzy Hash: C321A132A00105AADB308F54C900BD773A7ABD6B6CB568036E90AD7214E73EDEC2C358
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002272D9: GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
          • Part of subcall function 002272D9: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
          • Part of subcall function 002272D9: _free.LIBCMT ref: 0022733B
          • Part of subcall function 002272D9: _free.LIBCMT ref: 00227371
        • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00414897
        • IsValidCodePage.KERNEL32(00000000), ref: 004148E0
        • IsValidLocale.KERNEL32(?,00000001), ref: 004148EF
        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00414937
        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00414956
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
        • String ID:
        • API String ID: 949163717-0
        • Opcode ID: 514936682cf22bf85a5b7cafba728fd4806b334e0d2cd2ee7f3a2e2d6a3f5500
        • Instruction ID: b57c7a4426e006de03f6b28c87b1338c479f78bcf98f3a6702a7694b80f4a0df
        • Opcode Fuzzy Hash: 514936682cf22bf85a5b7cafba728fd4806b334e0d2cd2ee7f3a2e2d6a3f5500
        • Instruction Fuzzy Hash: 1A518075A00205AFEB10EFA5DC45BEF77B8EF84700F14056AF914E7290E7B49980CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • _wcsrchr.LIBVCRUNTIME ref: 003047DA
        • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000,BB40E64E,00000000,00000000,00000000), ref: 00304A38
        • ExpandEnvironmentStringsW.KERNEL32(?,00000001,00000001,00000001,?), ref: 00304A7A
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00304A8D
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: EnvironmentExpandStrings$SimpleString::operator=_wcsrchr
        • String ID:
        • API String ID: 2605674737-0
        • Opcode ID: 59b9d1d1f190f9764adc01ee688f238562b9cd6ec2fa24f490ab8d76a265b3f6
        • Instruction ID: 54350f46e95c132c6f51fb26c994213693b600fcb92bf8d6fc93a0e43699d82e
        • Opcode Fuzzy Hash: 59b9d1d1f190f9764adc01ee688f238562b9cd6ec2fa24f490ab8d76a265b3f6
        • Instruction Fuzzy Hash: 29C1B270D112299FCB21DF58CC59BAAB7B4FF44300F104699E909A7281E734AF94CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004EB094,0047DAE0,?), ref: 003078CC
        • Process32FirstW.KERNEL32(00000000,0000022C,004EB094,0047DAE0,?), ref: 00307904
        • Process32NextW.KERNEL32(00000000,0000022C,?,?,?,00000000,0000022C,004EB094,0047DAE0,?), ref: 0030795C
        • CloseHandle.KERNEL32(00000000,00000000,0000022C,004EB094,0047DAE0,?), ref: 0030797C
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
        • String ID:
        • API String ID: 420147892-0
        • Opcode ID: 4e93a12511149df1c4e2318249b45ae5ac6e77fd6438f3f3528af11644c35bb6
        • Instruction ID: 49e6623ae1fe9c9b5d9c191a473b3c8323ec73618d17a46f814974370431fa3b
        • Opcode Fuzzy Hash: 4e93a12511149df1c4e2318249b45ae5ac6e77fd6438f3f3528af11644c35bb6
        • Instruction Fuzzy Hash: 1331BE71A12218ABDB21EFB4EC59BAEB3F8EF05310F1005A5E905972C1E774AE45CF61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,?,0022C115,00000000), ref: 0022C1B1
        • GetLastError.KERNEL32(00000000,?,0022C115,00000000), ref: 0022C1E4
        Strings
        • IsolationAware function called after IsolationAwareCleanup, xrefs: 0022C1AC
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: DebugErrorLastOutputString
        • String ID: IsolationAware function called after IsolationAwareCleanup
        • API String ID: 4132100945-2690750368
        • Opcode ID: 00023439cd596e26d1c1946b040e3e3150f3d3b95ef5ee89cd7ea633f3e6a4b2
        • Instruction ID: edfcd9cd85f624ba1b99817c7e7679300a39be345e135c92d53dc0b33df960c2
        • Opcode Fuzzy Hash: 00023439cd596e26d1c1946b040e3e3150f3d3b95ef5ee89cd7ea633f3e6a4b2
        • Instruction Fuzzy Hash: ACF0AF30220262F7DB246FD4BC8532E32556726320F300636EC06D4176EB61DC70CA49
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,003C77B8), ref: 003F7416
        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,003C77B8), ref: 003F7420
        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,003C77B8), ref: 003F742D
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ExceptionFilterUnhandled$DebuggerPresent
        • String ID:
        • API String ID: 3906539128-0
        • Opcode ID: 74e61dce1be81f9afda681c8ee2b273e4a4dbf6a6bd32cf877fe2873f07a3901
        • Instruction ID: 670cce9370f55594381c8e13b63d1b303fd6a46b6ddcc1bb467ddbd3938003bb
        • Opcode Fuzzy Hash: 74e61dce1be81f9afda681c8ee2b273e4a4dbf6a6bd32cf877fe2873f07a3901
        • Instruction Fuzzy Hash: C131E57491122DABCB21DF64D889B9DBBB8BF08310F5051EAE80CA7250E7709F818F44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(?,?,00402829,?,?,?,?), ref: 0040284C
        • TerminateProcess.KERNEL32(00000000,?,00402829,?,?,?,?), ref: 00402853
        • ExitProcess.KERNEL32 ref: 00402865
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentExitTerminate
        • String ID:
        • API String ID: 1703294689-0
        • Opcode ID: 6fe81b44f67573274b760657f571929d43045dc44b004d5390e51837dae484d1
        • Instruction ID: 3b7ee2597de66eb3832940465edcd81dbd73f91ac7fc72b99e6af5094f83875a
        • Opcode Fuzzy Hash: 6fe81b44f67573274b760657f571929d43045dc44b004d5390e51837dae484d1
        • Instruction Fuzzy Hash: ABE0863A000504EFCF113F65DE0DB493B69EB41741B00443AF90596271CB79DD82CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002272D9: GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
          • Part of subcall function 002272D9: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
        • EnumSystemLocalesW.KERNEL32(00414230,00000001,00000000,?,-00000050,?,0041486B,00000000,?,?,?,00000055,?), ref: 00414174
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$EnumLocalesSystem
        • String ID: kHA
        • API String ID: 2417226690-2193115608
        • Opcode ID: 00f4ec2efe4ef15b5fc20d464ee1d65753f95746207ba9390e8913f6c7b16c0f
        • Instruction ID: 0f9ca931954501c311eceffabd18a22dbd99f4513cd498f1ba7dbf23d814748f
        • Opcode Fuzzy Hash: 00f4ec2efe4ef15b5fc20d464ee1d65753f95746207ba9390e8913f6c7b16c0f
        • Instruction Fuzzy Hash: 4C11593B200301AFDB189F79C8956BBB7A1FFD0368B14442EE98747740E375A882C740
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 029cb8dd431e0766d0b74fa52c0c5a1f6976d27eb43bd5051df4dce0d140f720
        • Instruction ID: 579a092b82e54d2d5b440a95d13e5754360908bb94c1d90021cd589123137a9e
        • Opcode Fuzzy Hash: 029cb8dd431e0766d0b74fa52c0c5a1f6976d27eb43bd5051df4dce0d140f720
        • Instruction Fuzzy Hash: 5EF13E71E002199FDF15CFA8C8846AEBBB6FF48314F258269D919EB345D731AE05CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVersionExW.KERNEL32(0000011C,?,BB40E64E), ref: 0022DC83
        • GetProductInfo.KERNEL32(?,?,00000000,00000000,BB40E64E), ref: 0022DCAA
          • Part of subcall function 0022DDD0: GetCurrentProcess.KERNEL32(BB40E64E,?,00000000), ref: 0022DE4A
          • Part of subcall function 0022DDD0: IsWow64Process.KERNEL32(00000000,?,?,00000000), ref: 0022DE5C
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentInfoProductVersionWow64
        • String ID:
        • API String ID: 3513893008-0
        • Opcode ID: 688f777229231a6aac0a879a2c3eb2be938a2c3623a4d95e8b13194a8ad73de6
        • Instruction ID: 64f02e03974239884eb092936c67cffa2feda4bf03bf5bb7ceec969797511ff4
        • Opcode Fuzzy Hash: 688f777229231a6aac0a879a2c3eb2be938a2c3623a4d95e8b13194a8ad73de6
        • Instruction Fuzzy Hash: 33116671D50228ABDB21DFA0EC05BEEB7F8FB09710F1005A6F905A7280DB756A64CF84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 0040A7BA
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ExceptionRaise
        • String ID:
        • API String ID: 3997070919-0
        • Opcode ID: 5e335c26b0bc82768fbec4772c929375c6dc849b78e55458bf3e3f6d5d437910
        • Instruction ID: a106a77e413bf75bfd9fbd4653c674800780182cf028695af5532f75be451ac8
        • Opcode Fuzzy Hash: 5e335c26b0bc82768fbec4772c929375c6dc849b78e55458bf3e3f6d5d437910
        • Instruction Fuzzy Hash: 26B13C32610604DFD718CF28C486A657BB0FF45364F298669E8D9DF2E1C339E9A2CB45
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID: /
        • API String ID: 0-2043925204
        • Opcode ID: 6cdf48f14d3695a40a0a644b7ef3c39615bf5ed62671f889212e643c89a72eaa
        • Instruction ID: 0813f440d05b49d65ce13d572f7719427f14ec5eadf3d9ab2a2744e01d42849f
        • Opcode Fuzzy Hash: 6cdf48f14d3695a40a0a644b7ef3c39615bf5ed62671f889212e643c89a72eaa
        • Instruction Fuzzy Hash: CCF18C71E20219EFCF19DF94C880AEEBBB6FF48310F55412AE915A7250DB31A951CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0022265E
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: FeaturePresentProcessor
        • String ID:
        • API String ID: 2325560087-0
        • Opcode ID: cd8e42106344aea98a54f5fc8f0d46f6448649b8e608bf60546fea0e00c101e6
        • Instruction ID: ef2a43a8b67800ca2e53d39855914eb56291ffd066817c8d699c816ec0086cbd
        • Opcode Fuzzy Hash: cd8e42106344aea98a54f5fc8f0d46f6448649b8e608bf60546fea0e00c101e6
        • Instruction Fuzzy Hash: A1515EB191522AEBDB18CF99E8C17AAB7F0FB48310F14843AD905EB3A1D3759914CF50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002272D9: GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
          • Part of subcall function 002272D9: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
        • EnumSystemLocalesW.KERNEL32(00414490,00000001,00000000,?,-00000050,?,0041482F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 004141E7
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$EnumLocalesSystem
        • String ID:
        • API String ID: 2417226690-0
        • Opcode ID: 47e31f4e34bca17a83fa363d39bd7593e5874689a9f801c0b6390e242f55c4b1
        • Instruction ID: abad730acd3cad0a4efbda59154b8cc3f85282798231c8e7ebe1e22cfa442d3e
        • Opcode Fuzzy Hash: 47e31f4e34bca17a83fa363d39bd7593e5874689a9f801c0b6390e242f55c4b1
        • Instruction Fuzzy Hash: 86F0223A2003046FDB145F799889AAB7B90FBC1368B09442EF9418B690C6B59C82D614
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00224AD9: EnterCriticalSection.KERNEL32(?,?,004026A2,?,004D3A30,00000008,00402819,?,?,?), ref: 00224AE8
        • EnumSystemLocalesW.KERNEL32(0040D910,00000001,004D3C98,0000000C,0040DCFB,00000000), ref: 0040D955
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalEnterEnumLocalesSectionSystem
        • String ID:
        • API String ID: 1272433827-0
        • Opcode ID: 35c374288dd12f0474a6e0cd2e1efbfce9e114ab28b7d916074a8b7a9dcc1d1e
        • Instruction ID: e2bfea4ecb11b46ffe0cf7eb6a4b2c63c712920c295a9cc6fa9f5b085607a341
        • Opcode Fuzzy Hash: 35c374288dd12f0474a6e0cd2e1efbfce9e114ab28b7d916074a8b7a9dcc1d1e
        • Instruction Fuzzy Hash: 10F0197AA10215AFD700EF98E882B9C77E0EB49722F10412AF4119B2A1CB795940CF44
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002272D9: GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
          • Part of subcall function 002272D9: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
        • EnumSystemLocalesW.KERNEL32(00414010,00000001,00000000,?,?,0041488D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 004140EE
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$EnumLocalesSystem
        • String ID:
        • API String ID: 2417226690-0
        • Opcode ID: 9dee1adb14fd27dfc6d39165b27a8da81ea25f25b19a07e70473ff60740486b3
        • Instruction ID: ff32182421282b15e1de0fdcd65f111cae832bec1bf4037f2d2d08d351fd7d3e
        • Opcode Fuzzy Hash: 9dee1adb14fd27dfc6d39165b27a8da81ea25f25b19a07e70473ff60740486b3
        • Instruction Fuzzy Hash: 71F0553A30020597CB049F7AE8057AB7F90EFC1B20B0640AAFB058B290C2769882C794
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __Mtx_init_in_situ.LIBCPMT ref: 002212C0
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Mtx_init_in_situ
        • String ID:
        • API String ID: 3366076730-0
        • Opcode ID: 328050fa6d1848feb50cd4eb12be70886116d4ce0eb3aaa6a38884f3d3ac36b7
        • Instruction ID: c43c287f76294340323769aa32f2ce4c4c0fa7b64afe7b3d967464bf03944838
        • Opcode Fuzzy Hash: 328050fa6d1848feb50cd4eb12be70886116d4ce0eb3aaa6a38884f3d3ac36b7
        • Instruction Fuzzy Hash: 54F0E572A44648FBC300CF84ED02F19B7B4E704B20F20436AF824577C1DB7919008A48
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,?,003CA73F,00000000,?,?,?,003CA774,0024D94E,00000000,?,?,?,?,003C8186), ref: 003CA2BB
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Time$FileSystem
        • String ID:
        • API String ID: 2086374402-0
        • Opcode ID: e46c819651b54345e975b09dbd2e3f397758623e18d99ca3f6c16e41b9dd83a9
        • Instruction ID: cc200221b0403fddf0fc3440c2411414a7dbe383d0fb50f218330e80c554fa33
        • Opcode Fuzzy Hash: e46c819651b54345e975b09dbd2e3f397758623e18d99ca3f6c16e41b9dd83a9
        • Instruction Fuzzy Hash: 2DD0C9365129389B8A023B94BC48A9D7B68EB46B553050029E90AA6221CB625C409BDA
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID: 0
        • API String ID: 0-4108050209
        • Opcode ID: 0cb059b1a15e561cf23c8f6c2176e39d0f8ea4da05a8d1b8de51c8b63bb2921e
        • Instruction ID: 066df8065fd5e15ec179fd75ac4e1c1d906651c500a9e128e45a8f18fa5d4e9a
        • Opcode Fuzzy Hash: 0cb059b1a15e561cf23c8f6c2176e39d0f8ea4da05a8d1b8de51c8b63bb2921e
        • Instruction Fuzzy Hash: B2615BF063030FD6DF389E2888417BE7395AF51700F145D1BE542EB290DB61AD6E8751
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: HeapProcess
        • String ID:
        • API String ID: 54951025-0
        • Opcode ID: 1ee192c7943daf220219dc6f23e9bf0cb6d793c87115eb59bd5b7509c79f4020
        • Instruction ID: e8d4790320e82ba2adfcdb8e8f5d6dae221cff9454cc50795d515e8dba71f293
        • Opcode Fuzzy Hash: 1ee192c7943daf220219dc6f23e9bf0cb6d793c87115eb59bd5b7509c79f4020
        • Instruction Fuzzy Hash: 74015234E10229ABDB10EFE8EC84BED77F4AB69710F100265E815A7290DB706DE49B94
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 5014d3d98357625d9f97487103308982351b88640552425a87bd7fd95873bc86
        • Instruction ID: f40bf91a5b0475b124f65f035dab21c0dc23fa9274b91e553eb232032117ee40
        • Opcode Fuzzy Hash: 5014d3d98357625d9f97487103308982351b88640552425a87bd7fd95873bc86
        • Instruction Fuzzy Hash: 1D02AB70D102198FDB18CFA8C945BEDBBF1FF48304F20825DE815AB281E775AA55CBA5
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: b3cfaf082c0d8b9394c413c9e02fdca4634e693b132e9d8aaed8f5b444291449
        • Instruction ID: 3dd9fc9eead9557346a448ab36c96afab82ab7edc3c53d78f6c846c537f36b50
        • Opcode Fuzzy Hash: b3cfaf082c0d8b9394c413c9e02fdca4634e693b132e9d8aaed8f5b444291449
        • Instruction Fuzzy Hash: 5C415B71E3578E46DF17A93998932B4B2419FF7294B18D7DBE81572113FB20B4E41140
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: e42472be3de4a606a3d043be16f0fa1d4e68ddd665d16c78139a5749a2d24ded
        • Instruction ID: e83f185ddd560bb0bb5e4c7c443d1f5500320672c859c0f55ec9f7f3e673f38f
        • Opcode Fuzzy Hash: e42472be3de4a606a3d043be16f0fa1d4e68ddd665d16c78139a5749a2d24ded
        • Instruction Fuzzy Hash: F3418132D3566912EF1A9D7AACA3275A302AFF724431DC71FFC1672152FB60B4E06180
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ecb2633fde991bb1575729c7e5111e47fee75bcddabe8a2358bccd05cb150e63
        • Instruction ID: 6f5363d991b063b1afa92ad778c2a49768533a2e90712f91e82f9c627bc1fa80
        • Opcode Fuzzy Hash: ecb2633fde991bb1575729c7e5111e47fee75bcddabe8a2358bccd05cb150e63
        • Instruction Fuzzy Hash: 1E21B673F2043947770CC47E8C532BDB6E1C78C601745823AE8A6EA3C1D968D917E2E4
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: 7504866f1d2df4d320082c56a2a2f88db05e0bf0d347d2793ffa5edb1234a9f9
        • Instruction ID: b1a4e496ccbd53f82b8aa9191f8e12bda99cf752fe7603addd52b99340329026
        • Opcode Fuzzy Hash: 7504866f1d2df4d320082c56a2a2f88db05e0bf0d347d2793ffa5edb1234a9f9
        • Instruction Fuzzy Hash: 57117733F30C255A675C816D8C172BAA5D2DBD825470F533AD826F7284E994DE13D290
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: ee9753de2f718591c8fe2d851865e83029dad311180ee68e17e3468bd0b8a75a
        • Instruction ID: f36e8d82e4b33ebe59eebca7a8530de17c60ef511d041ff4985aeb55fe044389
        • Opcode Fuzzy Hash: ee9753de2f718591c8fe2d851865e83029dad311180ee68e17e3468bd0b8a75a
        • Instruction Fuzzy Hash: 1EE08C32A21228EBCB28DB99C944A8AF3ECEB45B50B910096F609E3201C270DE04CFD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32 ref: 002853A6
        • SetLastError.KERNEL32(00000000), ref: 002853FF
        • OpenProcess.KERNEL32(00001410,00000000,00000000), ref: 0028540D
        • GetLastError.KERNEL32 ref: 00285421
        • SetLastError.KERNEL32(00000000), ref: 00285446
        • GetLastError.KERNEL32 ref: 00285459
        • GetCurrentProcessId.KERNEL32 ref: 00285468
        • EnumWindows.USER32(002EC900,?), ref: 00285493
        • GetCurrentProcessId.KERNEL32(AcroSBL,00000007,BB40E64E,?,00000000,?), ref: 0028515C
          • Part of subcall function 00237170: GetHandleVerifier.ACROBAT(00000000,?,?,00263311,?), ref: 00237175
        • EnterCriticalSection.KERNEL32(00000002), ref: 00285534
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00285542
        • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 00285554
        • CreateThread.KERNEL32(00000000,00000000,002ED4F0,?,00000000,?), ref: 00285586
          • Part of subcall function 002B6DD0: EnterCriticalSection.KERNEL32(00000014,BB40E64E,type,00000002,00000001,?,?,?,00000000,0042F0E0,000000FF,?,002D6819,00000002,002D64C0,00000000), ref: 002B6E01
          • Part of subcall function 002B6DD0: LeaveCriticalSection.KERNEL32(00000014,?,?,00000000,00000002,?,?,?,00000000,0042F0E0), ref: 002B6ED4
          • Part of subcall function 002B6DD0: CreateThread.KERNEL32 ref: 002B6EF0
        • EnumWindows.USER32(002ECA20,?), ref: 002855AD
        • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 002855CA
        • GetModuleHandleW.KERNEL32(Ntdll.dll), ref: 002855E3
        • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 002855F3
        • CloseHandle.KERNEL32(?), ref: 00285640
        • EnumWindows.USER32(002ECA20,?), ref: 00285666
        • GetVolumeInformationW.KERNEL32(00000000,00000001,00000001,00000009,002ECBB0,00000008,002ECBB0,00000007,002ECBB0,00000006,002ECBB0,00000005,002ECBB0), ref: 00285773
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLastProcess$CriticalSection$EnumHandleOpenWindows$CreateCurrentEnterLeaveThread$AddressCloseInformationModuleProcVerifierVolume
        • String ID: %s_%lu_%lu$($E$/ac$/id$/id$/if$4057363$AcroSBL$L$E$NtQueryInformationProcess$Ntdll.dll$h$E
        • API String ID: 3838014174-3243736253
        • Opcode ID: 0512887d4440a29c43f0522ce240cd59f239dffc08cf3605b6416fdcb912913e
        • Instruction ID: 9353fd9bcc75daee5a124e4843c08769c800bb2950e445899d43a7dcb3ded33b
        • Opcode Fuzzy Hash: 0512887d4440a29c43f0522ce240cd59f239dffc08cf3605b6416fdcb912913e
        • Instruction Fuzzy Hash: 91F12574D12669ABDF20AF60DC4DB9DB7B4AF02705F1041E9E809632C2EBB44E98CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(00001B5E), ref: 0024049D
        • TerminateProcess.KERNEL32(00000000), ref: 002404A4
        • RevertToSelf.ADVAPI32 ref: 002404B7
        • GetCurrentProcess.KERNEL32(00001B5F), ref: 002404C6
        • TerminateProcess.KERNEL32(00000000), ref: 002404CD
        • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,02000000,?), ref: 002404E8
        • RegCloseKey.ADVAPI32(?), ref: 002404F8
        • RegOpenKeyExW.ADVAPI32(80000000,00000000,00000000,02000000,?), ref: 00240517
        • RegCloseKey.ADVAPI32(?), ref: 00240527
        • RegOpenKeyExW.ADVAPI32(80000003,00000000,00000000,02000000,?), ref: 00240546
        • RegCloseKey.ADVAPI32(?), ref: 00240556
        • GetCurrentProcess.KERNEL32(00001B60), ref: 00240565
        • TerminateProcess.KERNEL32(00000000), ref: 0024056C
        • RegDisablePredefinedCache.ADVAPI32 ref: 00240572
        • GetCurrentProcess.KERNEL32(00001B61), ref: 00240581
        • TerminateProcess.KERNEL32(00000000), ref: 00240588
        • GetUserDefaultLangID.KERNEL32 ref: 0024058E
        • GetUserDefaultLCID.KERNEL32 ref: 00240594
        • GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 002405B9
        • GetCurrentProcess.KERNEL32(00001B65), ref: 002405C8
        • TerminateProcess.KERNEL32(00000000), ref: 002405CF
        • GetCurrentProcess.KERNEL32(00001B5F), ref: 002405E3
        • TerminateProcess.KERNEL32(00000000), ref: 002405EA
        • GetCurrentProcess.KERNEL32(00001B63), ref: 0024061A
        • TerminateProcess.KERNEL32(00000000), ref: 00240621
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentTerminate$CloseDefaultOpenUser$CacheDisableLangLocaleNamePredefinedRevertSelf
        • String ID:
        • API String ID: 1334219158-0
        • Opcode ID: 83257276ab631ff75b95376319a80f436509aa4b861176c645f0a2f41c108e9f
        • Instruction ID: 59a30079596e83b1b54395bba6d8607af7e420c6804446b6fcf3107354038d56
        • Opcode Fuzzy Hash: 83257276ab631ff75b95376319a80f436509aa4b861176c645f0a2f41c108e9f
        • Instruction Fuzzy Hash: 04417434710705ABEB245FA0ED4EFAA77ADEF55B05F004078FB06E60A1EB709960CE19
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,00000000), ref: 002DD7AD
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002DD7C1
        • EnterCriticalSection.KERNEL32(00000002,?,/CR,00000003), ref: 002DD84F
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002DD860
        • EnterCriticalSection.KERNEL32(00000002), ref: 002DD8E8
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002DD8FA
        • EnterCriticalSection.KERNEL32(00000002,?), ref: 002DD936
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002DD947
        • EnterCriticalSection.KERNEL32(00000002), ref: 002DD95E
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002DD970
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: /CR$/IC$bEnableProtectedViewAppContainer$bEnableProtectedViewWin32kLockdown$iPVAppContainerLaunchFailureFallback
        • API String ID: 3168844106-1633584672
        • Opcode ID: ffb1731bab260740422b4ff514770f58f4689227c3f75202f6216df3ebca3b67
        • Instruction ID: 30a0010e90c3e508423dbd4c253e2ea196017a55f060528f56ef2c20f9236628
        • Opcode Fuzzy Hash: ffb1731bab260740422b4ff514770f58f4689227c3f75202f6216df3ebca3b67
        • Instruction Fuzzy Hash: 92E1DB74911249EFDB00EFA4D884BDDBBB4BF4A314F24415AE81167381CBB46E19CBA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000002,0043181B,?,?), ref: 00242152
        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00242170
        • GetLastError.KERNEL32 ref: 0024218F
        • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 002421B3
        • GetLastError.KERNEL32 ref: 002421BD
        • SetProcessDEPPolicy.KERNEL32(00000001), ref: 00242209
        • GetLastError.KERNEL32 ref: 00242213
        • GetProcAddress.KERNEL32(00000000,SetProcessMitigationPolicy), ref: 00242231
        • GetLastError.KERNEL32 ref: 00242278
        • GetLastError.KERNEL32 ref: 002422B0
        • GetLastError.KERNEL32 ref: 002422E8
        • GetLastError.KERNEL32 ref: 00242332
        • GetLastError.KERNEL32 ref: 00242373
        • GetLastError.KERNEL32 ref: 002423B4
        • GetLastError.KERNEL32 ref: 0024242E
        • GetLastError.KERNEL32 ref: 0024246F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$AddressProc$HandleHeapInformationModulePolicyProcess
        • String ID: SetDefaultDllDirectories$SetProcessMitigationPolicy$kernel32.dll
        • API String ID: 2069684086-1152130905
        • Opcode ID: 3b6b9b2cea3ccbed8f6aba81f320d9ed51291702c4cb1c8d68b0046a5aa3e0b1
        • Instruction ID: a5e307357502a4b92d622971ed804dc130c3997eb262f2805fccaffb4ba2ed63
        • Opcode Fuzzy Hash: 3b6b9b2cea3ccbed8f6aba81f320d9ed51291702c4cb1c8d68b0046a5aa3e0b1
        • Instruction Fuzzy Hash: 9891D775730146E7EB18AF66EC897BC3A75EB81B00F940024F952E71D1DBB9CC988A54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(00000080,BB40E64E,BB40E64E,?,?,?,BB40E64E,004259B8,000000FF,?,00240491), ref: 002408C3
        • OpenProcessToken.ADVAPI32(00000000,?,?,?,BB40E64E,004259B8,000000FF,?,00240491), ref: 002408CA
        • GetLastError.KERNEL32(?,?,?,BB40E64E,004259B8,000000FF,?,00240491), ref: 002408D4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentErrorLastOpenToken
        • String ID: $S-1-16-0$S-1-16-12288$S-1-16-16384$S-1-16-2048$S-1-16-4096$S-1-16-6144$S-1-16-8192
        • API String ID: 1838720048-101090030
        • Opcode ID: 31b67e51f0703c96c7c9bf6967eb6b5682b7334d0b87b26eb900fd378994be30
        • Instruction ID: ed9f5fdcdd963eda648ce289931aba9cc8750a769ed8ac1ca9ea44dc479af9cb
        • Opcode Fuzzy Hash: 31b67e51f0703c96c7c9bf6967eb6b5682b7334d0b87b26eb900fd378994be30
        • Instruction Fuzzy Hash: F5412772E20205DBDB14DFA4D888B6E77B8FF09B10F104126FA16E3342D7748D548BA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,BB40E64E,?,00000000,0022BD44), ref: 0022C28F
        • GetProcAddress.KERNEL32(00000000,QueryActCtxW,BB40E64E,?,00000000,0022BD44), ref: 0022C2A4
        • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0022C339
        • SetLastError.KERNEL32(0000006F), ref: 0022C350
        • GetModuleHandleW.KERNEL32(Kernel32.dll), ref: 0022C3A9
        • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 0022C3BE
        • GetLastError.KERNEL32 ref: 0022C3F1
        • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040,?), ref: 0022C472
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Module$AddressErrorHandleLastProc$FileLibraryLoadName
        • String ID: $@$Comctl32.dll$CreateActCtxW$GetModuleHandleExW$Kernel32.dll$QueryActCtxW
        • API String ID: 566954246-1516674335
        • Opcode ID: 32f181c789357aebdfbf26eb6a01f4b3dfbeb453d3c5392d63ed59767e9cd29c
        • Instruction ID: c507e819bbba60af8097a77ca55f87bcd2ad625a7bd9a9fc5287f47b963ec29d
        • Opcode Fuzzy Hash: 32f181c789357aebdfbf26eb6a01f4b3dfbeb453d3c5392d63ed59767e9cd29c
        • Instruction Fuzzy Hash: 3551E370A14269ABDB30AFB4FC59B6E77A4EB04B10F2046BAE804E62D0DB749D50CF54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(kernel32.dll,BB40E64E,?,?,?,00000000,00424B08,000000FF,?,002350E6), ref: 002360CC
        • GetModuleHandleW.KERNEL32(00000000,?,?,00000000,00424B08,000000FF,?,002350E6), ref: 002360D6
        • GetProcAddress.KERNEL32(00000000,HeapAlloc,?,?,00000000,00424B08,000000FF,?,002350E6), ref: 002360F4
        • GetProcAddress.KERNEL32(00000000,HeapFree,?,?,00000000,00424B08,000000FF,?,002350E6), ref: 00236107
        • __Init_thread_header.LIBCMT ref: 002361D9
        • SrcHashImpl::SrcHashImpl.MSPDB140-MSVCRT ref: 002361FA
        • __Init_thread_footer.LIBCMT ref: 00236215
        • __Init_thread_header.LIBCMT ref: 00236227
        • SrcHashImpl::SrcHashImpl.MSPDB140-MSVCRT ref: 00236248
        • __Init_thread_footer.LIBCMT ref: 00236263
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Hash$AddressHandleImplImpl::Init_thread_footerInit_thread_headerModuleProc
        • String ID: HeapAlloc$HeapFree$kernel32.dll$kernel32.dll
        • API String ID: 3681072065-2286897622
        • Opcode ID: e6f638b98413ece10ef1884972bad1bca03f3d98d4410205d110eb1fd1a34dd6
        • Instruction ID: 76f7050af8016d8f465582e6ce817efa2f1e8a89c5c04a68aa8c8bc2c55876c7
        • Opcode Fuzzy Hash: e6f638b98413ece10ef1884972bad1bca03f3d98d4410205d110eb1fd1a34dd6
        • Instruction Fuzzy Hash: 9B415571710254FBC3109F64EC5AB5BB3A8EB02B22F20827BE815433E2CB791814CA98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000038,0044CCA8,00000000,BB40E64E,?,00000000,0026736A), ref: 00276BB4
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,004862F0,?,00486298,?,00486240,?,004861E8,?,00486190,?,00486138), ref: 00277270
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00277281
        • CreateThread.KERNEL32(00000000,00000000,0028B9B0,00000000,00000000,00000034), ref: 0027729A
        • RegisterClipboardFormatW.USER32(ASEL), ref: 002772A8
        • RegisterClipboardFormatW.USER32(Rich Text Format), ref: 002772B3
        • RegisterClipboardFormatW.USER32(HTML Format), ref: 002772BE
        • RegisterClipboardFormatW.USER32(XML Spreadsheet), ref: 002772C9
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ClipboardFormatRegister$Create$Event$Concurrency::cancel_current_taskCriticalInitializeSectionThread
        • String ID: ASEL$HTML Format$Rich Text Format$XML Spreadsheet$js&
        • API String ID: 2988987215-4201455734
        • Opcode ID: 7b93007021b9de1c4ec6605e2f293a71373a70dd9f0e7c156dbd5c2f62f3b9c5
        • Instruction ID: 6c2dcd8f6219cc85bca02b401b2653c1077002318af06b41f230293a015de5cb
        • Opcode Fuzzy Hash: 7b93007021b9de1c4ec6605e2f293a71373a70dd9f0e7c156dbd5c2f62f3b9c5
        • Instruction Fuzzy Hash: 51320E31C28F8597D342DF28DE55AB4B320BB69304F16E799E95826423FB70B6E4C744
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(08F883BC,00000000,BB40E64E,00000001,00000000,00000001), ref: 002B6949
        • ConnectNamedPipe.KERNEL32(00000000,00000000), ref: 002B69D0
        • ReadFile.KERNEL32(00000000,00000000,00000410,00000000,00000000), ref: 002B6A35
        • WriteFile.KERNEL32(00000000,00000000,0000040C,00000000,00000000), ref: 002B6A4E
        • DisconnectNamedPipe.KERNEL32(00000000), ref: 002B6A55
        • ReadFile.KERNEL32(00000000,00000000,00000410,00000000,00000000), ref: 002B6A79
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: File$NamedPipeRead$ConnectDisconnectObjectSingleWaitWrite
        • String ID: 9h-
        • API String ID: 2370280485-1006680791
        • Opcode ID: eb42243aa3ab3f8b1a68724fd83c39528e919dd74b62694133c6cd1468d25460
        • Instruction ID: 03173e3cafeb8a59fbd62ba91ce90976058abac12c07f319c46ef8e89f9c34d8
        • Opcode Fuzzy Hash: eb42243aa3ab3f8b1a68724fd83c39528e919dd74b62694133c6cd1468d25460
        • Instruction Fuzzy Hash: 3B9171B191061A9FDB20DF50DC88BEEB7B8FF44350F5042A9E649A2280DB746E94CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __Init_thread_header.LIBCMT ref: 00236969
        • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,00000000), ref: 0023699E
        • RegQueryValueExW.ADVAPI32(00000000,bEnableEventViewerLogging,00000000,?,?,?), ref: 002369CA
        • RegCloseKey.ADVAPI32(00000000), ref: 002369E2
        • RegOpenKeyExW.ADVAPI32(80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00000000,00020019,00000000), ref: 002369FF
        • RegQueryValueExW.ADVAPI32(00000000,bEnableEventViewerLogging,00000000,?,?,?), ref: 00236A2C
        • RegCloseKey.ADVAPI32(00000000), ref: 00236A43
        • __Init_thread_footer.LIBCMT ref: 00236A56
        Strings
        • Software\Adobe\Adobe Acrobat\DC\Privileged, xrefs: 002369F5
        • bEnableEventViewerLogging, xrefs: 00236A24
        • bEnableEventViewerLogging, xrefs: 002369C2
        • SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown, xrefs: 00236994
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseOpenQueryValue$Init_thread_footerInit_thread_header
        • String ID: SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown$Software\Adobe\Adobe Acrobat\DC\Privileged$bEnableEventViewerLogging$bEnableEventViewerLogging
        • API String ID: 3590454078-3622169855
        • Opcode ID: 68154a1f5572899eb21dff47f054c6f2944f0a8dfbd26a19beab436f30d0cee1
        • Instruction ID: 906b8e268e844478d130f95ffed6e4e912f62f0cc977c500b211c52957c8e536
        • Opcode Fuzzy Hash: 68154a1f5572899eb21dff47f054c6f2944f0a8dfbd26a19beab436f30d0cee1
        • Instruction Fuzzy Hash: 4441B4B1E14259EFDB10CF94DC49BEEBBB8FB08714F10802AE901B2640D774A910CFA8
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00259520: EnterCriticalSection.KERNEL32(00000002,BB40E64E), ref: 00259559
          • Part of subcall function 00259520: LeaveCriticalSection.KERNEL32(00000002), ref: 0025956A
          • Part of subcall function 00259520: EnterCriticalSection.KERNEL32(00000002), ref: 0025959E
          • Part of subcall function 00259520: LeaveCriticalSection.KERNEL32(00000002), ref: 002595AF
          • Part of subcall function 00259520: EnterCriticalSection.KERNEL32(00000002), ref: 002595D6
          • Part of subcall function 00259520: LeaveCriticalSection.KERNEL32(00000002), ref: 002595E7
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,00000000,?,0043181B,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 00259184
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 00259192
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,00000000,?,0043181B,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 0025923B
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 00259249
        • EnterCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 00259363
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 00259371
        • EnterCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 002593A4
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 002593B2
        • EnterCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 002593E5
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,00000000,00427100,000000FF,?,0023EA8D,00000000), ref: 002593F3
        • EnterCriticalSection.KERNEL32(00000002), ref: 00259475
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00259487
          • Part of subcall function 0025EAB0: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,BB40E64E,?,00000002), ref: 0025EB58
          • Part of subcall function 0025EAB0: VerSetConditionMask.KERNEL32(00000000), ref: 0025EB60
          • Part of subcall function 0025EAB0: VerSetConditionMask.KERNEL32(00000000), ref: 0025EB68
          • Part of subcall function 0025EAB0: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0025EB93
          • Part of subcall function 0025EAB0: GetProcAddress.KERNEL32(00000000,CreateAppContainerProfile), ref: 0025EBB4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$ConditionMask$AddressInfoProcVerifyVersion
        • String ID: 4220220
        • API String ID: 2967262934-1333706493
        • Opcode ID: 6e027daf94515b024f7b07e6cd82bf3ef75c8f6b8d99f31881df43fa47134bcd
        • Instruction ID: df52a716267782c80f80efed7da6654eaf176531235983a0abda69fc9feb2a9c
        • Opcode Fuzzy Hash: 6e027daf94515b024f7b07e6cd82bf3ef75c8f6b8d99f31881df43fa47134bcd
        • Instruction Fuzzy Hash: 8FD19039A10258EFCB01EFA8D844BEDBBB5BF8A300F194059ED41A7390CB74AD45CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0024A3B0: EnterCriticalSection.KERNEL32(00000002,BB40E64E,00425C50,00425C50,00000001,?,00425C50), ref: 0024A3E5
          • Part of subcall function 0024A3B0: LeaveCriticalSection.KERNEL32 ref: 0024A3F6
          • Part of subcall function 00251770: CreateDirectoryExW.KERNEL32(?,?,?,00456D7A,00425C50,00425C50), ref: 002518E5
          • Part of subcall function 00266C40: PathAppendW.SHLWAPI(00000000,00000000), ref: 00266CAA
          • Part of subcall function 00266C40: PathAddBackslashW.SHLWAPI(00000000), ref: 00266CC0
          • Part of subcall function 0026FD00: EnterCriticalSection.KERNEL32(00000002,Software\Adobe\Adobe Acrobat\DC\Installer,00000029,BB40E64E,00425C50,00425C50,00000001,?,?,?,?,?,?,00425BB0,000000FF), ref: 0026FD6F
          • Part of subcall function 0026FD00: LeaveCriticalSection.KERNEL32(00000002,?,?,?,?,?,?,00425BB0,000000FF), ref: 0026FD7D
        • EnterCriticalSection.KERNEL32(00000002,00000000,00000001,?,00000000,00000001,00000000,00000000,00000001,00000000,00000001,?,?,00000000,00000001), ref: 00357504
        • LeaveCriticalSection.KERNEL32(00000002,?,00000000,00000001,00000000,00000000,00000001,00000000,00000001,?,?,00000000,00000001,?,?,00000000), ref: 00357518
          • Part of subcall function 00356F80: PathAddBackslashW.SHLWAPI(?), ref: 00357146
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeavePath$Backslash$AppendCreateDirectory
        • String ID: ..\$\Acrobat$\Adobe\Acrobat\DC$\Adobe\Acrobat\DC\FontCache$\Adobe\Acrobat\DC\ProtectedView$\Adobe\Acrobat\DC\Search$\Adobe\Color$\Adobe\TypeSpt$\Adobe\TypeSupport$\Reader$\Resource
        • API String ID: 812315850-2362319181
        • Opcode ID: 9ec94b05305c4b5e8cb8fd135e3962970ad170a67c1814262b880f77d940b322
        • Instruction ID: 5fd2266875d587097c4f8cb06a352e61958275d7471d8343a9f00201b31b38dd
        • Opcode Fuzzy Hash: 9ec94b05305c4b5e8cb8fd135e3962970ad170a67c1814262b880f77d940b322
        • Instruction Fuzzy Hash: C9A1C570D10248FADF05E7E8DD4AFDDBBB9AF15300F244089F805B72D2DAB46A189765
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,Software\Adobe\Adobe Acrobat\DC\AVGeneral,00000029,BB40E64E,00000033,00000000,?,000000FF), ref: 002E38E3
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002E38F1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: Software\Adobe\Adobe Acrobat\DC\AVGeneral$Software\Adobe\Adobe Acrobat\DC\AVGeneral$\cSandboxLaunchFailure$iIsBrowserLaunch$iIsCaptiveReaderLaunch$iIsProtectedView$iLastErrorValue$iOptionSelected$iPMAppContainerState$iSandboxExitCode$iSandboxResultCode
        • API String ID: 3168844106-965911729
        • Opcode ID: a36fee02f6831483f6ef6be3c5292a63e5d142232711a8cdc1d179f94bc18c26
        • Instruction ID: f6a51e28d6464b08649f2758ca77759a65d35a7b0a8bfd613f3fcd938d78b33f
        • Opcode Fuzzy Hash: a36fee02f6831483f6ef6be3c5292a63e5d142232711a8cdc1d179f94bc18c26
        • Instruction Fuzzy Hash: B5419131A5029EAEEF00DFE1D841BEEBB78FF19704F20405AF51162181EBB86A15CF54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ___free_lconv_mon.LIBCMT ref: 002285DF
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412B7E
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412B90
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BA2
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BB4
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BC6
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BD8
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BEA
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412BFC
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412C0E
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412C20
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412C32
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412C44
          • Part of subcall function 00412B61: _free.LIBCMT ref: 00412C56
        • _free.LIBCMT ref: 002285D4
          • Part of subcall function 00224FD0: HeapFree.KERNEL32(00000000,00000000,?,0040A01E), ref: 00224FE6
          • Part of subcall function 00224FD0: GetLastError.KERNEL32(?,?,0040A01E), ref: 00224FF8
        • _free.LIBCMT ref: 002285F6
        • _free.LIBCMT ref: 0022860B
        • _free.LIBCMT ref: 00228616
        • _free.LIBCMT ref: 00228638
        • _free.LIBCMT ref: 0022864B
        • _free.LIBCMT ref: 00228659
        • _free.LIBCMT ref: 00228664
        • _free.LIBCMT ref: 0022869C
        • _free.LIBCMT ref: 002286A3
        • _free.LIBCMT ref: 002286C0
        • _free.LIBCMT ref: 002286D8
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
        • String ID:
        • API String ID: 161543041-0
        • Opcode ID: 5de49b5ef2f77964048b59c433c1cb7a10ba84285b4ed0b41d0703c566c5519e
        • Instruction ID: 14ba17e8f7d7cddba55107563354ac6f6cd0b9c164f01710d1c96f173a14fc68
        • Opcode Fuzzy Hash: 5de49b5ef2f77964048b59c433c1cb7a10ba84285b4ed0b41d0703c566c5519e
        • Instruction Fuzzy Hash: 8D314A31625622FFEB20AEA8FD45B6673E8AB40314F14441AF055D7952DE74ECB09E28
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 002F6CB8
        • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,BB40E64E,?,?,00000000), ref: 002F6DA9
        • GetFileSizeEx.KERNEL32(00000000,?), ref: 002F6DD0
        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000005,00000080,00000000), ref: 002F6E11
        • CloseHandle.KERNEL32(00000000), ref: 002F6E1D
        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 002F6E4A
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 002F6E70
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 002F6E95
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 002F6EA5
        • CreateFileW.KERNEL32(?,00000004,00000003,00000000,00000004,00000080,00000000,debug.log,?), ref: 002F6EC7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: File$CreateSimpleString::operator=$CloseCurrentDirectoryHandleModuleNameSize
        • String ID: debug.log
        • API String ID: 1804892009-600467936
        • Opcode ID: 04d900b964b96c9d2247982fce72fe71137a896e8d5b60fc9086858e83f9a8ef
        • Instruction ID: deb298ff0e0b1e2f8075681fd4028135abdea7044dec4341fa4131026d745296
        • Opcode Fuzzy Hash: 04d900b964b96c9d2247982fce72fe71137a896e8d5b60fc9086858e83f9a8ef
        • Instruction Fuzzy Hash: 7B810075A102199BCB34CF68DC8DB69B3A5FB44744F2006BDE601DB2E1DBB0A965CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003,BB40E64E,?,00000002), ref: 0025EB58
        • VerSetConditionMask.KERNEL32(00000000), ref: 0025EB60
        • VerSetConditionMask.KERNEL32(00000000), ref: 0025EB68
        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0025EB93
        • GetProcAddress.KERNEL32(00000000,CreateAppContainerProfile), ref: 0025EBB4
          • Part of subcall function 003050D0: GetProcAddress.KERNEL32(00000000,DeriveAppContainerSidFromAppContainerName,002591AD,0025EBFC,Adobe.AcrobatReaderDC.ProtectedMode), ref: 00305106
        • FreeSid.ADVAPI32(?), ref: 0025ECAD
        Strings
        • CreateAppContainerProfile, xrefs: 0025EBAE
        • Adobe.AcrobatReaderDC.ProtectedMode, xrefs: 0025EBD7, 0025EBF2
        • userenv.dll, xrefs: 0025EB9D
        • Sandbox container for Acrobat Reader Protected Mode, xrefs: 0025EBCD
        • Adobe Acrobat Reader DC Protected Mode, xrefs: 0025EBD2
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConditionMask$AddressProc$FreeInfoVerifyVersion
        • String ID: Adobe Acrobat Reader DC Protected Mode$Adobe.AcrobatReaderDC.ProtectedMode$CreateAppContainerProfile$Sandbox container for Acrobat Reader Protected Mode$userenv.dll
        • API String ID: 3312190124-1150483802
        • Opcode ID: 7f92c9d8de20f43aeb6c17365be8e26c66314ed2770088d9ef6076760da9dad1
        • Instruction ID: cf63961a39655795f717a5cbd05f095d48a7d0057606bd043985ea40f7017007
        • Opcode Fuzzy Hash: 7f92c9d8de20f43aeb6c17365be8e26c66314ed2770088d9ef6076760da9dad1
        • Instruction Fuzzy Hash: 8951A170910714EBDB24DF64DC09BAAB7F8EF48701F1001AAE809E7281E775AB48CF55
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcAddress.KERNEL32(00000000,DeriveAppContainerSidFromAppContainerName,?,?,?,?,?,?,?,00429972,000000FF,?,00265DED,?,Adobe.AcrobatReaderDC.ProtectedMode), ref: 0026E904
        • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 0026E967
        • LocalFree.KERNEL32(?,?,?,00000000,?), ref: 0026E99C
        • GetProcAddress.KERNEL32(00000000,GetAppContainerFolderPath), ref: 0026E9BF
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0026E9FA
        • FreeSid.ADVAPI32(00000000,00000000,?), ref: 0026EA09
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressFreeProc$ConvertLocalSimpleStringString::operator=
        • String ID: DeriveAppContainerSidFromAppContainerName$GetAppContainerFolderPath$userenv.dll$]&$]&
        • API String ID: 2809408694-3786085662
        • Opcode ID: 74eb4d3fd8d3a07d8369466cb501002b87e995df94bc288863176a45daf1b992
        • Instruction ID: 6c8ac460cfc63583b3b270d65ce66c96c69a37dfeacea08e210cca03dd7f5995
        • Opcode Fuzzy Hash: 74eb4d3fd8d3a07d8369466cb501002b87e995df94bc288863176a45daf1b992
        • Instruction Fuzzy Hash: AB518175A1024AAFDF10DFE4D885BAEBBB8FF48704F14402DE801A3291EB75AD54CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\,00000000,00020019,?,?,BB40E64E), ref: 002324E8
        • RegQueryValueExW.ADVAPI32(?,bIsSingleClientApp,00000000,00000000,00000000,00000004), ref: 00232533
        • RegQueryValueExW.ADVAPI32(?,bIsSCAcroAppInstalled,00000000,00000000,00000000,00000004), ref: 00232577
        • RegQueryValueExW.ADVAPI32(?,SCAPackageLevel,00000000,00000000,00000000,00000004), ref: 002325AE
        • RegQueryValueExW.ADVAPI32(?,IsAcrInstalledInRdrMode,00000000,00000000,00000000,00000004), ref: 002325E0
        • RegCloseKey.ADVAPI32(?), ref: 002325FD
        Strings
        • bIsSCAcroAppInstalled, xrefs: 0023256F
        • bIsSingleClientApp, xrefs: 0023252D
        • IsAcrInstalledInRdrMode, xrefs: 002325D8
        • SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\, xrefs: 002324DE
        • SCAPackageLevel, xrefs: 002325A6
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: QueryValue$CloseOpen
        • String ID: IsAcrInstalledInRdrMode$SCAPackageLevel$SOFTWARE\Adobe\Adobe Acrobat\DC\Installer\$bIsSCAcroAppInstalled$bIsSingleClientApp
        • API String ID: 1586453840-2757265476
        • Opcode ID: c985205e182b561ca9c1c6272d1ba0aca212235527a8790431a69b0f6b7ec99b
        • Instruction ID: 94757b72d5fb15441ed83b92baca3f1293ea982b4827b860340081cf7e22fa6d
        • Opcode Fuzzy Hash: c985205e182b561ca9c1c6272d1ba0aca212235527a8790431a69b0f6b7ec99b
        • Instruction Fuzzy Hash: 49415FB1E1424AFAEF11CFE0CC85BEEBBB8AB04704F50807AE501A6191D7749A58CB15
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0026E5D0: RegCreateKeyExW.ADVAPI32(?,BB40E64E,00000000,00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 0026E608
          • Part of subcall function 0026E5D0: RegCloseKey.ADVAPI32 ref: 0026E61B
        • PathFileExistsW.SHLWAPI(?,?,?), ref: 0026E354
        • PathIsDirectoryW.SHLWAPI(?), ref: 0026E36A
          • Part of subcall function 0022E3B0: RegQueryValueExW.ADVAPI32(0000011C,?,00000000,00000004,?,00000001,00000000), ref: 0022E3ED
        • PathFileExistsW.SHLWAPI(?,80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00020019,cAccReportChosenPath,00000014,0044CCA8,00000000,80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00000001,BB40E64E,?,?), ref: 0026E4FE
        • PathIsDirectoryW.SHLWAPI(?), ref: 0026E514
          • Part of subcall function 0023BAB0: RegCloseKey.ADVAPI32(00000000,?,0026E4C3,80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00020019,cAccReportChosenPath,00000014,0044CCA8,00000000,80000001,Software\Adobe\Adobe Acrobat\DC\Privileged,00000001,BB40E64E,?,?), ref: 0023BABA
          • Part of subcall function 0022EED0: RegCloseKey.ADVAPI32(000000FF,BB40E64E,00000000,00000000,00000000,00424240,000000FF,?,0022DF9F), ref: 0022EEFD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$Close$DirectoryExistsFile$CreateQueryValue
        • String ID: Software\Adobe\Adobe Acrobat\DC\Accessibility\cAccCheckerOptions\cChosenPath$Software\Adobe\Adobe Acrobat\DC\Privileged$\__*.pdf.accreport.html$bAccReportPrefMigrated$cAccReportChosenPath$tDIText
        • API String ID: 3763288856-3176760154
        • Opcode ID: b30419172c9fffea22696c0d32294f77ac9f2506f70aca2aea896433b8eaa2e0
        • Instruction ID: 342b9c29f6071dab92a9441e7cb21e297c70d5f22f2dda9c473a55a902139e3b
        • Opcode Fuzzy Hash: b30419172c9fffea22696c0d32294f77ac9f2506f70aca2aea896433b8eaa2e0
        • Instruction Fuzzy Hash: 67B16B74D20258EADF20EFE4C885BEDB7B8BF14304F64416AE401B7181EB746A99CF65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetEvent.KERNEL32(?), ref: 002B6259
        • WaitForSingleObject.KERNEL32(?,000007D0,00000070,00000000,00000410,00000000,0000040C,00000000,00000000,00000000), ref: 002B62EF
        • CloseHandle.KERNEL32(?), ref: 002B62F8
        • CloseHandle.KERNEL32(?,BB40E64E,type,00000002), ref: 002B630D
        • CloseHandle.KERNEL32(?,BB40E64E,type,00000002), ref: 002B631B
        • CloseHandle.KERNEL32(?,BB40E64E,type,00000002), ref: 002B6329
        • CloseHandle.KERNEL32(?,BB40E64E,type,00000002), ref: 002B6337
        • CloseHandle.KERNEL32(?,BB40E64E,type,00000002), ref: 002B6345
        • DeleteCriticalSection.KERNEL32(00000014,BB40E64E,type,00000002), ref: 002B634F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseHandle$CriticalDeleteEventObjectSectionSingleWait
        • String ID: type
        • API String ID: 2643359179-2363381545
        • Opcode ID: d22bcc1bf3dbce6382288fc7de8f7c1ad4e06f491edca53bae9f98e51bfddcad
        • Instruction ID: 1534a6f68a137340c706132955bde65a3968c95d61c29aeab8dd56fb2016eb6b
        • Opcode Fuzzy Hash: d22bcc1bf3dbce6382288fc7de8f7c1ad4e06f491edca53bae9f98e51bfddcad
        • Instruction Fuzzy Hash: A8512AB0A10704ABDB20DF60DD49B9AB7F8FB04B04F00496DEA46D7690DBB9B944CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetVolumeInformationW.KERNEL32(C:\,?,00000105,00000000,00000000,00000000,?,00000105), ref: 002B73CB
        • lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 002B7413
        • OpenMutexW.KERNEL32(00100000,00000000,Global\ARM Update Mutex,?,?,?,?,?,?,?,?,?,00000000), ref: 002B742A
        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 002B7439
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 002B74BB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseErrorHandleInformationLastMutexOpenVolumelstrlen
        • String ID: C:\$Global\ARM Update Mutex$TsnIorcAeBoda$\\.\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E00$thsnYaVieBoda
        • API String ID: 1814797653-3941345148
        • Opcode ID: 41da50852cd6e4fedca9aab5dd81626b1a942105aed5598c6c2c051a73895000
        • Instruction ID: 268132436c9528d74b2107de965cac3da09ea25f7ef5471b5d79154d46d4461b
        • Opcode Fuzzy Hash: 41da50852cd6e4fedca9aab5dd81626b1a942105aed5598c6c2c051a73895000
        • Instruction Fuzzy Hash: 67414571710219ABDB20DF64DC46BEB77F8EF85741F5000BAFA05EA281EB749D508B98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OpenMutexW.KERNEL32(00100000,00000000,Global\ARM Update Mutex), ref: 00234760
        • CloseHandle.KERNEL32(00000000), ref: 0023476B
        • GetLastError.KERNEL32 ref: 00234773
        • OpenMutexW.KERNEL32(00100000,00000000,Global\Acro Update Mutex), ref: 0023478A
        • CloseHandle.KERNEL32(00000000), ref: 00234795
        • GetTickCount.KERNEL32 ref: 002347EA
        • Sleep.KERNEL32(00000064), ref: 0023481F
        Strings
        • Global\ARM Update Mutex, xrefs: 00234754
        • Global\Acro Update Mutex, xrefs: 0023477E
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseHandleMutexOpen$CountErrorLastSleepTick
        • String ID: Global\ARM Update Mutex$Global\Acro Update Mutex
        • API String ID: 2531223968-4182993806
        • Opcode ID: fef9448476f060297726c8c806837fb5a6e079714fe598848b1dcff0f7dcb3e2
        • Instruction ID: 20a15cd99001ce27caf11fdb3d69af9c11e4bfe117a07a99c9924b638a7ea99a
        • Opcode Fuzzy Hash: fef9448476f060297726c8c806837fb5a6e079714fe598848b1dcff0f7dcb3e2
        • Instruction Fuzzy Hash: F12138B5BA034137E2213FA0AC4BF6F354CDF92F81F150171FD09E51D2EB94A96084AA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,?,?,?,?,0044CCA8), ref: 00256939
        • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,0044CCA8), ref: 00256991
        • PathCanonicalizeW.SHLWAPI(?,?,?,?,?,?,?,?,?,0044CCA8), ref: 00256A38
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00256A4F
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00256A59
          • Part of subcall function 00227A14: _free.LIBCMT ref: 00227A27
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$FullNameSimpleString::operator=$Canonicalize_free
        • String ID: ..\$\..$\..\$\.\
        • API String ID: 3585226928-3724136865
        • Opcode ID: 93fa8c594262e0bb395a0bc5723cd62384b143f8d65059dbe584840b99d8d86e
        • Instruction ID: ce93cec6a6eeb966457c3bfbb0f2080cf39fdd8a7ff7858d5200533c54b83460
        • Opcode Fuzzy Hash: 93fa8c594262e0bb395a0bc5723cd62384b143f8d65059dbe584840b99d8d86e
        • Instruction Fuzzy Hash: C38126B1B2031257DF349F388C8EBAD72A49B44725F940669FD15E72C0EF749A6C8A4C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 003C77C7: std::invalid_argument::invalid_argument.LIBCONCRT ref: 003C77D3
        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 002F0CED
        • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,/dllLoad,00000008,00456E50,00000001,?,00000000), ref: 002F0E93
        • CloseHandle.KERNEL32(?), ref: 002F0EA3
        • CloseHandle.KERNEL32(?), ref: 002F0EAF
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseHandle$CreateFileModuleNameProcessstd::invalid_argument::invalid_argument
        • String ID: /dllLoad$D$channeltype$invalid stoi argument$stoi argument out of range
        • API String ID: 2242690987-592710390
        • Opcode ID: 6d837e8885e7bb7bc11da2834c3d39423c29ef087048181480bc906acb9e5e24
        • Instruction ID: e3d878e4ca91991123bd9f15bce854db6ac32603c2ab7b650f9d7ec179341409
        • Opcode Fuzzy Hash: 6d837e8885e7bb7bc11da2834c3d39423c29ef087048181480bc906acb9e5e24
        • Instruction Fuzzy Hash: 7CB18A71D2022DAADB24DFA4CD89BEDB7B4FF18704F2002DAE509A6191DB746B94CF50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateFileW.KERNEL32(00000001,C0000000,00000000,00000000,00000003,00190000,00000000,00000000,?,00234806,00000000,00000000,00000001), ref: 002B7527
        • GetLastError.KERNEL32(?,00234806,00000000,00000000,00000001), ref: 002B7534
        • SetNamedPipeHandleState.KERNEL32(00000000,00234806,00000000,00000000), ref: 002B7564
        • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000), ref: 002B757E
        • CharNextW.USER32 ref: 002B7588
        • CloseHandle.KERNEL32(00000000), ref: 002B7631
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: FileHandle$CharCloseCreateErrorLastNamedNextPipeStateWrite
        • String ID:
        • API String ID: 2592542166-0
        • Opcode ID: 5b94ab5501ebb8960da6410f545dcc12bb0c03080f6190f6f2695411d9bc24ec
        • Instruction ID: 835098b4a1947ce1c1d4c5004f21922cb84a36102d7229dcc6dfa063bcd6cb9d
        • Opcode Fuzzy Hash: 5b94ab5501ebb8960da6410f545dcc12bb0c03080f6190f6f2695411d9bc24ec
        • Instruction Fuzzy Hash: 0C41A2B5B10219ABEB20DFA8EC85BEE77ACEB84750F404165FD16E7280D7309D00CBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00233EA0: RegCreateKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,00233D33,00000000,00000000,?,BB40E64E), ref: 00233F1D
          • Part of subcall function 00233EA0: RegCloseKey.ADVAPI32(00000000), ref: 00233F2E
        • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000004,?,?,80000002,SOFTWARE\Justsystem\ATOK\Setup\Folder,00020019,BB40E64E,?,00000002), ref: 00271427
        • PathIsDirectoryW.SHLWAPI(?,?,80000002,SOFTWARE\Justsystem\ATOK\Setup\Folder,00020019,BB40E64E,?,00000002), ref: 0027144A
          • Part of subcall function 003579B0: PathFileExistsW.SHLWAPI(0027162A,?,00000002,?,0027162A,00000000,?,?,?,?,?,?,?,ATFSVR,.exe), ref: 003579CB
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$ExistsFile$CloseCreateDirectory
        • String ID: !$.exe$ATFSVR$ATOK$Atok$SOFTWARE\Justsystem\ATOK\Setup\Folder
        • API String ID: 3786995744-4130462254
        • Opcode ID: 73db2616de15159ca82294bb5546bfa7dbc2b3ed1fc37f57b5990eda583440f0
        • Instruction ID: b762035ee98ed3b71e89d7ae049f80f01ded586297f5e23a633896ac2d87e4d8
        • Opcode Fuzzy Hash: 73db2616de15159ca82294bb5546bfa7dbc2b3ed1fc37f57b5990eda583440f0
        • Instruction Fuzzy Hash: 76128E71D11269EADF25EBA4CD89BDDB7B8AF14300F1041DAE409A3241EB746F98CF61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32(?,?), ref: 0024C798
        • GetLocalTime.KERNEL32(00000000,?,?), ref: 0024C8AE
        • _Smanip.LIBCPMT ref: 0024C8C6
        • _Smanip.LIBCPMT ref: 0024C9F1
        • _Smanip.LIBCPMT ref: 0024CA2A
        • _Smanip.LIBCPMT ref: 0024CA70
        • _Smanip.LIBCPMT ref: 0024CAB6
          • Part of subcall function 0024DE50: std::_Lockit::_Lockit.LIBCPMT ref: 0024DE8A
          • Part of subcall function 0024DE50: std::_Lockit::_Lockit.LIBCPMT ref: 0024DEA8
          • Part of subcall function 0024DE50: std::_Lockit::~_Lockit.LIBCPMT ref: 0024DEC8
          • Part of subcall function 0024DE50: std::_Lockit::~_Lockit.LIBCPMT ref: 0024DFA1
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Smanip$Lockitstd::_$Lockit::_Lockit::~_$CurrentLocalThreadTime
        • String ID: %/$
        • API String ID: 711827837-4023943589
        • Opcode ID: 3eafcb32df7d521f1ed859ccbe24b5dc461d6d198e53bd21792ed6bb02b96f7e
        • Instruction ID: 45d5bc450107e3ab42ef2062603237cf038161918759792207bd3022f024ca9a
        • Opcode Fuzzy Hash: 3eafcb32df7d521f1ed859ccbe24b5dc461d6d198e53bd21792ed6bb02b96f7e
        • Instruction Fuzzy Hash: C4E1B135E10214AFCB15EFA8DC85B6DBBB6BF89310F184069E805A7392DB71AD11CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeGetcvtRegister
        • String ID: N#2
        • API String ID: 2755674607-4080754489
        • Opcode ID: 8ab545633ef2d41997bab6f076b052d012a87ae0e77513934b44b9e263c333c9
        • Instruction ID: 34c0d549d8ce294abfc9ab883dfbdc1bc045bb61b52d2e356dfd56cdf09ab254
        • Opcode Fuzzy Hash: 8ab545633ef2d41997bab6f076b052d012a87ae0e77513934b44b9e263c333c9
        • Instruction Fuzzy Hash: CD51DF71D1465ADFCB10CFA8D840BAEB7B0FF49304F144169D809AB252EB30AA55CF90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(000F01FF,0027194B,0044CCA8,00000000,BB40E64E,?,00000002,?), ref: 002724FD
        • OpenProcessToken.ADVAPI32(00000000), ref: 00272504
        • GetLastError.KERNEL32 ref: 0027251E
        • SetLastError.KERNEL32(00000000), ref: 0027253A
        • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,0000004C,0000004C), ref: 0027256E
        • ConvertSidToStringSidW.ADVAPI32(00000000,?), ref: 0027259B
        • LocalFree.KERNEL32(00000000,00000000,00429F09,00000000,?), ref: 002725DD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLastProcessToken$ConvertCurrentFreeInformationLocalOpenString
        • String ID: L
        • API String ID: 3754153456-2909332022
        • Opcode ID: 8874c63ebe71566000e19baffee69bf722de925092a4a0748425a4f41d29ce9f
        • Instruction ID: dc3d0cbcc3a2736efde198d0fd6641c5ce0b7d06122338c2153a37fb215ee6b4
        • Opcode Fuzzy Hash: 8874c63ebe71566000e19baffee69bf722de925092a4a0748425a4f41d29ce9f
        • Instruction Fuzzy Hash: 8541E1F1D10209EBDF14DFA4CD45BAEBBB8FF48700F104129E915A7280D7759A288F65
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(002351BB,00000001,0045C908,00000000,00000001), ref: 002B65FD
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: DescriptorSecurity$ConvertString
        • String ID: (A;;GA;;;$(A;;GA;;;AC)$(D;;GA;;;AN)$(D;;GA;;;NU)$9h-$D:P$S:(ML;;NW;;;LW)
        • API String ID: 3907675253-4226750067
        • Opcode ID: a0421e3536b7726d0d8db79d0382d69b781451aed51428060c97c3dbec6db402
        • Instruction ID: 78ee7dc1cd38ee8b02e52619cb02d423480f5f3bb961124d7099556d8f601d25
        • Opcode Fuzzy Hash: a0421e3536b7726d0d8db79d0382d69b781451aed51428060c97c3dbec6db402
        • Instruction Fuzzy Hash: C9418071960218EEEF10DFA4C88AFEEBBB8EF04340F540019E501B7291DB785965CF64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,00000000), ref: 002B60D9
        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 002B613A
        • GetProcAddress.KERNEL32(00000000,GetNamedPipeServerProcessId), ref: 002B614C
        • GetProcAddress.KERNEL32(00000000,GetNamedPipeClientProcessId), ref: 002B615E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressProc$CriticalHandleInitializeModuleSection
        • String ID: GetNamedPipeClientProcessId$GetNamedPipeServerProcessId$kernel32.dll$type
        • API String ID: 3576218667-3243276130
        • Opcode ID: e3f81e2ce8011d8ba359042cbb28956889c1be227ee4181b8e4f6aedd01e0f8a
        • Instruction ID: 915543bb592782fb4a4fd43ced3e050f1e386be673241718392663626202fda3
        • Opcode Fuzzy Hash: e3f81e2ce8011d8ba359042cbb28956889c1be227ee4181b8e4f6aedd01e0f8a
        • Instruction Fuzzy Hash: D64166B5A15642AFC704DF68D844B9AFBF4FF48704F10862EE81997B40D774A924CF94
        Uniqueness

        Uniqueness Score: -1.00%

        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID:
        • API String ID:
        • Opcode ID: d4e964d0521f5b03768e28a3c74dfdf553f426a9767df5928b446c599b5e6f05
        • Instruction ID: 4f368e1bbb73864be58026e1fca1722e4e1f50880eb5c4f87b1f400d154ab5af
        • Opcode Fuzzy Hash: d4e964d0521f5b03768e28a3c74dfdf553f426a9767df5928b446c599b5e6f05
        • Instruction Fuzzy Hash: E0C11870A24385AFDF19DF98D884BAD7BB0BF4A310F040099E9549B392C7749D61CF62
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0023A7D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,00425170,000000FF), ref: 0023A84F
        • GetLastError.KERNEL32(?,O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW),00000000), ref: 0023A520
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW),00000000), ref: 0023A609
        Strings
        • Failed to create a security descriptor, xrefs: 0023A544
        • O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW), xrefs: 0023A4E2
        • D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp, xrefs: 0023A696
        • D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp, xrefs: 0023A52D
        • CoInitializeSecurity() failed, result=0x, xrefs: 0023A6AD
        • MakeScopedAbsoluteSd() failed, xrefs: 0023A62D
        • D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp, xrefs: 0023A616
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: DescriptorErrorLastSecurity$ConvertString
        • String ID: CoInitializeSecurity() failed, result=0x$D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$Failed to create a security descriptor$MakeScopedAbsoluteSd() failed$O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW)
        • API String ID: 243657052-2351639334
        • Opcode ID: bf69ef90fb98c3eea0b836049ee0ce6bc441803379cdf0c20b2e5c264a029702
        • Instruction ID: 849f9d3b97a70d002ac1bd4b1671ef518bba4c5c78c41435d314e85fc649c401
        • Opcode Fuzzy Hash: bf69ef90fb98c3eea0b836049ee0ce6bc441803379cdf0c20b2e5c264a029702
        • Instruction Fuzzy Hash: 668191F1E20209ABEB10DFA4DD86BEEB7B8AF14304F140129F541BB282E7759954CF91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(0000002C,BB40E64E,00000000,0000002C), ref: 00269130
        • LeaveCriticalSection.KERNEL32(0000002C), ref: 00269328
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown$Software\Adobe\Adobe Acrobat\DC\Privileged$`$bDisableAuthDialog$bEnableRedirectCheck$bForceEnableRedirectCheck$tHostWhiteList
        • API String ID: 3168844106-1645958298
        • Opcode ID: 112860d12b1034902a638540e85a242836fd7d3bf2817a66d8649cc02e4867fb
        • Instruction ID: 7dd9e597942b73104e83c9fce9f2479611979e8a6823bac5d6fab42f8e402732
        • Opcode Fuzzy Hash: 112860d12b1034902a638540e85a242836fd7d3bf2817a66d8649cc02e4867fb
        • Instruction Fuzzy Hash: 9661B770920249ABCF00DFA8C9497ADBBB4FF4A304F24854AE4186B781D7B86958CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(000A0000,?,BB40E64E,00000000,?,00000000,?,?,?,?,?,?,?,?,00424B80,000000FF), ref: 00236AA4
        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,00424B80,000000FF,?,002421DD), ref: 00236AAB
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00424B80,000000FF,?,002421DD), ref: 00236AB5
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00424B80,000000FF,?,002421DD), ref: 00236ACC
        • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,00424B80,000000FF,?,002421DD), ref: 00236AE4
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$Process$CurrentOpenToken
        • String ID:
        • API String ID: 595180944-0
        • Opcode ID: 3afe442579453df8d3164c521605559f52de2c708f6845f82c7a33c0dc0883a3
        • Instruction ID: d4a803faaf089548f92c3ab24efdafdd915f08df79236046fed519c99a34b954
        • Opcode Fuzzy Hash: 3afe442579453df8d3164c521605559f52de2c708f6845f82c7a33c0dc0883a3
        • Instruction Fuzzy Hash: 9541BFB1910209ABDB10DFA4D948BEEFBBDEF45714F148126E811F7280EB7499258FA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OpenProcessToken.ADVAPI32(?,00000008,00000000,?,00000000), ref: 0023A41E
        • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 0023A43C
        • GetLastError.KERNEL32 ref: 0023A446
        • LocalAlloc.KERNEL32(00000000,00000000,00000002), ref: 0023A457
        • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 0023A470
        • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 0023A47C
        • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 0023A48C
        • LocalFree.KERNEL32(00000000), ref: 0023A499
        • CloseHandle.KERNEL32(00000000), ref: 0023A4A8
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Token$AuthorityInformationLocal$AllocCloseCountErrorFreeHandleLastOpenProcess
        • String ID:
        • API String ID: 134889411-0
        • Opcode ID: e121d2e00bee03d064d7c2b9f1c650591575d12c2950e95a5a280fe403ce419c
        • Instruction ID: 2dc4608694838401450019aa8fe431536a92fcda77eeca3b0fe07918df984507
        • Opcode Fuzzy Hash: e121d2e00bee03d064d7c2b9f1c650591575d12c2950e95a5a280fe403ce419c
        • Instruction Fuzzy Hash: 29216078A40209BFDB109FA5DC49BADBBB8FF45710F104064FA41E6290DB719924DB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,000000FF,?,002DDA06), ref: 0023B97D
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023B98E
        • EnterCriticalSection.KERNEL32(00000002,000000FF,?,002DDA06), ref: 0023B9C3
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023B9D4
        • EnterCriticalSection.KERNEL32(00000002), ref: 0023B9FF
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0023BA10
        Strings
        • bEnableLowLabelDllLoadRestrictions, xrefs: 0023B9DC
        • bEnableNonsystemFontRestrictions, xrefs: 0023B961
        • bEnableRemoteDllLoadRestrictions, xrefs: 0023B9A7
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: bEnableLowLabelDllLoadRestrictions$bEnableNonsystemFontRestrictions$bEnableRemoteDllLoadRestrictions
        • API String ID: 3168844106-523961019
        • Opcode ID: ba91991b4469199011bab58d2c89d94491826a233b7e96e4de0e47dbd35718d0
        • Instruction ID: 6b44994d21d586aeb2344a5fb38ba5f780adc8dd3345ee4048501c75adbf92cf
        • Opcode Fuzzy Hash: ba91991b4469199011bab58d2c89d94491826a233b7e96e4de0e47dbd35718d0
        • Instruction Fuzzy Hash: 5A212271555610FBC700EFA4EC45B8EB7A8FF46754F204266F910A32D0CBB56A24CBA9
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • _free.LIBCMT ref: 0040B510
        • _free.LIBCMT ref: 0040B527
        • _free.LIBCMT ref: 0040B544
          • Part of subcall function 00224FD0: HeapFree.KERNEL32(00000000,00000000,?,0040A01E), ref: 00224FE6
          • Part of subcall function 00224FD0: GetLastError.KERNEL32(?,?,0040A01E), ref: 00224FF8
        • _free.LIBCMT ref: 0040B55F
        • _free.LIBCMT ref: 0040B576
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorFreeHeapLast
        • String ID: -$gI
        • API String ID: 776569668-2828314583
        • Opcode ID: 184d68f504d0b31cf09efa792bc75c0d4a2d0c15819cba71140d19641832d89c
        • Instruction ID: 18cbd2126c32e0495d994beebdf76bb28347a5c051a8131b20f61c7c6f59d669
        • Opcode Fuzzy Hash: 184d68f504d0b31cf09efa792bc75c0d4a2d0c15819cba71140d19641832d89c
        • Instruction Fuzzy Hash: DBE1C031A002159BDB20EF65CC81BAB73B5EF54748F1444BBE809B7291E7399E81CB9C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002272D9: GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
          • Part of subcall function 002272D9: SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
        • _memcmp.LIBVCRUNTIME ref: 0040BB25
        • _free.LIBCMT ref: 0040BB99
        • _free.LIBCMT ref: 0040BBB2
        • _free.LIBCMT ref: 0040BBF0
        • _free.LIBCMT ref: 0040BBF9
        • _free.LIBCMT ref: 0040BC05
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorLast$_memcmp
        • String ID: C
        • API String ID: 4275183328-1037565863
        • Opcode ID: aedb8c26a0938ec821100009b222f4629e92fbd21ea2126a829fe4eb8a42804b
        • Instruction ID: 4eff04cc4561d63b4951223d5dafc8285e389afb496e5a09e16cd02e8963fcc9
        • Opcode Fuzzy Hash: aedb8c26a0938ec821100009b222f4629e92fbd21ea2126a829fe4eb8a42804b
        • Instruction Fuzzy Hash: A9B14075A112199FDB24DF18C884BAEB7B4FF48304F1045EAE909A7790D775AE90CF88
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • _ValidateLocalCookies.LIBCMT ref: 003F4487
        • ___except_validate_context_record.LIBVCRUNTIME ref: 003F448F
        • _ValidateLocalCookies.LIBCMT ref: 003F4518
        • __IsNonwritableInCurrentImage.LIBCMT ref: 003F4543
        • _ValidateLocalCookies.LIBCMT ref: 003F4598
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
        • String ID: `1?$csm
        • API String ID: 1170836740-3780494887
        • Opcode ID: 4e54faf69512389e9a9f3cc3432144d6021bd39d748dd3697bdcdd9a3a0cf590
        • Instruction ID: 9bce1eec269289c4784b8fd9d4895facb65346fd0a20e4258eee914a44d31a7d
        • Opcode Fuzzy Hash: 4e54faf69512389e9a9f3cc3432144d6021bd39d748dd3697bdcdd9a3a0cf590
        • Instruction Fuzzy Hash: FF41B634A0021D9BCF11EF59D885BAFBBF4AF45314F148066EA186B392D735DA15CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32(00000000,ios_base::failbit set,004264F0,003FE88A,004D3790,00000008,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 002272DE
        • _free.LIBCMT ref: 0022733B
        • _free.LIBCMT ref: 00227371
        • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E,?,00000000), ref: 0022737C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast_free
        • String ID: ios_base::failbit set
        • API String ID: 2283115069-3924258884
        • Opcode ID: f6d98d019a9f9d55a3537a1e06fb2fe665219522735ed3cea2ef1a4d1eb3ba1a
        • Instruction ID: 20e76954eb699c5680f1351e3783ddce9938db0282e9eff58973090785aa0663
        • Opcode Fuzzy Hash: f6d98d019a9f9d55a3537a1e06fb2fe665219522735ed3cea2ef1a4d1eb3ba1a
        • Instruction Fuzzy Hash: 73216E3273C2627AD721BBF57CC1B7B22559BC1B74F200336F924961E2DE348C226958
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(00000000,00000000,?,00000000,00240E72,00000000,00000000), ref: 0024199F
        • GetTokenInformation.ADVAPI32(00000000,00000002,00000000,00000000,00000000,?,00000000,00240E72,00000000,00000000), ref: 002419AE
        • GetLastError.KERNEL32(?,00000000,00240E72,00000000,00000000), ref: 002419B4
        • GetTokenInformation.ADVAPI32(00000000,00000002,00000000,00000000,00000000,?,?,?,?,00000000,00240E72,00000000,00000000), ref: 002419FF
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorInformationLastToken
        • String ID:
        • API String ID: 2700267200-0
        • Opcode ID: 203b99edcee445d98e9a76d20de0c0f22428830a0ebed8cb4f9557fbc782a2bf
        • Instruction ID: 60c2dc22d84328839e503c61238a9503e6fe7da68a084ec2ed7393b364b787ce
        • Opcode Fuzzy Hash: 203b99edcee445d98e9a76d20de0c0f22428830a0ebed8cb4f9557fbc782a2bf
        • Instruction Fuzzy Hash: A931D235A11216BFDB248FA4EC45BAEBBBCEF45B50F140068F909D6241DB358BB0CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • OpenProcessToken.ADVAPI32(?,00000008,00000000,BB40E64E,?), ref: 003060A3
        • GetTokenInformation.ADVAPI32(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 003060CD
        • GetLastError.KERNEL32 ref: 003060D7
        • LocalAlloc.KERNEL32(00000000,00000000), ref: 003060E7
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Token$AllocErrorInformationLastLocalOpenProcess
        • String ID:
        • API String ID: 429674843-0
        • Opcode ID: c3d91bdd245f70858adec7c30743cd25be1b6f655cc76f16e6e52a433a1dcab3
        • Instruction ID: 90cae88532088c462f8da60638b2b86881487d7926b80790b60a9a45f6b41f57
        • Opcode Fuzzy Hash: c3d91bdd245f70858adec7c30743cd25be1b6f655cc76f16e6e52a433a1dcab3
        • Instruction Fuzzy Hash: AD31D075A01209EFEB12CFA0DD16BAEBBB8FF05710F204125F901A72D1D7319A24DB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,?,?), ref: 00247769
        • LeaveCriticalSection.KERNEL32(00000002), ref: 00247858
        Strings
        • Failed to add sandbox rule., xrefs: 002477E7
        • error = , xrefs: 002477E2
        • , subsystem = , xrefs: 002477DC
        • D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sandbox_policy_base.cc, xrefs: 002477A5
        • , semantics = , xrefs: 002477D1
        • , pattern = ', xrefs: 002477C4
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: error = $, pattern = '$, semantics = $, subsystem = $D:\B\T\Imports\Open\Chrome\Chrome\src\sandbox\win\src\sandbox_policy_base.cc$Failed to add sandbox rule.
        • API String ID: 3168844106-2374182953
        • Opcode ID: baaf2efa1c97c84035079aac80b186f43327b4dd3dc08b15fa8fdd65714528a9
        • Instruction ID: 8b8d4eb35409ffbbdc2115b964732df19a05d5353021ab5431091e72cd982724
        • Opcode Fuzzy Hash: baaf2efa1c97c84035079aac80b186f43327b4dd3dc08b15fa8fdd65714528a9
        • Instruction Fuzzy Hash: 7731B571E503046BCF00AF64EC47F9FBB68AF14742F00043AFD15A7293EA755A2C8A69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,00000000,00000014,?,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250538
        • GetLastError.KERNEL32(?,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250543
        • EnumThreadWindows.USER32(000000FF,00308780,00000000,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250553
        • PostThreadMessageW.USER32(000000FF,00000012,00000000,00000000,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250560
        • SetLastError.KERNEL32(00000000,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250567
        • WaitForSingleObject.KERNEL32(?,00001388,?,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250573
        • TerminateThread.KERNEL32(?,00000000,002AD774,000000FF,?,BB40E64E,?,00000000,004254E0,000000FF,?,002AD557), ref: 00250587
        • WaitForSingleObject.KERNEL32(?,000000FF,?,002AD557), ref: 00250590
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ObjectSingleThreadWait$ErrorLast$EnumMessagePostTerminateWindows
        • String ID:
        • API String ID: 3252727915-0
        • Opcode ID: 6fb766ab8f951a9060cf2dced9e7380f9cb06d330b5a8169258894f253c51f50
        • Instruction ID: 49e170f8df217fac54a3f64f7446ce023388470ee75d32d9a5d5cd6dfdddf4b3
        • Opcode Fuzzy Hash: 6fb766ab8f951a9060cf2dced9e7380f9cb06d330b5a8169258894f253c51f50
        • Instruction Fuzzy Hash: A701D63634430577E7111FA5BC89FAA3BACBBCBF62F540124FA08D50D0DBB494029A2C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(0000001C,?,004621D8,?,00462180,?,00462128,?,004620D0,?,00462078,?,00462020,BB40E64E,00000000,00000000), ref: 002413C6
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        • EnterCriticalSection.KERNEL32(00000001), ref: 002414B3
        • LeaveCriticalSection.KERNEL32(00000001), ref: 002414C4
        • EnterCriticalSection.KERNEL32(00000001), ref: 002414DE
        • LeaveCriticalSection.KERNEL32(00000001), ref: 002414EF
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$Concurrency::cancel_current_taskInitialize
        • String ID: compute-only-broker$type
        • API String ID: 3507388499-2000678818
        • Opcode ID: 1303558d479e723a0f0ffa0a7e149b53e17ca420b1131211b19fd3ed4a4487fb
        • Instruction ID: eeff7c16d452a42a62142af5acdc183d85dae8b5e39c075433579abdca45fc15
        • Opcode Fuzzy Hash: 1303558d479e723a0f0ffa0a7e149b53e17ca420b1131211b19fd3ed4a4487fb
        • Instruction Fuzzy Hash: 98D1C321C28F86ABD306CF28DA406F4B770BF66314F05A395D98866523FBB0B6E4C755
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00266C40: PathAppendW.SHLWAPI(00000000,00000000), ref: 00266CAA
          • Part of subcall function 00266C40: PathAddBackslashW.SHLWAPI(00000000), ref: 00266CC0
        • GetProcAddress.KERNEL32(00000000,GetColorDirectoryW,?,?,00000000,00000001,?,?,00000000,00000001,?,?,00000000,00000001,BB40E64E,00425C50), ref: 00357736
        • FreeLibrary.KERNEL32(00000000,?,?,00000000,00000001,?,?,00000000,00000001,?,?,00000000,00000001,BB40E64E,00425C50,00425C50), ref: 003577B6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$AddressAppendBackslashFreeLibraryProc
        • String ID: GetColorDirectoryW$\Common Files\Adobe\Color$\Common Files\Adobe\Fonts$mscms.dll
        • API String ID: 3866186713-2212940050
        • Opcode ID: 92e62f6276e8fa0ed60478edeec178affcfc041ae99e674510618b23c46675c7
        • Instruction ID: 7f748816a92c5ac883b95fed63bb3dd6963465e049cdd081f2de72d774a1d1c0
        • Opcode Fuzzy Hash: 92e62f6276e8fa0ed60478edeec178affcfc041ae99e674510618b23c46675c7
        • Instruction Fuzzy Hash: 1F519270A41218ABDB21EB94DC4AFDEB3B9EB08710F1002D5F919A72E1DBB45F44CE54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(LPK.DLL,?,00000018,?,?), ref: 003242DF
        • GetModuleHandleW.KERNEL32(GDI32.DLL,?,00000018,?,?), ref: 003242EE
        • GetProcAddress.KERNEL32(00000000,GdiInitializeLanguagePack,?,00000018,?,?), ref: 003242FE
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: HandleModule$AddressProc
        • String ID: GDI32.DLL$GdiInitializeLanguagePack$LPK.DLL
        • API String ID: 1883125708-1639702017
        • Opcode ID: 6f95c8b9a7e53c0af91aa41bef87edf145745a8182fd11ca658d737833cb7c66
        • Instruction ID: 2990a61c96b9b86331082181b5488a8a9aa9f07316d332e84343bba35ba3ba20
        • Opcode Fuzzy Hash: 6f95c8b9a7e53c0af91aa41bef87edf145745a8182fd11ca658d737833cb7c66
        • Instruction Fuzzy Hash: 0E519CB0A10B119FD721CF24D80475AFBE4BF08704F10862ED999DB780E7B9A5248FC5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(0000002C,?,?,BB40E64E,00000000,15555555,?,?,00000000,00426244,000000FF), ref: 0024B83F
        • RegOpenKeyExW.ADVAPI32(80000002,Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,00000000,00020019,15555555,?,?,BB40E64E,00000000), ref: 0024B861
        • RegQueryValueExW.ADVAPI32(00000000,bDisableCryptBroker,00000000,00000004,?,?,?,?,BB40E64E,00000000), ref: 0024B892
        • RegCloseKey.ADVAPI32(00000000,?,?,BB40E64E,00000000), ref: 0024B8B4
        Strings
        • bDisableCryptBroker, xrefs: 0024B88A
        • Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown, xrefs: 0024B857
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseCriticalInitializeOpenQuerySectionValue
        • String ID: Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown$bDisableCryptBroker
        • API String ID: 1679772382-1129665463
        • Opcode ID: 3460bd292e19d3caf97435f176cfaf2af16cc4f0e869d42eba333cbd8eeb7a37
        • Instruction ID: 633959136bcb6bb06e7dec9087ba4b2b4aec67a7be1b3fe4b894f1f7e784ec54
        • Opcode Fuzzy Hash: 3460bd292e19d3caf97435f176cfaf2af16cc4f0e869d42eba333cbd8eeb7a37
        • Instruction Fuzzy Hash: 04514CB0904315DFDB11CF64C809B9AFBF4FF08714F20816AE549AB251E7B5AA14CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,00000000,?,?,?,?,00000000), ref: 002303CB
        • RegQueryValueExW.ADVAPI32(00000000,?,00000000,00000000,00000000,00000004,?,?,?,?,00000000), ref: 002303FC
        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,00000000), ref: 00230420
        • RegCloseKey.ADVAPI32(00000000,?,?,?,?,00000000), ref: 00230455
        Strings
        • Software\Adobe\Acrobat Reader\DC\FeatureState, xrefs: 00230368
        • Software\Adobe\Adobe Acrobat\DC\FeatureState, xrefs: 0023038A, 0023039C
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Close$OpenQueryValue
        • String ID: Software\Adobe\Acrobat Reader\DC\FeatureState$Software\Adobe\Adobe Acrobat\DC\FeatureState
        • API String ID: 1607946009-104477300
        • Opcode ID: 0c044cf5aa175fc5bfbf0bc75ba73acc60d3758ceeb16a5c8c2a2edeae7eeb52
        • Instruction ID: 7c6d27b0265eb5bed8d051fbdd71b79d957013d8bb29e6f33c724448421bff42
        • Opcode Fuzzy Hash: 0c044cf5aa175fc5bfbf0bc75ba73acc60d3758ceeb16a5c8c2a2edeae7eeb52
        • Instruction Fuzzy Hash: 26419575A5022DABDB10DF94EC997EAB3B8EF58304F1001AAEB09D7181D7715E648F90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 00234B70: VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00234BCE
          • Part of subcall function 00234B70: VerSetConditionMask.KERNEL32(00000000), ref: 00234BD6
          • Part of subcall function 00234B70: VerSetConditionMask.KERNEL32(00000000), ref: 00234BDE
          • Part of subcall function 00234B70: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00234C0B
        • GetCurrentProcess.KERNEL32(00000000,00000000,?,?,00000000), ref: 0023BC09
        • IsProcessInJob.KERNEL32(00000000,?,?,00000000), ref: 0023BC10
        • QueryInformationJobObject.KERNEL32(00000000,00000009,?,00000070,00000000,?,?,?,?,?,00000000), ref: 0023BC4D
        • VerSetConditionMask.KERNEL32(00000000,00000000,00000040,00000006,?,?,?,?,?,?,?,?,00000000), ref: 0023BCA2
        • VerifyVersionInfoW.KERNEL32(0000011C,00000040,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0023BCB3
        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0023BCC8
        • ProcessIdToSessionId.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0023BCCF
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConditionMaskProcess$CurrentInfoVerifyVersion$InformationObjectQuerySession
        • String ID:
        • API String ID: 1101386137-0
        • Opcode ID: f3ce117e9353fe9cc5cbbe3286ac9b263b7b2e18c8905007b79f8fafaa2d2742
        • Instruction ID: 5cccd8159bdcd69da7d80bed1a67b4e84739e847dac78131276504c4321e7f3b
        • Opcode Fuzzy Hash: f3ce117e9353fe9cc5cbbe3286ac9b263b7b2e18c8905007b79f8fafaa2d2742
        • Instruction Fuzzy Hash: 72316174E50308BBEB20DFA1EC4ABAD77B8EB45701F0004AAFA09AA1C1DF7599549B54
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID: api-ms-$ext-ms-
        • API String ID: 0-537541572
        • Opcode ID: 27d2bdbd5f61f443c415c66006aa1dc11ebf860453285e847b55c9f11137a0db
        • Instruction ID: f96a362bc0ad1db1735f8874dd0a2510641ef1f3fa25eb9cbfb6ba570edb3c26
        • Opcode Fuzzy Hash: 27d2bdbd5f61f443c415c66006aa1dc11ebf860453285e847b55c9f11137a0db
        • Instruction Fuzzy Hash: 3D21A175E01220ABDB219BA49C41F1B7778AF417A0B220572F915BB2D1D678FC0985ED
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0041328F: _free.LIBCMT ref: 004132B4
        • _free.LIBCMT ref: 00413591
          • Part of subcall function 00224FD0: HeapFree.KERNEL32(00000000,00000000,?,0040A01E), ref: 00224FE6
          • Part of subcall function 00224FD0: GetLastError.KERNEL32(?,?,0040A01E), ref: 00224FF8
        • _free.LIBCMT ref: 0041359C
        • _free.LIBCMT ref: 004135A7
        • _free.LIBCMT ref: 004135FB
        • _free.LIBCMT ref: 00413606
        • _free.LIBCMT ref: 00413611
        • _free.LIBCMT ref: 0041361C
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorFreeHeapLast
        • String ID:
        • API String ID: 776569668-0
        • Opcode ID: d279237d2f8e4bc648c70727d8aa18bff4274a76a402791460f02fcdd6260d5a
        • Instruction ID: 33fed4fe536cb8ba06446aea86ec096554afab9843cfe4f4ddfd7798ed28ccce
        • Opcode Fuzzy Hash: d279237d2f8e4bc648c70727d8aa18bff4274a76a402791460f02fcdd6260d5a
        • Instruction Fuzzy Hash: 4A118131580B04FAD560BBB1EC07FDB77DC9F40749F40089EB39966852DA38B6A84A54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(ntdll.dll,00000002,?,?,?,?,?,?,?,0028500C,?,?,?,?,shell-broker-channel,BB40E64E), ref: 00305648
        • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess,type,?,?,?,?,?,?,?,0028500C,?,?,?,?,shell-broker-channel), ref: 00305659
        • GetCurrentProcess.KERNEL32(00000000,?,00000018,?,?,?,?,?,?,?,?,0028500C,?,?,?,?), ref: 0030567F
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressCurrentHandleModuleProcProcess
        • String ID: NtQueryInformationProcess$ntdll.dll$type
        • API String ID: 4190356694-1050125098
        • Opcode ID: c11df49968c0d34cf811c382c457b8ee29539e2aabaaf6c53677fd717fc6673a
        • Instruction ID: b47f7165beb55037f287d0d4e9fcbb5436db247948105033f717e4517f2609d9
        • Opcode Fuzzy Hash: c11df49968c0d34cf811c382c457b8ee29539e2aabaaf6c53677fd717fc6673a
        • Instruction Fuzzy Hash: D3018435F1162CABCB10EFA99C45AEEB7F8EF89B11B51026AFC05E3240DF7159448A94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetConsoleCP.KERNEL32(00000008,?,00000000), ref: 003FFA34
        • __fassign.LIBCMT ref: 003FFC13
        • __fassign.LIBCMT ref: 003FFC30
        • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 003FFC78
        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003FFCB8
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 003FFD64
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: FileWrite__fassign$ConsoleErrorLast
        • String ID:
        • API String ID: 4031098158-0
        • Opcode ID: 546f5c29a66e1b1a4b82e598ec2270da09218d35b7f241e58140d7ead63d7014
        • Instruction ID: 66d7ddab45abc283c7ea9c7fcc8bb32650ace617faf2d02665c3da19dc7dd006
        • Opcode Fuzzy Hash: 546f5c29a66e1b1a4b82e598ec2270da09218d35b7f241e58140d7ead63d7014
        • Instruction Fuzzy Hash: F7D18875D0025C9FCF16CFA8D8809FDBBB5FF49314F28416AE955BB246E630AA06CB50
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegQueryValueExW.ADVAPI32(0000011C,?,00000000,80000002,00000000,00000000,BB40E64E,00000000,00000000,?,?,0022DF0F,ReleaseId,?,UBR), ref: 0022E493
        • RegQueryValueExW.ADVAPI32(0000011C,?,00000000,00000001,?,00000000,00000003,?,?,?,?,0022DF0F,ReleaseId,?), ref: 0022E511
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0022E52E
        • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000,?,?,0022DF0F,ReleaseId,?), ref: 0022E550
        • ExpandEnvironmentStringsW.KERNEL32(?,?,00000000,00000001,?,?), ref: 0022E597
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0022E5A6
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: EnvironmentExpandQuerySimpleString::operator=StringsValue
        • String ID:
        • API String ID: 1427468074-0
        • Opcode ID: a664d791c0357c098125816815212995725d878898bd9d54ed7831fd516ab492
        • Instruction ID: a4ae7398d721e5dc6ae6379eb7e8556c46fccd18bbf721f5849b9637bf3ee8d4
        • Opcode Fuzzy Hash: a664d791c0357c098125816815212995725d878898bd9d54ed7831fd516ab492
        • Instruction Fuzzy Hash: 82516B31D20229AACF15DFE0E985BFDB7B9EF14300F610529F801B6290EB356E24DB61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 002318E3
        • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 00231925
        • PathCanonicalizeW.SHLWAPI(00000000,?), ref: 00231962
        • PathRemoveBackslashW.SHLWAPI(?), ref: 002319BA
        • _wcsrchr.LIBVCRUNTIME ref: 002319CD
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 002319DF
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$Name$BackslashCanonicalizeFileLongModuleRemoveSimpleString::operator=_wcsrchr
        • String ID:
        • API String ID: 1354892965-0
        • Opcode ID: 9e7d51ca23f4f711f7b6e1aba6270ad1c37ca097b501d3846a4305ad409e09a8
        • Instruction ID: 72272c3d74a3db05ac8bd1a915a031c627245f641d3ef2d47a054cf9aebfe0f9
        • Opcode Fuzzy Hash: 9e7d51ca23f4f711f7b6e1aba6270ad1c37ca097b501d3846a4305ad409e09a8
        • Instruction Fuzzy Hash: 854141B1A50218ABDB20DFA0DD46FEA73FCAB04B04F0405A6F605E71C1EB75EA54CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,00000000,?,0043181B,?,?,?,?,?,?,?,?,00000001,00425C50,000000FF), ref: 00242BE5
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,?,?,?,?,?,00000001,00425C50,000000FF), ref: 00242BF6
          • Part of subcall function 00242D30: EnterCriticalSection.KERNEL32(00000002,BB40E64E,?,00425C50,00000001), ref: 00242D7E
          • Part of subcall function 00242D30: LeaveCriticalSection.KERNEL32(00000002), ref: 00242D8F
          • Part of subcall function 00242D30: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown,00000000,00020019,?), ref: 00242DC3
          • Part of subcall function 00242D30: RegQueryValueExW.ADVAPI32(00000000,?,00000000,00000004,?,?), ref: 00242E03
          • Part of subcall function 00242D30: PathFileExistsW.SHLWAPI(?), ref: 00242E4F
        Strings
        • ProtectedModeWhitelistConfig.txt, xrefs: 00242C0F
        • ProtectedViewWhitelistConfig.txt, xrefs: 00242C9E
        • bUsePVWhitelistConfigFile, xrefs: 00242CC4
        • bUseWhitelistConfigFile, xrefs: 00242C31
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$ExistsFileOpenPathQueryValue
        • String ID: ProtectedModeWhitelistConfig.txt$ProtectedViewWhitelistConfig.txt$bUsePVWhitelistConfigFile$bUseWhitelistConfigFile
        • API String ID: 579353679-2307890901
        • Opcode ID: 927aa57b79ae838f16c70680913935bd2d81561ce4f29ea68467877327f37206
        • Instruction ID: 49d3f759bf5be9f3a2da90cdaea32960dfedf8eb04929d16571cfa39ee911e82
        • Opcode Fuzzy Hash: 927aa57b79ae838f16c70680913935bd2d81561ce4f29ea68467877327f37206
        • Instruction Fuzzy Hash: 10418F71A10209EBDF04DFE4D841BEEB7B4FF08314F10526AE815A7280DB7419098B95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentProcess.KERNEL32(000F01FF,?,BB40E64E,00000001), ref: 002B6741
        • OpenProcessToken.ADVAPI32(00000000), ref: 002B6748
        • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,0000004C,0000004C), ref: 002B67A2
        • ConvertSidToStringSidW.ADVAPI32(00000000,0000000C), ref: 002B67B9
        • LocalFree.KERNEL32(00000000,00000000,-00000002,00000000,0000000C), ref: 002B67EB
        • CloseHandle.KERNEL32(?), ref: 002B6805
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ProcessToken$CloseConvertCurrentFreeHandleInformationLocalOpenString
        • String ID:
        • API String ID: 1442563194-0
        • Opcode ID: 1a40742a1a3938e23c0eada5f877e6da82b210d91322659d9906a86805534c9d
        • Instruction ID: 7d944dbc10075fde044c1939b941bcc1eb605b42d1515bac308c43d83b7f97f1
        • Opcode Fuzzy Hash: 1a40742a1a3938e23c0eada5f877e6da82b210d91322659d9906a86805534c9d
        • Instruction Fuzzy Hash: 4E416BB5A10249AFDF10DFA4D845BEEBBB8FF48704F10412AE905B7281DB795A14CFA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,00425C50,00425C50,00000001,?,00425C50), ref: 0024A3E5
        • LeaveCriticalSection.KERNEL32 ref: 0024A3F6
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: *:$*$*:Zone.Identifier*$\/?/?\??*:$\device\volume{*}\*:
        • API String ID: 3168844106-660427737
        • Opcode ID: 9676f306533a9126e327faa04d7d5f891d98bafa124487bb144ffd0e95c7ed22
        • Instruction ID: 823e90799710932377617d01efa39e01222a75b161a70cfc606ae681f3dbc7e5
        • Opcode Fuzzy Hash: 9676f306533a9126e327faa04d7d5f891d98bafa124487bb144ffd0e95c7ed22
        • Instruction Fuzzy Hash: B231F239B80318AFCB10AF54D854B6DB7A5FF8A710F1501A5E905AB3C1C7B46E018BD6
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 00305CE2
        • PathIsRelativeW.SHLWAPI(?,?,0044CCA8,00000000,?,?,?,00425C50,?), ref: 00305D22
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: PathRelativeSimpleString::operator=
        • String ID: /?/UNC/$<>:"\|?*$\?\UNC\
        • API String ID: 818049114-2850151256
        • Opcode ID: 9d8f77322a500b73a5d9bdc29bcb46c14846eaa4884701982f606d995c177c54
        • Instruction ID: db4fcd8575ffbd5c4c0e049b5b5028190190a929ec05ee40a3f631ed6052f547
        • Opcode Fuzzy Hash: 9d8f77322a500b73a5d9bdc29bcb46c14846eaa4884701982f606d995c177c54
        • Instruction Fuzzy Hash: 1FE18E70912629EBDF25EF54DD59BAEB7B4EF04304F1001DAE409A7281EB78AB84CF54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • lstrcmpiA.KERNEL32(?,00000000,BB40E64E,ha#,00000000,004EB150,?,?,00000000,0043402C,000000FF,?,0030088F,00300B50,00000000,?), ref: 003009DF
        • ___HrLoadAllImportsForDll@4.DELAYIMP ref: 00300A25
        • __Init_thread_header.LIBCMT ref: 00300A8B
          • Part of subcall function 00228EF2: EnterCriticalSection.KERNEL32(004EBB28,00000000,00000000,?,0024DAB1,004EC90C,BB40E64E,00000000,00000000,?,?,00426578,000000FF,?,0024D410,00000000), ref: 00228EFD
          • Part of subcall function 00228EF2: LeaveCriticalSection.KERNEL32(004EBB28,?,0024DAB1,004EC90C,BB40E64E,00000000,00000000,?,?,00426578,000000FF,?,0024D410,00000000,00000000), ref: 00228F3A
        • __Init_thread_footer.LIBCMT ref: 00300AD0
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$Dll@4EnterImportsInit_thread_footerInit_thread_headerLeaveLoadlstrcmpi
        • String ID: ha#
        • API String ID: 528903374-1728342046
        • Opcode ID: a0df7cfe14141542667d6155329d6c9419fb3084ffbbe61070625f759a06513d
        • Instruction ID: 5e640a7ec3b436883cf6ba03f1f30c6dbd0935b83a3a407f595c2aee634271dc
        • Opcode Fuzzy Hash: a0df7cfe14141542667d6155329d6c9419fb3084ffbbe61070625f759a06513d
        • Instruction Fuzzy Hash: 92718775A01209DFCB15DFA8D890BAEBBF5FF49300F15816AE815A73A2DB35AC01CB54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000040,?,00000000,00267B79), ref: 0027CB82
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00489B88,?,00489B30,?,00489AD8), ref: 0027CCAD
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0027CCBE
        • CreateThread.KERNEL32(00000000,00000000,00289410,00000000,00000000,00000020), ref: 0027CCD7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Create$Event$CriticalInitializeSectionThread
        • String ID: y{&
        • API String ID: 3438895259-3131551501
        • Opcode ID: 4968ddc24b8e4cd04bc6d8fba5b29f9781b6a9007fad33cf9f8a1eedf5ada89b
        • Instruction ID: 036b42def233188f5a911cb6d0911a2416f143400c4518249842a3fd4d10247b
        • Opcode Fuzzy Hash: 4968ddc24b8e4cd04bc6d8fba5b29f9781b6a9007fad33cf9f8a1eedf5ada89b
        • Instruction Fuzzy Hash: 18616C70C14B85EBD301CF28D901BA9B7B0FF69304F15D75AE9486A562E7B0B6D4CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath,?), ref: 0026686A
        • PathAppendW.SHLWAPI(?,?), ref: 00266921
        • PathAddBackslashW.SHLWAPI(?), ref: 00266937
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$AddressAppendBackslashProc
        • String ID: SHGetKnownFolderPath$shell32.dll
        • API String ID: 696528488-2936008475
        • Opcode ID: e5a9198c6b11498275acf460d759d07e0f37b9504d6e06356699faec47d1a606
        • Instruction ID: 71df7149f3f67056204951f3bcfb7315e9fce7457c8ef9616927a904101fe4b0
        • Opcode Fuzzy Hash: e5a9198c6b11498275acf460d759d07e0f37b9504d6e06356699faec47d1a606
        • Instruction Fuzzy Hash: D041E131B1121AABDB24DF74DC497AAB3F8AF45700F0441AEAC05E7280EB30DE94CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,?,00000000,?,00428248,000000FF,?,0023E971,?,00000000), ref: 002652D8
        • LeaveCriticalSection.KERNEL32(00000002,?,0023E971,?,00000000), ref: 002652E9
          • Part of subcall function 00270400: EnterCriticalSection.KERNEL32(00000000), ref: 002705E4
          • Part of subcall function 00270400: LeaveCriticalSection.KERNEL32(00000000), ref: 002705F5
        • PathFileExistsW.SHLWAPI(?), ref: 00265372
          • Part of subcall function 002711F0: PathFileExistsW.SHLWAPI(?,?,?,?,?,00000004,?,?,80000002,SOFTWARE\Justsystem\ATOK\Setup\Folder,00020019,BB40E64E,?,00000002), ref: 00271427
          • Part of subcall function 002711F0: PathIsDirectoryW.SHLWAPI(?,?,80000002,SOFTWARE\Justsystem\ATOK\Setup\Folder,00020019,BB40E64E,?,00000002), ref: 0027144A
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$Path$EnterExistsFileLeave$Directory
        • String ID: \Acrobat\plug_ins\test_tools\AcroNGLTools\qe-ngl-tool.exe$q#
        • API String ID: 3794566247-2556033790
        • Opcode ID: ae2eec9698f5124816b95cb9974804979813ce373479875599bfd19c149e63d7
        • Instruction ID: c02388a8d4719d3d94239170e7278808d7124af4b4c4f9507736b8818b932cd5
        • Opcode Fuzzy Hash: ae2eec9698f5124816b95cb9974804979813ce373479875599bfd19c149e63d7
        • Instruction Fuzzy Hash: 6841C170A10209EBCF00EFA4C885BEEB7B4EF49314F144169E416B7381DB745964CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • DeleteFileW.KERNEL32(0000001C,?,00000010), ref: 0032496E
        • GetTempPathW.KERNEL32(00000104,?,?,00000010), ref: 00324998
        • GetTempFileNameW.KERNEL32(?,Sbx,00000000,?,?,00000010), ref: 003249BB
        • DeleteFileW.KERNEL32(?,?,00000010), ref: 003249CC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: File$DeleteTemp$NamePath
        • String ID: Sbx
        • API String ID: 2275259408-2561587664
        • Opcode ID: 0b606eac124a8d6c9e4b4dded98531abb3cf1fbf2314c369b0e284f101b6a338
        • Instruction ID: bf68d98487f7ec900c27e8350c96d94b6fa505afa315cb2e8de0c06361715f9c
        • Opcode Fuzzy Hash: 0b606eac124a8d6c9e4b4dded98531abb3cf1fbf2314c369b0e284f101b6a338
        • Instruction Fuzzy Hash: 60316B749007159FDB20DF64DC88BAAF7F8EF48700F008569E99A97550EB70E988CF58
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetSystemMetrics.USER32(00001000,BB40E64E,?,?,?,?,?,?,?,00000000), ref: 002739CA
        • GetCurrentProcessId.KERNEL32(?,GlassSessionId,00000000), ref: 00273A3B
        • ProcessIdToSessionId.KERNEL32(00000000), ref: 00273A42
        Strings
        • SYSTEM\CurrentControlSet\Control\Terminal Server, xrefs: 002739EA
        • GlassSessionId, xrefs: 00273A23
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentMetricsSessionSystem
        • String ID: GlassSessionId$SYSTEM\CurrentControlSet\Control\Terminal Server
        • API String ID: 2326196323-152818403
        • Opcode ID: 399f658bc3f4c6cc1f735dc09be23cf9772bcecf93bb55aaef2d0782b32ede5b
        • Instruction ID: dcf255dcb2a5e907d26b222f16705b46713c43a6740ed15d639b7ce48015ecf6
        • Opcode Fuzzy Hash: 399f658bc3f4c6cc1f735dc09be23cf9772bcecf93bb55aaef2d0782b32ede5b
        • Instruction Fuzzy Hash: 4821F671A14289DFCB00DFA4DC82BFEBBF4AF05700F204169E452A7282DBB65E44DB65
        Uniqueness

        Uniqueness Score: -1.00%

        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID:
        • String ID: api-ms-
        • API String ID: 0-2084034818
        • Opcode ID: 1c806d4333e94153077f23d3da61428363c4067c7c2254c3b179044f9e629dec
        • Instruction ID: 2d97043083f4861b2a2043e977b3596d2f092a355d0ffe1f815be4d2452f62ae
        • Opcode Fuzzy Hash: 1c806d4333e94153077f23d3da61428363c4067c7c2254c3b179044f9e629dec
        • Instruction Fuzzy Hash: DB11CB31A0922BABCB338B75DC44B7A3768AF457A0B220160FF12A72A0DF70DD01C5E4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.ADVAPI32(80000001,SOFTWARE\Adobe\AcroPerf,00000000,00000001,BB40E64E,?,?,?,BB40E64E,?,?), ref: 002F2D3B
        • RegQueryValueExA.ADVAPI32(BB40E64E,tOutputDir,00000000,?,004E8610,004DB2C0,?,?,?,BB40E64E,?,?), ref: 002F2D5E
        • RegCloseKey.ADVAPI32(BB40E64E,?,?,?,BB40E64E,?,?), ref: 002F2D67
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseOpenQueryValue
        • String ID: SOFTWARE\Adobe\AcroPerf$tOutputDir
        • API String ID: 3677997916-2198235117
        • Opcode ID: 06a3be22a2e3becd395fa6e0a513b03ea3c7c316438ab6b796c045668375135e
        • Instruction ID: b2a5aa04c7e6d18f9b394b7728ca9c485f9772f9fd7e0017d4951c5023ec5915
        • Opcode Fuzzy Hash: 06a3be22a2e3becd395fa6e0a513b03ea3c7c316438ab6b796c045668375135e
        • Instruction Fuzzy Hash: F401B134A50248BBDF109FA0EC46FAD7774EB05B01F10027DFA086A2D2DFB516688B9D
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process2,?,?,?,?,?,00242305), ref: 002424FB
        • GetProcAddress.KERNEL32(00000000,?,?,?,?,00242305), ref: 00242502
        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00242305), ref: 00242516
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressCurrentHandleModuleProcProcess
        • String ID: IsWow64Process2$kernel32.dll
        • API String ID: 4190356694-2577318745
        • Opcode ID: ac44fc0c09e6a670261b345e77289eeacff4448e4410db10ebb6907783ee888d
        • Instruction ID: a6263a5d1f3fe7ca32beb83f9e822477083e6adf7bd396bfe03d9c62de8e610e
        • Opcode Fuzzy Hash: ac44fc0c09e6a670261b345e77289eeacff4448e4410db10ebb6907783ee888d
        • Instruction Fuzzy Hash: 3601D135B11218EBCB14EFF8A805AAEB7A8DB4A70074001AAFC0597240DF318E18CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExA.ADVAPI32(80000001,SOFTWARE\Adobe\AcroPerf,00000000,00000001,002F30C7,002F30C7,BB40E64E,?,?), ref: 002435C7
        • RegQueryValueExA.ADVAPI32(?,bLaunchTiming,00000000,00000000,00000000,?), ref: 002435F4
        • RegCloseKey.ADVAPI32(?), ref: 0024360B
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseOpenQueryValue
        • String ID: SOFTWARE\Adobe\AcroPerf$bLaunchTiming
        • API String ID: 3677997916-362800493
        • Opcode ID: cdf86f85382f5948961ab3f922147becf003e824065fe6b1c7b0952613257778
        • Instruction ID: da737db64c14a356a8d56916fe5b19849b721b3e093d882b24f6c9fd91662702
        • Opcode Fuzzy Hash: cdf86f85382f5948961ab3f922147becf003e824065fe6b1c7b0952613257778
        • Instruction Fuzzy Hash: FF010C74A10209ABDF10DFA0DC45BAD77B4EF08704F10456DB915AB291EAB55654CF4C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00402861,?,?,00402829,?,?,?), ref: 00402881
        • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,?,00402861,?,?,00402829,?,?,?), ref: 00402894
        • FreeLibrary.KERNEL32(00000000,?,?,00402861,?,?,00402829,?,?,?), ref: 004028B7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressFreeHandleLibraryModuleProc
        • String ID: CorExitProcess$mscoree.dll
        • API String ID: 4061214504-1276376045
        • Opcode ID: 824f57a683d93016562d7d1899037696417a1ab87fab061e9b4a6ab77ee042c7
        • Instruction ID: f6834dfcf1068f603ef34a52dd56db4d8b6ff47536a9703c710828d64a9addb2
        • Opcode Fuzzy Hash: 824f57a683d93016562d7d1899037696417a1ab87fab061e9b4a6ab77ee042c7
        • Instruction Fuzzy Hash: 25F0FE39611619BBDB12AB90ED0AF9E7AA5EF41B55F104175B801B11E0CBB88E00DB98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 002761E7
        • LeaveCriticalSection.KERNEL32(?), ref: 002761FB
        • EnterCriticalSection.KERNEL32(?), ref: 00276234
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$Enter$Leave
        • String ID: DOS
        • API String ID: 2801635615-223457162
        • Opcode ID: 059a54e69bf56c806a420ab585108bf8205ddb2f2ec9abc783f08ea91b72e3f9
        • Instruction ID: 2557c7684fea108bd1707002cc1eacd334e0c41f8bcd7859b4c9c4e9926af5a2
        • Opcode Fuzzy Hash: 059a54e69bf56c806a420ab585108bf8205ddb2f2ec9abc783f08ea91b72e3f9
        • Instruction Fuzzy Hash: D7A1EC71D10609DBCF14CFA8D849BEEBBB5FF49314F148259E409BB281D774AA94CBA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32 ref: 0023F5B6
        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0023F5F4
        • AllowSetForegroundWindow.USER32(00000000,?,?,00000000), ref: 0023F651
          • Part of subcall function 00232620: SignalObjectAndWait.KERNEL32(00000000,0000000F,000003E8,?,?,00000000,?,00000000,00000004,00000000,00000000,?,00000000,?,?), ref: 00232678
        • SetLastError.KERNEL32(?), ref: 0023F7B1
        • SetLastError.KERNEL32(?,00000000,?,00000005,?,00000010,00000001,00000006,00000004,?,00000004,00000000,00000002,00000003,?,00000000), ref: 0023F7DB
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$AllowCurrentDirectoryForegroundObjectSignalWaitWindow
        • String ID:
        • API String ID: 1900345581-0
        • Opcode ID: c100447360dbb92d2892e441e319b54a72bff0404b7fac70b9ecba2e2f89cab2
        • Instruction ID: 66467a9dfdf332aad916e53497babfbbee71e6acb0d6d87ab6d625e8eb50dba8
        • Opcode Fuzzy Hash: c100447360dbb92d2892e441e319b54a72bff0404b7fac70b9ecba2e2f89cab2
        • Instruction Fuzzy Hash: 1F61A2B1A20229ABDF60EF64DD99BEDB365EF84700F0000A9F9096B2C1DB715D65CF51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 0023C1F0: GetCurrentDirectoryW.KERNEL32(00000104,?,002591AD), ref: 0023C21C
        • GetSystemDirectoryW.KERNEL32(?,00000104,?,?,?,002591AD), ref: 0025ED74
        • SetCurrentDirectoryW.KERNEL32(?,0044CCA8,00000000,?,?,?,002591AD), ref: 0025EE1D
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0025EED9
        • SimpleUString::operator=.MSOBJ140-MSVCRT ref: 0025EEEA
        • SetCurrentDirectoryW.KERNEL32(002591AD,?,?,00458FFC,?,?,00000001,?,?,?,002591AD), ref: 0025EF20
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Directory$Current$SimpleString::operator=$System
        • String ID:
        • API String ID: 216901848-0
        • Opcode ID: f141cda917c69499fdbddd1564446f4e68b89acfbaf5c336e36de1f2534429e5
        • Instruction ID: 81bb87b494817d05df21b0b34d8104063875a667384ce12f420306ba8cf0c559
        • Opcode Fuzzy Hash: f141cda917c69499fdbddd1564446f4e68b89acfbaf5c336e36de1f2534429e5
        • Instruction Fuzzy Hash: BA814A74924228DADF64DF64CC89BDDB7B4FB04305F1006E9E809A3290DB796B98CF94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,Software\Adobe\Adobe Acrobat\DC\AVGeneral,00000029,BB40E64E,00000033,00000000,?), ref: 002E3784
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002E3792
        Strings
        • Software\Adobe\Adobe Acrobat\DC\AVGeneral, xrefs: 002E37A2
        • \cSandboxLaunchFailure, xrefs: 002E37B7
        • Software\Adobe\Adobe Acrobat\DC\AVGeneral, xrefs: 002E374D
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: Software\Adobe\Adobe Acrobat\DC\AVGeneral$Software\Adobe\Adobe Acrobat\DC\AVGeneral$\cSandboxLaunchFailure
        • API String ID: 3168844106-4132872981
        • Opcode ID: 9efa951c9a9d6a9e07083b23707234902a7d764cb88c578bb2193f6da8536e60
        • Instruction ID: 6b20f085d1604c382bfb77873416537fd3f59ef9c4267a7a5c0328037caa00f1
        • Opcode Fuzzy Hash: 9efa951c9a9d6a9e07083b23707234902a7d764cb88c578bb2193f6da8536e60
        • Instruction Fuzzy Hash: 28416871D11259EEDF00DFA4D985BEEBBB5FF49304F60412AF91167280E7782A09CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,Software\Adobe\Adobe Acrobat\DC\InstallPath,0000002B,BB40E64E,?,00000002,?,?,?,?,?,?,?,?,?), ref: 00241AFF
        • LeaveCriticalSection.KERNEL32(00000002,?,?,?,?,?,?,?,?), ref: 00241B0D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: 9.$$9.$$Software\Adobe\Adobe Acrobat\DC\InstallPath
        • API String ID: 3168844106-2622065017
        • Opcode ID: 16ca4fd0193c69dbef4825c0e54a21e43e9b2443ceca105020bb8de822fd45e2
        • Instruction ID: 92d0c70667c491cad1a93b1b80c31b93733eb4c5c57cee8e320145f0b3ce0689
        • Opcode Fuzzy Hash: 16ca4fd0193c69dbef4825c0e54a21e43e9b2443ceca105020bb8de822fd45e2
        • Instruction Fuzzy Hash: 91317C71D11248EEDF04DFE4D985BEEBBB8FF49314F20405AE805A7281E7B46A19CB64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VirtualQuery.KERNEL32(?,?,0000001C,?,?), ref: 00236732
        • GetLastError.KERNEL32(?,?), ref: 0023673C
        • VirtualProtect.KERNEL32(?,?,00000004,00000000,?,?), ref: 0023676F
        • VirtualProtect.KERNEL32(?,?,00000000,00000000,?,?), ref: 0023678F
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Virtual$Protect$ErrorLastQuery
        • String ID:
        • API String ID: 3866787730-0
        • Opcode ID: be7342700c5a37a3f1759d65d795c00270dfc463f0efd70588543ab7cd8b18c3
        • Instruction ID: 9639688c8e3d18b5e0ae4fd2a91937f0f76e502b5d07e25f468c93656a1c981e
        • Opcode Fuzzy Hash: be7342700c5a37a3f1759d65d795c00270dfc463f0efd70588543ab7cd8b18c3
        • Instruction Fuzzy Hash: 7F219F76B00118BBDB00DFA9EC85BAEB7ACEF89711F50017AFD09D6241DB365D188A90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000000,BB40E64E,00000000,?,0043181B,?,0023E80F), ref: 00242B05
        • LeaveCriticalSection.KERNEL32(00000000,?,0023E80F), ref: 00242B13
        • EnterCriticalSection.KERNEL32(00000000,?,0023E80F), ref: 00242B2B
        • LeaveCriticalSection.KERNEL32(00000000,?,0023E80F), ref: 00242B39
        • EnterCriticalSection.KERNEL32(00000000,?,0023E80F), ref: 00242B51
        • LeaveCriticalSection.KERNEL32(00000000,?,0023E80F), ref: 00242B5F
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 8e0c27b3b05a3e5b6a9e0586e62cbf280df508a15d806fe0c7841b4688fa201f
        • Instruction ID: 32813ece974efdee0bec80b7d670c0d54521fe122bf37beb82a636768246dbb9
        • Opcode Fuzzy Hash: 8e0c27b3b05a3e5b6a9e0586e62cbf280df508a15d806fe0c7841b4688fa201f
        • Instruction Fuzzy Hash: 9A31FE3AA06295EFCB01DFA8D94479DFFB4FF4A700F184099E840A7381C7B06A09CB95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E), ref: 00259559
        • LeaveCriticalSection.KERNEL32(00000002), ref: 0025956A
        • EnterCriticalSection.KERNEL32(00000002), ref: 0025959E
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002595AF
        • EnterCriticalSection.KERNEL32(00000002), ref: 002595D6
        • LeaveCriticalSection.KERNEL32(00000002), ref: 002595E7
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 108ab4540a074ff076953f96924fae49d05c433c1ab9a4973a8691eb31596c69
        • Instruction ID: 76f073884c2b7fbd007cbdc9d61d61b2467e399c26bd1832e79a09a815b864c5
        • Opcode Fuzzy Hash: 108ab4540a074ff076953f96924fae49d05c433c1ab9a4973a8691eb31596c69
        • Instruction Fuzzy Hash: E621E076916645EFCB00CFA4DD047DAFBB8FB4A320F204266E850A3380D7B56A19CBD4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • _free.LIBCMT ref: 0041302F
          • Part of subcall function 00224FD0: HeapFree.KERNEL32(00000000,00000000,?,0040A01E), ref: 00224FE6
          • Part of subcall function 00224FD0: GetLastError.KERNEL32(?,?,0040A01E), ref: 00224FF8
        • _free.LIBCMT ref: 00413041
        • _free.LIBCMT ref: 00413053
        • _free.LIBCMT ref: 00413065
        • _free.LIBCMT ref: 00413077
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorFreeHeapLast
        • String ID:
        • API String ID: 776569668-0
        • Opcode ID: bb7bb72eb420be3bb048f5395946f6592e18308c223d821e756aa6851d9ae809
        • Instruction ID: 3fc2f3615346d28505c4b114fa37aa6f28a7eddf17fb7b2143eb466f64906e85
        • Opcode Fuzzy Hash: bb7bb72eb420be3bb048f5395946f6592e18308c223d821e756aa6851d9ae809
        • Instruction Fuzzy Hash: 69F04F32505211ABC620EF98F9C6D5777D9AA48711B540807F048E7E18C734FD90CE5C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: H_prolog3__wcschr
        • String ID: locale$tr_tr
        • API String ID: 1799206315-2034423149
        • Opcode ID: 079072c60bcdefdc637ea0e955b986991de1dab78b40921257d8c5e3355ed333
        • Instruction ID: 8bbd65e976604b130c10d532419c36b767eb82b6ae1a6d9cc7359dbd1030ae0f
        • Opcode Fuzzy Hash: 079072c60bcdefdc637ea0e955b986991de1dab78b40921257d8c5e3355ed333
        • Instruction Fuzzy Hash: C9C1BB71D02219DBCF16DFA8D895A9DB7F4BF05705F60805AE804AB282DB749E48CF58
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCurrentThreadId.KERNEL32({100184D2-BDC3-477a-B8D3-65548B67914C}_,00000027,BB40E64E,?,00000000), ref: 002727E1
        • CreateMutexW.KERNEL32(00000000,00000000,?,?,00000000,0044CCA8,?,00000000,0044CCA8,00000000,00000000,?), ref: 002728C0
        • CloseHandle.KERNEL32(?), ref: 00272A50
        Strings
        • {100184D2-BDC3-477a-B8D3-65548B67914C}_, xrefs: 002727B4
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseCreateCurrentHandleMutexThread
        • String ID: {100184D2-BDC3-477a-B8D3-65548B67914C}_
        • API String ID: 2866102626-2756177781
        • Opcode ID: 61aabfbb86aa9f28b7f7f60f14f374f9e341056762476b92068f2e4b1f5777d0
        • Instruction ID: c5aef3dbadbce43fb7e74dbf12138db22a5f788587c83f250399ac58bc36cc5e
        • Opcode Fuzzy Hash: 61aabfbb86aa9f28b7f7f60f14f374f9e341056762476b92068f2e4b1f5777d0
        • Instruction Fuzzy Hash: 33B15871D10259DFDF24CFA8C844BEEBBB5FF48304F248119E819A7290D774AA59CBA1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • Concurrency::cancel_current_task.LIBCPMT ref: 0030DCD3
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Concurrency::cancel_current_task
        • String ID: kPC$kPC$kPCkPC
        • API String ID: 118556049-1874111337
        • Opcode ID: 9fc1be619e46e0f5ce13fbe9af20ffe213d1a0721da6bf85fe18ff0b5ec836a6
        • Instruction ID: e232df40bd3c5e8457db68b7c239e899c5cd6194f262d9d2b42852b54b410b1f
        • Opcode Fuzzy Hash: 9fc1be619e46e0f5ce13fbe9af20ffe213d1a0721da6bf85fe18ff0b5ec836a6
        • Instruction Fuzzy Hash: DE41D2B1601106AFD709DFACCD9186AB7E9EB483007258629F81AC7780E770FE15CB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(?,BB40E64E), ref: 002371D5
        • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 002371E1
          • Part of subcall function 00237400: ReleaseSRWLockExclusive.KERNEL32(00000000,BB40E64E,?,00000000,00000001), ref: 002374AA
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressExclusiveHandleLockModuleProcRelease
        • String ID: GetHandleVerifier
        • API String ID: 3853427727-1090674830
        • Opcode ID: 62e6e98ce47e40343efeb6ff80d92b2493b7eba9068e9a1e762797bdf56a7590
        • Instruction ID: 04b4c7c9ab0398d63887f2ece50084106dbfe987f58dabf85bcf5e5953969685
        • Opcode Fuzzy Hash: 62e6e98ce47e40343efeb6ff80d92b2493b7eba9068e9a1e762797bdf56a7590
        • Instruction Fuzzy Hash: B23126F1D28749ABDF20DF64D84575ABBB4AB41710F10022AFC04A7382EBB45A60CBD0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,BB40E64E,?,?,?,?,?,?,?,00000000), ref: 00276570
        • GetProcAddress.KERNEL32(00000000,GetCurrentPackageFullName,?,?,?,?,?,?,00000000), ref: 00276584
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: GetCurrentPackageFullName$Kernel32.dll
        • API String ID: 1646373207-2693161168
        • Opcode ID: 84794a9503b2d13a5509b17048d01c6b8a6cd38fc74dc15306fd7d3f506f751c
        • Instruction ID: 044f0fc7dad0313a518854a5a918e7d10eb1e31912ad96e3dc268ceaa64ee442
        • Opcode Fuzzy Hash: 84794a9503b2d13a5509b17048d01c6b8a6cd38fc74dc15306fd7d3f506f751c
        • Instruction Fuzzy Hash: 99212870E1020A9BDF04DFA4CC497AFB7B8EB09700F64872EE815A7680DB7C9A048B54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • PathAppendW.SHLWAPI(00000000,00000000), ref: 00266CAA
        • PathAddBackslashW.SHLWAPI(00000000), ref: 00266CC0
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Path$AppendBackslash
        • String ID: P\B$P\BP\B
        • API String ID: 1323178287-3164742300
        • Opcode ID: 73e3decabc51c6f37092b0cf0d1f07b21cfd9cdf3ee87ecca688deb1d8f93f69
        • Instruction ID: f09fa310e5e7a34af96d4dfa695b29b3fdae68ce4ad06e06115010f1a96b7955
        • Opcode Fuzzy Hash: 73e3decabc51c6f37092b0cf0d1f07b21cfd9cdf3ee87ecca688deb1d8f93f69
        • Instruction Fuzzy Hash: 7D21E471A50619A7DB20DFA5DD4DBEA73B8AF44704F04045AAA05D7180E7B1EA948B90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(ntdll.dll,?,00000002,00000000,00000000,?,BB40E64E,?,00000000), ref: 0030370A
        • GetProcAddress.KERNEL32(00000000,RtlCompareUnicodeString), ref: 0030371E
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: RtlCompareUnicodeString$ntdll.dll
        • API String ID: 1646373207-3910902485
        • Opcode ID: 789abc3ed5e31b9e031388e8a6a90bbee408a32a83524d1be0bce3dbc9eb574f
        • Instruction ID: 118f7ca8011277f4075e838ceb218a284c67007748eef9a36731711cf01b0d6f
        • Opcode Fuzzy Hash: 789abc3ed5e31b9e031388e8a6a90bbee408a32a83524d1be0bce3dbc9eb574f
        • Instruction Fuzzy Hash: A821D7B5A11218BBCF10DFA4EC45A9EB3FCEF05711B10056EFC0597281DB71AA14CB91
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,00000004,00000000,BB40E64E,00000101,00000000,00000004), ref: 0028B226
        • GetProcAddress.KERNEL32(00000000,RtlCompareUnicodeString), ref: 0028B236
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: RtlCompareUnicodeString$ntdll.dll
        • API String ID: 1646373207-3910902485
        • Opcode ID: 0fbaafbfb93f19db8e11af9fcbecaff6f9913801fce34fa26a42df560fceb510
        • Instruction ID: 874f4525bcce23588519db1bae26967ac724b05a1bab7a36e22325fb798e6077
        • Opcode Fuzzy Hash: 0fbaafbfb93f19db8e11af9fcbecaff6f9913801fce34fa26a42df560fceb510
        • Instruction Fuzzy Hash: 0121D535A11219EFCF10EFA4EC45B9EB7B8EF05711B00056EFC01A7285DB31A928CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ConvertSidToStringSidW.ADVAPI32($%,002591AD,BB40E64E), ref: 0025F07F
        • LocalFree.KERNEL32(002591AD,002591AD,002591AB,$%,002591AD,BB40E64E), ref: 0025F0AF
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConvertFreeLocalString
        • String ID: $%$$%
        • API String ID: 3201929900-781050705
        • Opcode ID: 4b880b9dc058e87c8557cfe5ba4e8dc3dcad35e02f75695936e966c2c59230fe
        • Instruction ID: d4c78d3cddc7d8c9fc6a0ac73f1d278ba4c1b800c31f4ce3fa7e4674853f3182
        • Opcode Fuzzy Hash: 4b880b9dc058e87c8557cfe5ba4e8dc3dcad35e02f75695936e966c2c59230fe
        • Instruction Fuzzy Hash: 9211B175A1020A9FCB14DF98D901BBFB7B8EF88710F14412EEC16A7780DB756A04CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(ntdll.dll,00000000,?,0044CCA8,?,?,00000000,?,?,?,?,?,?,0025577A,00000000,0044CCA8), ref: 003051E3
        • GetProcAddress.KERNEL32(00000000,NtQueryInformationFile,?,?,?,?,?,?,0025577A,00000000,0044CCA8), ref: 003051F3
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: NtQueryInformationFile$ntdll.dll
        • API String ID: 1646373207-181822193
        • Opcode ID: 48d401165268b220f7f61f21642c0ce6535f82b7627bbf17710303eb90a46c5a
        • Instruction ID: 9c4418159cd9187b38ce12f40878d61c7b8709f87189bf214c5aa62eef7f2b89
        • Opcode Fuzzy Hash: 48d401165268b220f7f61f21642c0ce6535f82b7627bbf17710303eb90a46c5a
        • Instruction Fuzzy Hash: FC01F931F51718ABC710DF65EC45A9AB3BCEF99B10711422AFC05A7182EB706D908B94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegisterEventSourceW.ADVAPI32(00000000,Adobe Acrobat,?,002367EF,00000004,00000000,?), ref: 0023685B
        • GetLastError.KERNEL32(?,002367EF,00000004,00000000,?), ref: 0023686A
        • ReportEventW.ADVAPI32(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,?,002367EF,00000004,00000000,?), ref: 0023688D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Event$ErrorLastRegisterReportSource
        • String ID: Adobe Acrobat
        • API String ID: 3898233400-1360129691
        • Opcode ID: a3fe37a29a864ab9c2798081f5b0f46580053cc4736af9ba485a79ba46ca3115
        • Instruction ID: b540a60d3c44aeb9a85908373de0181c6d9627b667b83372988e031cb3bc1e84
        • Opcode Fuzzy Hash: a3fe37a29a864ab9c2798081f5b0f46580053cc4736af9ba485a79ba46ca3115
        • Instruction Fuzzy Hash: 08F03AB5764286BBDF205FB1BC4C76B3BACBB08754F048034FA05C6512EB35D8308A18
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,00000000,?,0022C469,00000000,00000000,00000002,Comctl32.dll,00000040,?), ref: 0022C57C
        • GetProcAddress.KERNEL32(00000000,FindActCtxSectionStringW,00000000,?,0022C469,00000000,00000000,00000002,Comctl32.dll,00000040,?), ref: 0022C591
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: FindActCtxSectionStringW$Kernel32.dll
        • API String ID: 1646373207-2752986935
        • Opcode ID: dc6d2b10cbb218177addf246793d61371e06ad9b57235d7e42291da8af6d920c
        • Instruction ID: f1944629c198940c7d579ef0ba98fe7d1793f221c9faa4814175198314d8b5f2
        • Opcode Fuzzy Hash: dc6d2b10cbb218177addf246793d61371e06ad9b57235d7e42291da8af6d920c
        • Instruction Fuzzy Hash: B5F06D36614269AB8F219FE1BC04A5E3B68EF45BA0300443AFD04A6221D731DD30DB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,00000000,?,0022C1E0,00000000,?,0022C115,00000000), ref: 0022C51C
        • GetProcAddress.KERNEL32(00000000,ActivateActCtx,00000000,?,0022C1E0,00000000,?,0022C115,00000000), ref: 0022C531
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: ActivateActCtx$Kernel32.dll
        • API String ID: 1646373207-1680618737
        • Opcode ID: bd9a59590e0901c2e7d129e028f7333f872f6575758ed790dec6ef4f28193fde
        • Instruction ID: c7357aeaef7c12d739d2a9304afb5d5a449b3883ade254db0d806c9cf6e59278
        • Opcode Fuzzy Hash: bd9a59590e0901c2e7d129e028f7333f872f6575758ed790dec6ef4f28193fde
        • Instruction Fuzzy Hash: F0F0E232754231AB8B306FE4BC4461E7B98FB01BB0340443AFC04EB620C670DE21C788
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,00000000,?,0022C190,00000000,00000000,0022C13A), ref: 0022C5EC
        • GetProcAddress.KERNEL32(00000000,DeactivateActCtx,00000000,?,0022C190,00000000,00000000,0022C13A), ref: 0022C601
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: DeactivateActCtx$Kernel32.dll
        • API String ID: 1646373207-3029746753
        • Opcode ID: 0aa51032853045db4223ec6fe567360ee9fde5e87c40dc908c5cc0c97f0762d9
        • Instruction ID: e1d1335fef39e1413c4d70656535331dbe34bc1258e814c661bb3a34b6bc22a1
        • Opcode Fuzzy Hash: 0aa51032853045db4223ec6fe567360ee9fde5e87c40dc908c5cc0c97f0762d9
        • Instruction Fuzzy Hash: ECF0BE31B54221AB8B206FE0BC44B2E7B9CFB51BB1310443AEC04EB720DA708D20D798
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(AppVEntSubsystems32.dll,00000002,00238A4D), ref: 0023A047
        • GetModuleHandleW.KERNEL32(AppVEntSubsystems64.dll), ref: 0023A056
        Strings
        • AppVEntSubsystems64.dll, xrefs: 0023A051
        • AppVEntSubsystems32.dll, xrefs: 0023A042
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: HandleModule
        • String ID: AppVEntSubsystems32.dll$AppVEntSubsystems64.dll
        • API String ID: 4139908857-796223782
        • Opcode ID: 3c629f04a759e88c5a30e938c99190e48e7f1f69e695c09f9590972d07d50c87
        • Instruction ID: 67e21b780286413467723029fc37cead4bd3cd6acbc0c74de8dab90294adcb61
        • Opcode Fuzzy Hash: 3c629f04a759e88c5a30e938c99190e48e7f1f69e695c09f9590972d07d50c87
        • Instruction Fuzzy Hash: 70F022343302334AEF286F34AC2832723E0AB52756F50007CD8C6D2250EE288881C6DA
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000018), ref: 00278E18
        • EnterCriticalSection.KERNEL32(00000001), ref: 00278E28
        • LeaveCriticalSection.KERNEL32(00000001), ref: 00278E39
        • EnterCriticalSection.KERNEL32(00000001), ref: 00278E53
        • LeaveCriticalSection.KERNEL32(00000001), ref: 00278E64
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave$Concurrency::cancel_current_taskInitialize
        • String ID:
        • API String ID: 3507388499-0
        • Opcode ID: 129004e7e7e1ee714cb5d6a1a738a5a452c18bb567911d8fc8c19831b9349d78
        • Instruction ID: 630c9b73ba2193758e7d6f4ffc37eba734ab232880a9718cf8ba5c7bc8a03de0
        • Opcode Fuzzy Hash: 129004e7e7e1ee714cb5d6a1a738a5a452c18bb567911d8fc8c19831b9349d78
        • Instruction Fuzzy Hash: 73227030C14B85DBE302CF28C945BA9B770BB69308F05E75AE94826563EBB476F4C785
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000010,BB40E64E,00000000,?,00000000,00000000,0042A753,000000FF,?,0027B09A), ref: 0027B186
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,0027B09A), ref: 0027B194
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,0027B09A), ref: 0027B1A5
        • CreateThread.KERNEL32(00000000,00000000,002895D0,00000000,00000000,0000004C,?,0027B09A), ref: 0027B1BE
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Create$Event$Concurrency::cancel_current_taskCriticalInitializeSectionThread
        • String ID:
        • API String ID: 3451905441-0
        • Opcode ID: 72d0d64649423439896fd59e3ef28959b0ce6301df4400f5ad6e21c13127fe9e
        • Instruction ID: 35e2ad1c2602bebd7a8c1ae0977f72e38de30024fb161fb72db94d066b8a3f6f
        • Opcode Fuzzy Hash: 72d0d64649423439896fd59e3ef28959b0ce6301df4400f5ad6e21c13127fe9e
        • Instruction Fuzzy Hash: 4B32FF31C18F859BD3028F29DA51AB4B320BF69314F55EB99DA5826423FF70B6E4C744
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _strrchr
        • String ID:
        • API String ID: 3213747228-0
        • Opcode ID: ad84ff7bc713654d13329fb2597b2ca665ff160e8a4975228cafcaa0d3bb9fab
        • Instruction ID: d1a9b76cf88ed209b5095663f1f7c86104190d8703c30a193532e01629c3b3e0
        • Opcode Fuzzy Hash: ad84ff7bc713654d13329fb2597b2ca665ff160e8a4975228cafcaa0d3bb9fab
        • Instruction Fuzzy Hash: 81B10472A00245DFDB11DF68C8817AEBBE5EF55340F24827BE855BB381D6389D01CB69
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • CreateFileW.KERNEL32(?,00000000,00000007,00000000,00000003,02110000,00000000,00000000,?,?,?,?,?,?,?,00000002), ref: 00255729
        • GetLastError.KERNEL32(?,?,?,?,?,?,00000002,00425C50,?,?,?,?,00426D98), ref: 0025573A
        • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,00000002,00425C50,?,?,?,?,00426D98), ref: 00255752
        • GetFileType.KERNEL32(00000000,?,?,?,?,?,?,00000002,00425C50,?,?,?,?,00426D98), ref: 00255764
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorFileLast$CreateType
        • String ID:
        • API String ID: 1501228819-0
        • Opcode ID: 8b675a1b2be936422ee2e5f6fca5fc1935106356fcd230e48574ee9104efdc51
        • Instruction ID: 9986d50a8d86da4467d0743dd90c6bd58f94719657f79bc3f9e0dc021a5ef4ce
        • Opcode Fuzzy Hash: 8b675a1b2be936422ee2e5f6fca5fc1935106356fcd230e48574ee9104efdc51
        • Instruction Fuzzy Hash: 27A1F471D20669DBCF20DF94C8A1BEDB7B8AF14312F584129EC12A7281D770AD5DCBA4
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(0023FA14,00000000,?,00267304), ref: 0027689F
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000101,00485A38,00000101,00485A90,00000101,004859E0,00000101,00485988,00000101,00485930,00000101,004858D8), ref: 00276AE7
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00267304), ref: 00276AF8
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        • CreateThread.KERNEL32(00000000,00000000,0028BA50,?,00000000,00000000,?,00267304), ref: 00276B11
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Create$Event$Concurrency::cancel_current_taskCriticalInitializeSectionThread
        • String ID:
        • API String ID: 3451905441-0
        • Opcode ID: 68dde5bd6afc185022e4e6e8f332504cd765d47713e1f371a214e85a4034f41c
        • Instruction ID: 9fa810e829cf3eb62627c02e6106ecf93d785bf397d1ef7efc808d7a0e1369dc
        • Opcode Fuzzy Hash: 68dde5bd6afc185022e4e6e8f332504cd765d47713e1f371a214e85a4034f41c
        • Instruction Fuzzy Hash: 61A17271C14F86DBD302CF28D981BA5B370FB69314F11E759E94866522EBB0B6E4C784
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000000,?), ref: 00272B5F
        • LeaveCriticalSection.KERNEL32(00000000), ref: 00272B6D
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: Global\$Local\
        • API String ID: 3168844106-639276846
        • Opcode ID: 45f9a429abea81c94b6b75bdc11da050b9facb6570d11b13db3b57375828d4bd
        • Instruction ID: 0cff1f6290d9dba7e8bf7fa07f64e1615d9044ff36071ade8f26588ba1b98dcf
        • Opcode Fuzzy Hash: 45f9a429abea81c94b6b75bdc11da050b9facb6570d11b13db3b57375828d4bd
        • Instruction Fuzzy Hash: F171DE71D10248DFDF21CFA4C884BEEBBB4FF49304F24815AE419AB291C7746A58CB61
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • InitializeCriticalSection.KERNEL32(00000054,00000000,00267C93), ref: 0027D242
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,0048B710,?,0048B6B8,?,0048B660,?,0048B608,?,0048B5B0), ref: 0027D434
        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0027D445
        • CreateThread.KERNEL32(00000000,00000000,00289160,00000000,00000000,00000028), ref: 0027D45E
          • Part of subcall function 00240A20: Concurrency::cancel_current_task.LIBCPMT ref: 00240C13
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Create$Event$Concurrency::cancel_current_taskCriticalInitializeSectionThread
        • String ID:
        • API String ID: 3451905441-0
        • Opcode ID: 8a9c16ce8f56ec2c2fba4e3915721de68fdfc7c5b0976a1b34b5fa9efa634043
        • Instruction ID: b56802edc1c2ee632cefbf9d68313bc387c543bf969237d2853270ce95250bce
        • Opcode Fuzzy Hash: 8a9c16ce8f56ec2c2fba4e3915721de68fdfc7c5b0976a1b34b5fa9efa634043
        • Instruction Fuzzy Hash: F9914A70C14B85ABE302CF28D941BA5B370FF69304F15E759E94866562FBB0B2E4CB84
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000000), ref: 002705E4
        • LeaveCriticalSection.KERNEL32(00000000), ref: 002705F5
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID: Serotek*$_fCanRegisterWithShellService*
        • API String ID: 3168844106-732614726
        • Opcode ID: e3b9349ca0fea55cd8f21d7f63c1d1bbd79d9c2b36719ccbb5d449d16623a466
        • Instruction ID: 7fd5977228e87baca62013fb8e00e76e9a52ea74d29527baf6f4fff887c1b1ee
        • Opcode Fuzzy Hash: e3b9349ca0fea55cd8f21d7f63c1d1bbd79d9c2b36719ccbb5d449d16623a466
        • Instruction Fuzzy Hash: B3711B70D14298DEDB11CFA8C8887DDBFB1AF56308F1481DAD5497B282C7B91988CF95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000001), ref: 0023F974
        • LeaveCriticalSection.KERNEL32(00000001), ref: 0023F982
        • InitializeCriticalSection.KERNEL32(00000004), ref: 0023F9DC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterInitializeLeave
        • String ID: unknown
        • API String ID: 3991485460-2904991687
        • Opcode ID: 3141cda66b266d076e9ad47445ed5fe58d62c4193119b32b13e3b8643ac4beb0
        • Instruction ID: ad2dccae567074d41ce8f67a5003e7a0f676eb9eefd14c3342b6d5728fffcccf
        • Opcode Fuzzy Hash: 3141cda66b266d076e9ad47445ed5fe58d62c4193119b32b13e3b8643ac4beb0
        • Instruction Fuzzy Hash: B16168B0A05B46EFE744DF64D55879AFBF4BF05308F108269D4188B781CBBAA528CBD1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • _free.LIBCMT ref: 004025EC
        • _free.LIBCMT ref: 00402615
        • SetEndOfFile.KERNEL32(00000000,00417369,00000000,0040E1BA,?,?,?,?,?,?,?,00417369,0040E1BA,00000000), ref: 00402647
        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00417369,0040E1BA,00000000,?,?,?,?,00000000,?), ref: 00402663
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$ErrorFileLast
        • String ID:
        • API String ID: 1547350101-0
        • Opcode ID: b5e236a2790f79136381b97c57bf0783df7bf8861207347f4b5bd4e6902e405e
        • Instruction ID: 27bef3414381b09bd0a364bea3dac7a75909ca4bf2c2148b054faba8c4858dcd
        • Opcode Fuzzy Hash: b5e236a2790f79136381b97c57bf0783df7bf8861207347f4b5bd4e6902e405e
        • Instruction Fuzzy Hash: 4C414672910600EBCB21BBB9DE5AB8F3765AF44324F240636F810F72D1E6B9C8514B2C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WaitForSingleObject.KERNEL32(?,00001388), ref: 002AD153
        • GetExitCodeProcess.KERNEL32(?,00000000), ref: 002AD15F
        • TerminateProcess.KERNEL32(?,00000000), ref: 002AD176
        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002AD180
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ObjectProcessSingleWait$CodeExitTerminate
        • String ID:
        • API String ID: 2953097262-0
        • Opcode ID: 2b861e81932abf9bab28fa5d77231b5dbece55dbe4ff323187c26fa66c220600
        • Instruction ID: 1524bda6a0e4efef355c3dec57df6cda6b72bca7e40e89860ec65ce4d8f18bdd
        • Opcode Fuzzy Hash: 2b861e81932abf9bab28fa5d77231b5dbece55dbe4ff323187c26fa66c220600
        • Instruction Fuzzy Hash: D341C0B0510705ABEB30AF64D906B5EB7F4AF42310F140728E86693AD2EB75E928CB51
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000005,00000000,BB40E64E,?,00000000,00000001,00000001,00427C60,000000FF,?,00235367), ref: 002ACC30
        • WaitForSingleObject.KERNEL32(?,00001388,?,00235367), ref: 002ACC3E
        • TerminateThread.KERNEL32(?,00000000,?,00235367), ref: 002ACC50
        • WaitForSingleObject.KERNEL32(?,000000FF,?,00235367), ref: 002ACC5B
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ObjectSingleWait$CompletionPostQueuedStatusTerminateThread
        • String ID:
        • API String ID: 2789900029-0
        • Opcode ID: 2fa6edef62396b600e16ac8b50e9b2108f3aa60b39166b522dc2c4611e7a3c09
        • Instruction ID: e385d95fccfd58ffd81bfd84abc5eaff57e89a30dfc142aa91c2e4b47780cfd8
        • Opcode Fuzzy Hash: 2fa6edef62396b600e16ac8b50e9b2108f3aa60b39166b522dc2c4611e7a3c09
        • Instruction Fuzzy Hash: 6D41A2B1610A06BBDB109F64DE85B19F7A5FF06324F208325E82987AD0DB75E834CB94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(80000002,BB40E64E,00000000,00020019,00000000,?,00000002,?), ref: 00241C41
        • RegQueryValueExW.ADVAPI32(00000000,0000002B,00000000,00000000,?,0000020A), ref: 00241C76
        • PathAppendW.SHLWAPI(?,?), ref: 00241C9A
        • RegCloseKey.ADVAPI32(00000000), ref: 00241CB1
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AppendCloseOpenPathQueryValue
        • String ID:
        • API String ID: 1876303571-0
        • Opcode ID: 53762616d377ab75ad8b552da384e9e153ac6df4e3a18ded39109b1953544baa
        • Instruction ID: 9e44144414f8afa7ac99e343185019b021865acd64b1d6d6819629367541c27a
        • Opcode Fuzzy Hash: 53762616d377ab75ad8b552da384e9e153ac6df4e3a18ded39109b1953544baa
        • Instruction Fuzzy Hash: 4A31D331A5021CABDF20CF54DCC8BDAB7B9AF14304F0001EAE908A7181D7709EA4CFA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • RegOpenKeyExW.ADVAPI32(00000000,BB40E64E,00000000,00000000,?,?,?,00000000,BB40E64E,00000000,00000001,00273BAA,?,BB40E64E,00000000,00000001), ref: 002743B8
        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 002743D8
        • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 002743E4
        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,00000104,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0027441E
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CloseEnumInfoOpenQuery
        • String ID:
        • API String ID: 1014704025-0
        • Opcode ID: 0cc9d1e8212dd2c46d8729c06d2d4c16acb906f3c82472329792bf3cc1f8f3e8
        • Instruction ID: 37afdc34c9f388413a378a1eab7174c65152aa0a19448d45769c67bcb40c122b
        • Opcode Fuzzy Hash: 0cc9d1e8212dd2c46d8729c06d2d4c16acb906f3c82472329792bf3cc1f8f3e8
        • Instruction Fuzzy Hash: EF210D7961021ABFE710DF55DC45FABB7B8FF49701F208169B909E7280DB70A9209B64
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32(-00000004,?,?,00234E2B,00224FF6,?,?,0040A01E), ref: 002245EA
        • _free.LIBCMT ref: 00224647
        • _free.LIBCMT ref: 0022467D
        • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,00234E2B,00224FF6,?,?,0040A01E), ref: 00224688
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast_free
        • String ID:
        • API String ID: 2283115069-0
        • Opcode ID: a7908dd2e9903708e922184905c26dfbd89dd5c81bdb7ed79f578597821585b6
        • Instruction ID: 3fe7f12f5a3d6b9a34390f2a4df65319fe863dd9b0626d947c110d75cf3eebfa
        • Opcode Fuzzy Hash: a7908dd2e9903708e922184905c26dfbd89dd5c81bdb7ed79f578597821585b6
        • Instruction Fuzzy Hash: F5114C322342227ED7203BF47CC1E3A325EABC7B75B250236F128921E1DE618C318924
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetKernelObjectSecurity.ADVAPI32(00000000,00263281,00000000,00000000,00000000,00000000,00000000,?,00263281), ref: 00236C51
        • GetLastError.KERNEL32(?,00263281), ref: 00236C57
        • GetKernelObjectSecurity.ADVAPI32(00000000,00263281,00000000,00000000,00000000,00000000,?,?,00263281), ref: 00236C87
        • GetLastError.KERNEL32(?,00263281), ref: 00236C91
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorKernelLastObjectSecurity
        • String ID:
        • API String ID: 617647591-0
        • Opcode ID: d42b652c19b379ecba3bc0ba7f9011acc192d9779c4d6e8b2f726111ea8902a4
        • Instruction ID: 225d33fe236ee73e16f25ed58dded1cf5e75416da3ab0926f2ddeeffa02a2158
        • Opcode Fuzzy Hash: d42b652c19b379ecba3bc0ba7f9011acc192d9779c4d6e8b2f726111ea8902a4
        • Instruction Fuzzy Hash: C111FB75A10118FBCB00DFA4DC85BEEBBB9EF09310F1045A9F90596251DB316A249B94
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 00234BCE
        • VerSetConditionMask.KERNEL32(00000000), ref: 00234BD6
        • VerSetConditionMask.KERNEL32(00000000), ref: 00234BDE
        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 00234C0B
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConditionMask$InfoVerifyVersion
        • String ID:
        • API String ID: 2793162063-0
        • Opcode ID: bc746991a4e5875679418ebdda75b85b528a98f7bda086ea64224972b5d85724
        • Instruction ID: e9e56bf76dc5149dc788862b26f74af711d01eeae583980899fce5af0c1a9923
        • Opcode Fuzzy Hash: bc746991a4e5875679418ebdda75b85b528a98f7bda086ea64224972b5d85724
        • Instruction Fuzzy Hash: 13110374A4031CBADB65DFA4DC56BEE77BCEF48B00F004199BA09E6281D7B44B948F54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000020,00000003), ref: 0023D3BE
        • VerSetConditionMask.KERNEL32(00000000), ref: 0023D3C6
        • VerSetConditionMask.KERNEL32(00000000), ref: 0023D3CE
        • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 0023D3F9
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConditionMask$InfoVerifyVersion
        • String ID:
        • API String ID: 2793162063-0
        • Opcode ID: b015292d3b77b2a6cd2b80d55206daddafec80fdbdaf5f26902136f56447a2f1
        • Instruction ID: d1c6473f7ca5024aa8da7c8168b3a6605110efd7a0ce82fd29b3aeef2f891788
        • Opcode Fuzzy Hash: b015292d3b77b2a6cd2b80d55206daddafec80fdbdaf5f26902136f56447a2f1
        • Instruction Fuzzy Hash: 5A111674A4030CBAEB659F60DC0ABEA77BCEB48B00F004199B909E61C1D7B54B548F54
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • WriteConsoleW.KERNEL32(00000000,?,00417369,00000000,00000000,?,0040E9AF,00000000,00000001,00000000,0040E1BA,?,003FFDC1,?,?,0040E1BA), ref: 00417617
        • GetLastError.KERNEL32(?,0040E9AF,00000000,00000001,00000000,0040E1BA,?,003FFDC1,?,?,0040E1BA,?,0040E1BA,?,00400315,004025C5), ref: 00417623
          • Part of subcall function 00240C30: CloseHandle.KERNEL32(FFFFFFFE,00417633,?,0040E9AF,00000000,00000001,00000000,0040E1BA,?,003FFDC1,?,?,0040E1BA,?,0040E1BA), ref: 00240C40
        • ___initconout.LIBCMT ref: 00417633
          • Part of subcall function 004175C2: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004175F1,0040E99C,0040E1BA,?,003FFDC1,?,?,0040E1BA,?), ref: 004175D5
        • WriteConsoleW.KERNEL32(00000000,?,00417369,00000000,?,0040E9AF,00000000,00000001,00000000,0040E1BA,?,003FFDC1,?,?,0040E1BA,?), ref: 00417648
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
        • String ID:
        • API String ID: 2744216297-0
        • Opcode ID: 5e41c60d8c4a39f799a1628d844b462a4fe48fc72ba62168a6c1565196345381
        • Instruction ID: 6c0ec864ae0fdf62a47913490724ffed72bde72335539d1e5232bef264ed8d45
        • Opcode Fuzzy Hash: 5e41c60d8c4a39f799a1628d844b462a4fe48fc72ba62168a6c1565196345381
        • Instruction Fuzzy Hash: 4EF01C36501118BBCF221FD5DC04A9A3F66FF493A0B004022FE0995121C7328860AB98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00240090
        • GetCurrentProcessId.KERNEL32 ref: 0024009A
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Process$CurrentThreadWindow
        • String ID: J
        • API String ID: 977976285-1141589763
        • Opcode ID: 391a2849590c22cede2a812db5344b615535f4120376323a08c3e19c1374b4eb
        • Instruction ID: c8e22994587a81da4f66052cefb7e24183f52cf9a7e3848834f0c6d98d8c457b
        • Opcode Fuzzy Hash: 391a2849590c22cede2a812db5344b615535f4120376323a08c3e19c1374b4eb
        • Instruction Fuzzy Hash: CC819EB1A1021A9FDF15DF94C885BAEBBB8FF08710F144119EA09BB281D7749964CFA0
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
          • Part of subcall function 002260A5: HeapAlloc.KERNEL32(00000000,00000000,00000000,?,002273C3,00000000,00000000,00000000,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E), ref: 002260D7
        • _free.LIBCMT ref: 0040B510
        • _free.LIBCMT ref: 0040B527
        • _free.LIBCMT ref: 0040B544
        • _free.LIBCMT ref: 0040B55F
        • _free.LIBCMT ref: 0040B576
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: _free$AllocHeap
        • String ID: gI
        • API String ID: 1835388192-3247280328
        • Opcode ID: 095d4fa2dfe66b525723726da714437762e49dbd11a8a97743586eb05d7f1c12
        • Instruction ID: 94fc08292c057e112058e6bf5d35f49eca7f4ad39adf826ecb4faa574af3dd4f
        • Opcode Fuzzy Hash: 095d4fa2dfe66b525723726da714437762e49dbd11a8a97743586eb05d7f1c12
        • Instruction Fuzzy Hash: 6E51D132A00209AFDB10EF65DC81BAA77B4EF54718F1445BAE905E7391E739DA10CB88
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetCPInfo.KERNEL32(0000FDE9,?,?,?,00000000), ref: 004123F2
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Info
        • String ID: $a"
        • API String ID: 1807457897-1165613377
        • Opcode ID: ac3f894c98442c95235eeb25fcc07437ef09cf045d22220dc3fbd3479cbd9f26
        • Instruction ID: bd57c778631b05e86dfa067fa68956d74d9252b2a17217af45d961209ace4309
        • Opcode Fuzzy Hash: ac3f894c98442c95235eeb25fcc07437ef09cf045d22220dc3fbd3479cbd9f26
        • Instruction Fuzzy Hash: 4A417E70104258AFDB218B58CE84BFB7BFDEB55304F2404AEE58AC7143D2B89D95DB24
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,00425170,000000FF), ref: 0023A84F
        • LocalFree.KERNEL32(00000000,00000001,00000000,00000000), ref: 0023A8DC
        Strings
        • O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW), xrefs: 0023A7EF
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: DescriptorSecurity$ConvertFreeLocalString
        • String ID: O:COG:COD:(A;;0x3;;;SY)(A;;0x3;;;LA)(A;;0x3;;;LS)(A;;0x3;;;PS)(A;;0x3;;;BU)(A;;0x3;;;AC)S:(ML;;NX;;;LW)
        • API String ID: 3326902457-3696281844
        • Opcode ID: 91e7f5069f6db7b5078393422c739fdbbe71300d924185b37f4ce25935966a82
        • Instruction ID: 1b61896fa92e0b597e2cd73040d5f60432fe44737d583d69ef16f4d8557a349d
        • Opcode Fuzzy Hash: 91e7f5069f6db7b5078393422c739fdbbe71300d924185b37f4ce25935966a82
        • Instruction Fuzzy Hash: 6C413BB1D11209EFCB04DFA8D945BAEBBF8FF48310F10416AE805A7390E7759A54CBA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,0000FDE9), ref: 002264DB
        • __freea.LIBCMT ref: 002264E4
          • Part of subcall function 002260A5: HeapAlloc.KERNEL32(00000000,00000000,00000000,?,002273C3,00000000,00000000,00000000,?,?,0024DD0D,?,00000001,?,0024D131,BB40E64E), ref: 002260D7
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AllocHeapStringType__freea
        • String ID: a"
        • API String ID: 2523373117-1303875486
        • Opcode ID: 668ae7e1fad39f1667f930b7a1bfe6ca999847aa385b1b6e060713cfa7431ae9
        • Instruction ID: 324ef084604e819de668d1a1725c34eba2d06bc76e7988db21d699ae8703f613
        • Opcode Fuzzy Hash: 668ae7e1fad39f1667f930b7a1bfe6ca999847aa385b1b6e060713cfa7431ae9
        • Instruction Fuzzy Hash: 5531C17292022ABBDF31AFA4EC49EAF7BA9EF44324F044125F80497251D735CD61DB90
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetExitCodeProcess.KERNEL32(00000000,?,BB40E64E,?,?,00000000), ref: 002ACA42
        Strings
        • D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp, xrefs: 002ACA75
        • Exit Code:, xrefs: 002ACA90
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CodeExitProcess
        • String ID: D:\B\T\Acrobat\Viewer\win\EXEs\ViewerExe\ChromeSandboxLaunch.cpp$Exit Code:
        • API String ID: 3861947596-2443701703
        • Opcode ID: efc2c326a538c8c0bcb0ae48e9bfea6db8eb731161b51b007f602bf5c10b5726
        • Instruction ID: d50155080bf5e27eed33fb691cd29bbfd8e5a06bb26afdb449d46f7724de6757
        • Opcode Fuzzy Hash: efc2c326a538c8c0bcb0ae48e9bfea6db8eb731161b51b007f602bf5c10b5726
        • Instruction Fuzzy Hash: F621C571E10219ABDB14EFA4DD42BBEB3A8EB05700F10013ABD05BB2C2DF759D148BA5
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __Init_thread_header.LIBCMT ref: 00233878
        • __Init_thread_footer.LIBCMT ref: 002338DE
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Init_thread_footerInit_thread_header
        • String ID: launchCEFInLowIntegrity
        • API String ID: 4092853384-4176966503
        • Opcode ID: b5876584d79768a0fadca809588d677f99694daf4305dc803f40257c8d36f96f
        • Instruction ID: a809c2d70308c31e26b3202e2fcd27d49a8001c9453685f182a5b8411d04bb91
        • Opcode Fuzzy Hash: b5876584d79768a0fadca809588d677f99694daf4305dc803f40257c8d36f96f
        • Instruction Fuzzy Hash: 6011E6B5910295BBDB10DB54DD41F79B3A4F714700F6006AEF915872C2EBB46A108B59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • SetLastError.KERNEL32(0000000D,?,003C78DF,?,004E7D10,002DBC60,00000000,?,002E6437,004E7D0C,002DBC60,004E7D10,?,0024DD0D,?,00000001), ref: 003CA365
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast
        • String ID: ios_base::failbit set
        • API String ID: 1452528299-3924258884
        • Opcode ID: 3c6c3201261bf7a4a94b5bd0ed8e1ae48fa1881b6601880aa1017142c50b2afd
        • Instruction ID: 0b9e311d06fdd6940f0f132c49d92eb6d4ed986f43ff7386d872bafb409504d3
        • Opcode Fuzzy Hash: 3c6c3201261bf7a4a94b5bd0ed8e1ae48fa1881b6601880aa1017142c50b2afd
        • Instruction Fuzzy Hash: 5111C23A305159AFCF235F64DC54BAEBB69BF49718B01403CF905D6210C7709C1197D1
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetProcAddress.KERNEL32(00000000,DeriveAppContainerSidFromAppContainerName,002591AD,0025EBFC,Adobe.AcrobatReaderDC.ProtectedMode), ref: 00305106
        Strings
        • DeriveAppContainerSidFromAppContainerName, xrefs: 00305100
        • userenv.dll, xrefs: 003050EF
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressProc
        • String ID: DeriveAppContainerSidFromAppContainerName$userenv.dll
        • API String ID: 190572456-1961432345
        • Opcode ID: be06a439171d732953c78cc76f00cde9d476db1ac4794dc336f74acd43f8a8e9
        • Instruction ID: 56ee7509f0b49ca002bc14930bc63342f44f2697551516ff43e3a3fb967d4ef3
        • Opcode Fuzzy Hash: be06a439171d732953c78cc76f00cde9d476db1ac4794dc336f74acd43f8a8e9
        • Instruction Fuzzy Hash: E4012431F02108ABCB14EFA8EC21BBEB7E8DF84711F01016AEC0693280EF359D058A95
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,00000000,?,?), ref: 00259067
        • GetProcAddress.KERNEL32(?,?,?,?,00000000,?,?), ref: 002590AC
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: ntdll.dll
        • API String ID: 1646373207-2227199552
        • Opcode ID: b65299e18d11a748728c3eb9ca22daf20942940b722be8d503c7f03cc054624e
        • Instruction ID: ff857fc421e51ee36381f711fd88a54e8a4980f30c43810989cb1431c37e69a9
        • Opcode Fuzzy Hash: b65299e18d11a748728c3eb9ca22daf20942940b722be8d503c7f03cc054624e
        • Instruction Fuzzy Hash: 9E019230A10209EFCB20EFA5E84875E77F4EB48312F204479ED0687281EB755D58CF98
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • __Init_thread_header.LIBCMT ref: 00237528
        • __Init_thread_footer.LIBCMT ref: 0023756C
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: Init_thread_footerInit_thread_header
        • String ID: &r#
        • API String ID: 4092853384-2096073030
        • Opcode ID: 1f952b71fafc8ae6387587c933f78faea829f406c1281802c0969a1a6b299214
        • Instruction ID: de4aad82c3685a1fee6d850a0ca102bacc6c6a9b1f06846d5d33c9b7cdc76e11
        • Opcode Fuzzy Hash: 1f952b71fafc8ae6387587c933f78faea829f406c1281802c0969a1a6b299214
        • Instruction Fuzzy Hash: 1511A5F1A28684DBDF24CF64EC41B59B3A1E708710F50427EED1A877C1DB799910CA59
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • IsWow64Process.KERNEL32(G&,G&), ref: 0026FCBF
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ProcessWow64
        • String ID: G&$G&
        • API String ID: 2092917072-2445825490
        • Opcode ID: b6e74b8660c59d6674a282cfa0cc7bd0f48de399dd024639f90a11097903cad3
        • Instruction ID: daf819325cbb11aa394149754e9ae12d3edc470c17ac4cb0be4f20987a6b927a
        • Opcode Fuzzy Hash: b6e74b8660c59d6674a282cfa0cc7bd0f48de399dd024639f90a11097903cad3
        • Instruction Fuzzy Hash: 95F01C30A1010DEFCB44DFF8E94676DB7F8EB08305F4141A9E80AD7281EA315A689B40
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,0022C2FD,GetModuleHandleExW), ref: 0022C4D1
        • GetProcAddress.KERNEL32(00000000,0022C2FD,?,0022C2FD,GetModuleHandleExW), ref: 0022C4E4
        Strings
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: AddressHandleModuleProc
        • String ID: Kernel32.dll
        • API String ID: 1646373207-1926710522
        • Opcode ID: 61978c5811b96d75c36c5df69cda015041138a453409387fdf47455769e976ee
        • Instruction ID: 97ef0615b98dc4af967fb2b1f8cfd215951f56539d03813857689941932097e3
        • Opcode Fuzzy Hash: 61978c5811b96d75c36c5df69cda015041138a453409387fdf47455769e976ee
        • Instruction Fuzzy Hash: 87D05EB5314245AB9B20AFF0BC08B2B77ECAB54F50300843AFD04C6811EA30E820E66C
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • GetLastError.KERNEL32(BB40E64E,00000000,?,0043181B,?), ref: 002647FD
        • SetLastError.KERNEL32(?), ref: 00264839
        • GetLastError.KERNEL32(BB40E64E,00000000,?,0043181B,?), ref: 00264847
        • SetLastError.KERNEL32(?), ref: 00264887
          • Part of subcall function 00237170: GetHandleVerifier.ACROBAT(00000000,?,?,00263311,?), ref: 00237175
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: ErrorLast$HandleVerifier
        • String ID:
        • API String ID: 3358238510-0
        • Opcode ID: 91031fb6d6a0dbe97f0266c0274fc47c45c7afef09de3a500fcf929ec10244bb
        • Instruction ID: 11abf63079757b75fc3caaa43e99d16e9b4fbc697103b25242c2d78914b6fac7
        • Opcode Fuzzy Hash: 91031fb6d6a0dbe97f0266c0274fc47c45c7afef09de3a500fcf929ec10244bb
        • Instruction Fuzzy Hash: 5B41CBB55106429FDB31EF68C94571AFBF4FF41724F10862DE8AA83690E731E8A0CB81
        Uniqueness

        Uniqueness Score: -1.00%

        APIs
        • EnterCriticalSection.KERNEL32(00000002,BB40E64E,00425C50,?,00425C50,2AAAAAAB,00426D60,000000FF,?,00253ECA,?,BB40E64E,?,00000002), ref: 0025531F
        • LeaveCriticalSection.KERNEL32(00000002,?,00425C50,2AAAAAAB,00426D60,000000FF,?,00253ECA,?,BB40E64E,?), ref: 00255330
        • EnterCriticalSection.KERNEL32(00000002,?,00425C50,2AAAAAAB,00426D60,000000FF,?,00253ECA,?,BB40E64E,?), ref: 0025534B
        • LeaveCriticalSection.KERNEL32(00000002,?,00425C50,2AAAAAAB,00426D60,000000FF,?,00253ECA,?,BB40E64E,?), ref: 0025535C
        Memory Dump Source
        • Source File: 00000000.00000002.298560481.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
        • Associated: 00000000.00000002.298555864.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299047947.0000000000444000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299126316.00000000004DA000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299135612.00000000004ED000.00000008.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299139252.00000000004EE000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299154230.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299228512.0000000000563000.00000002.00000001.01000000.00000003.sdmpDownload File
        • Associated: 00000000.00000002.299264606.00000000005A2000.00000002.00000001.01000000.00000003.sdmpDownload File
        Joe Sandbox IDA Plugin
        • Snapshot File: hcaresult_0_2_220000_Acrobat.jbxd
        Similarity
        • API ID: CriticalSection$EnterLeave
        • String ID:
        • API String ID: 3168844106-0
        • Opcode ID: 9f3c50f580d3443ceccb8068e4eccf6f5db08526e0f07d3617479591513f9872
        • Instruction ID: 6e226ebb371742740d3b967616d129cba5ba8820cd6d6cff38950161b2441479
        • Opcode Fuzzy Hash: 9f3c50f580d3443ceccb8068e4eccf6f5db08526e0f07d3617479591513f9872
        • Instruction Fuzzy Hash: B311C236649A59FFC700CFA5E800BD9FBB8FB4B761F1042A6E91893790C7762905CB94
        Uniqueness

        Uniqueness Score: -1.00%