Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NeatReader Setup 8.1.4.exe

Overview

General Information

Sample name:NeatReader Setup 8.1.4.exe
Analysis ID:1521514
MD5:def17c832c3e8169a69d3e854193f59b
SHA1:9c0a89ea5f757e411b04cd39cae2ee77f1ea3093
SHA256:ccdc54fc8400b225b46216f3172a57433b99e78f3acb7df4ff7d4b7ab56327de
Infos:

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:33
Range:0 - 100

Signatures

Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables security privileges
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • NeatReader Setup 8.1.4.exe (PID: 6304 cmdline: "C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe" MD5: DEF17C832C3E8169A69D3E854193F59B)
  • NeatReader.exe (PID: 5756 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
    • NeatReader.exe (PID: 5932 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\NeatReader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\NeatReader\Crashpad --url=http://localhost:9000 "--annotation=_companyName=Gauzy Tech" "--annotation=_productName=NeatReader Desk App" --annotation=_version=8.1.4 --annotation=prod=Electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dc MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
    • NeatReader.exe (PID: 6516 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2 MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
    • NeatReader.exe (PID: 2652 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8 MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
    • NeatReader.exe (PID: 7260 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1 MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
    • NeatReader.exe (PID: 7420 cmdline: "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1 MD5: C64AD6EB36F7AF719A1DA46A9DAEEC8A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeEXE: C:\Users\user\AppData\Local\neatreader-updater\installer.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeEXE: C:\Users\user\AppData\Local\neatreader-updater\installer.exeJump to behavior
Uses 32bit PE files
Source: NeatReader Setup 8.1.4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates license or readme file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\LICENSE.electron.txtJump to behavior
PE / OLE file has a valid certificate
Source: NeatReader Setup 8.1.4.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: NeatReader Setup 8.1.4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: ffmpeg.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libEGL.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vulkan-1.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1776823382.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1776661234.0000000004C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007655000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb0 source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007655000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdbp" source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vulkan-1.dll.pdb@ source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1776823382.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1776661234.0000000004C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vk_swiftshader.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: M.pdB source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.00000000051D5000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resourcesJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libsJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwinJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-listJump to behavior
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: * **Google Hangouts Video**: http://www.youtube.com/watch?v=I9nDOSGfwZg equals www.youtube.com (Youtube)
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comwikipedia equals www.youtube.com (Youtube)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3016
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682GL_USES_FRAG_COLORGL_USES_FRAG_DATA_SECONDARY_COLORGL_USES_SECONDARGL_USES_F
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3859
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disable_anisotropic_filteringDisable
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11GPU.ANGLE.DisplayIn
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/sfig2.crt0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://certs.starfieldtech.com/repository/1402
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751Disable
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/772651
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfig2s5-0.crl0c
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.starfieldtech.com/sfroot-g2.crl0L
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ejohn.org/blog/javascript-micro-templating/)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://feross.org
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/00e8f7a1b7603aabdb7fb3567f485cb1c2076702)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/0251b38a8405471892c5eeaba7c8d54bd7028214)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/04e07fdc620841068f12b8edf36f27e6592a0a18)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/12960c437cc25c53e682cfe5bff06d74a5bb1eb9)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/130e363856747b487652f04b5550056d7778e43a)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/132c9ee63f92a586a120ed3bd6b7ef023badb8bb)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/2180839eda2cb16edcfda46ccfe24711680af850)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/219bf22237b11bc375e2e110b93db512f1acfdd4)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/23f7f545abfe1fb6499cd61cc8ff41fd86cef4a0)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/287e589ac773d3738b2aa7d40e0b6d43dde5261b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/2c86b10feafd868ebd071dda3a222e6f51972b5d)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/2d1c5981869e0fe6f5bc71b5c5582accfd125cc6)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/2ee32f50b88b383317e33cc0a4bfaa5f2eadead7)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/2f2078bf998bd3f44289ebd17eeccf5e12e4c134)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/325792aee92de0ba6fea306657933fc63dc00474)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/3b23865340cfba075f61f7dba0ea31fcc27260ec)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/422e539e8989e65ba43ecc39ddbaa3c4f755d465)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/48993ade9b0831fbce28d94b3b0963a4b0dccbdd)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/49642428342e5f291eb9d690802e83ed830623b5)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/4dc56f6d04e8f5fe12ba53a8a776653b3d7b60ed)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/4f968298f97394e488297ec32c8e927a3a322076)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/52a673703a87a93c0f6a8552e6bd73caba66d2eb)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/54e8fab3e3d907bbb264caf3e28a24773d0d6fdb)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/5560f729124f022ffed00085aafea43dded7fb03)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/5810f279a4caeda115f39e429c9671795613abf8)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/5afff89eca0efe7081309dc2d123309e825df221)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/62f29eb0c4dee01170a5511615e5bcc9faca26ca)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/71aaa29591d6681f8579486f18d32ba1ee651a5b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/72f325b78edd0dc2aac940a76ce5f644005ce4c3)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/75233d974a30af6e3b8ab38a73e5ede67172fc1c)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/7e46c2058cb5994809eab5f4dbb12f21e937c72b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/817b49830571b45a8aec6b1fc1525434f5798c58)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/88b92b43153f21609aee71d47abcd4dc27a6586d)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/8be5626bbb54e6c899a1b71d22411709126d9fea)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/9146024e1094e8bb871ab15d1b7fc556a710732f)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/99051992a9f45eb0dd79e062681d6f5d366deb41)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/9be858312553002841725b617050aaff3c48951d)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/9c5c58b18363494976185e7ddc790ac63de840ed)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/a007198fa23c19902b1f3ffb81498629e0e9c875)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/a245d18a131341feec4f87659746954e78cae780)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/acb388bc0546b48fca11dce8aa7a595af2cda5e2)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/ad91ce2346cb34e5d5a49d07dd952d15f6c832a3)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b15115b2cbfffe15827cd5e4368267d417b72f08)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b25e79dfb599777a38157bd419395bd28369ee86)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b7bfa7113b8d1af49a57ab767f24a599ed92044f)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b7fc526ea49894f366153bd32997e02568c0b8a6)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b968688afe2c727ae141f50aa983d481dbc1dbbf)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/b9e35469d3bbd0a1ee92e0a815ce2512904d4a18)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/bc81ca9414296234c764b7306a19ba72b2e59b52)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/be7d334778481639294cdf87f5c359a230aeb65b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/cf70dbc6d2ba62bf1eb12b563dd5ecd27af6e2be)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d1d65dd29d7bbaf9ea42eaa5fcb0da3fb4df98e9)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d32623baa7a6273d47be67d587ad4ea0ecffc5de)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d48d88ee17b780c02123e6d657274cab456e943e)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d4bdb5ed9e2fe06ec44698b66c029f624135a0ab)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d7f7f77689e2eaef050686be2bdf3e72881a79ac)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/d9ef60398e88f2c2f958ab2b159d38052ffe7f8a)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/ef5c43bcbcf31819e032c3b7ae7654b7f8e9358b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/f155785e2bb42b5ddf0a8156401c6dafdf57ba8b)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/f75d4455359ecdf30eeb676e2c7f31d4cf7b42ed)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/f90e825da9d505c11b4262c50cd54553f979c300)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/fc93c05f68398f30abc46fd16ae6c673a1eee099)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/koajs/koa/commit/ff70bdc75a30a37f63fc1f7d8cbae3204df3d982)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/node-modules/ylru/commit/475abb0e9c787fd65d7c3dd3d2d74d67560b0bec)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/oozcitak/xmlbuilder-js
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/qix-
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/substack/js-traverse.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/visionmedia/expresso
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jedschmidt.com)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jongleberry.com
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jquery.org/license
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/javascript-array-concat-vs-push/98
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ljharb.codes
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mths.be/fromcodepoint
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000000.1663626184.000000000040A000.00000008.00000001.01000000.00000003.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0;
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0F
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://paul.vorba.ch
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://peter.michaux.ca/articles/lazy-function-definition-pattern)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#mismatch
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/1068308/13216
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://substack.net
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://substack.net)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/LICENSE
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalidsms_fetcherBlink.Sms.Receive.TimeSmsReceiveBlink.Sms.Receive.TimeCancelOnSu
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wonko.com/post/html-escaping)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.another-d-mention.ro/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720531963.0000000006B50000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-tointeger).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1704965260.0000000005D60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#crossDocumentMessages
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/watch?v=I9nDOSGfwZg
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=2070)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=90
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=156034
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://certs.starfieldtech.com/repository/0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/401439).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://css-tricks.com/debouncing-throttling-explained-examples/)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/extensions/sandboxingEval).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en/DOM/window.postMessage
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/17aTgLnjMXIrfjgNaTUnHQO7m3xgzHR2VXBTmi03Qii4/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://es5.github.io/#x13.2.2
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://es5.github.io/#x15.1.2.2)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/3rd-Eden/kuler
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/3rd-Eden/kuler.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/3rd-Eden/text-hex
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/3rd-Eden/text-hex.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/Gauzytech/NeatReaderDeskAppPackager0
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Leonidas-from-XIV/node-xml2js
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Leonidas-from-XIV/node-xml2js.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebReflection/get-own-property-symbols/issues/4
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/YuzuJS/setImmediate#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/YuzuJS/setImmediate.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ZJONSSON/node-unzipper#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ZJONSSON/node-unzipper.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alessioalex/tiny-each-async#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alessioalex/tiny-each-async.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/antelle
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/antelle/node-stream-zip
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/antelle/node-stream-zip.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/antelle/node-stream-zip/blob/master/LICENSE
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bnjmnt4n/lodash-cli.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/toidentifier#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/toidentifier.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/crypto-utils/keygrip#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/crypto-utils/keygrip.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cthackers/adm-zip
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dougwilson/nodejs-depd#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dougwilson/nodejs-depd.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/es-shims/String.prototype.trimEnd#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/es-shims/String.prototype.trimStart#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/es-shims/es5-shim
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/es-shims/es6-shim
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/es-shims/object.getownpropertydescriptors#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/expressjs/vary)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/felixge/node-stack-trace
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/golang/go/blob/master/src/archive/zip/reader.go#L503
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gyson/koa-convert#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gyson/koa-convert.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/hgouveia/node-downloader-helper
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/hgouveia/node-downloader-helper.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/hgouveia/node-downloader-helper/issues)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inspect-js/object-inspect
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inspect-js/which-boxed-primitive#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inspect-js/which-boxed-primitive.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/issues/101)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/issues/102)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/issues/105)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/issues/106
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/issues/99)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/readable-stream/labels/wg-agenda
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/inherits#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minimatch#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/once#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/sax-js#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jashkenas/underscore/pull/1247
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jden/node-listenercount#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/pull/7878
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-jsonfile#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/blob/3.2.1/AUTHORS.txt
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/basic-auth/issues/39
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/http-assert
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/http-errors
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/http-errors#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/http-errors.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/media-typer#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/media-typer.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/mime-db#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/mime-db.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/mime-types#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/mime-types.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/negotiator#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/negotiator.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/on-finished#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/on-finished.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/statuses#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/statuses.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/type-is#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/type-is.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/vary#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jshttp/vary.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose/blob/4e3e96baf58b817d71bd44a8c0d78bb42623aa95/index.js#L36
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose/pull/27
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose/pull/61
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/compose/pull/65
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/json)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa/blob/master/docs/error-handling.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa/blob/master/docs/migration.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa/pull/438).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa/pull/614
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koa/pull/668
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/koajs.com/pull/38.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/send
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/static#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/koajs/static.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/object-keys#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/object.assign#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/object.assign/issues/17
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/unbox-primitive#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/unbox-primitive.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/util.promisify#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/util.promisify.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node-modules/ylru
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b1c8f15c5f169e021f7c46eb7b219de95fe97603/lib/util.js#L201-L230
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v4.4.7/lib/_http_server.js#L486
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3043
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3073
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/readable-stream#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/olado/doT).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pillarjs/parseurl#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pillarjs/parseurl.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pillarjs/resolve-path#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pillarjs/resolve-path.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pvorb/node-md5#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qix-/node-simple-swizzle#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qix-/node-simple-swizzle.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/path-is-absolute#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/path-is-absolute.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/time-zone#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/time-zone.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/ljharb
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/js-traverse#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/minimist
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/node-hashish).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/suryagh/tsscmp#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/suryagh/tsscmp.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/unshiftio/one-time#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/unshiftio/one-time.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vercel/ms#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vercel/ms.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/visionmedia/debug#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/visionmedia/node-only#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wesleytodd/setprototypeof
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wesleytodd/setprototypeof.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/logform#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/logform.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/triple-beam#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/triple-beam.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston-transport#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston/blob/2.x/lib/winston/logger.js#L198-L201
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston/blob/master/UPGRADE-3.0.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/winstonjs/winston/tree/master/UPGRADE-3.0.md
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeit/ms#readme
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeit/ms.git
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/yabPex
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://guides.github.com/activities/contributing-to-open-source/).MIT
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#space-character
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.com
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.com/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.org/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.org/license
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://js.foundation/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/custom-builds).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/icon.svg
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/license
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/ambiguous-ampersands)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Array/reverse).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Array/slice)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isFinite).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isInteger).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isNaN)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Number/isSafeInteger).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Object/assign).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/String/replace).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/String/split).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/clearTimeout).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/isNaN)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/iteration_protocols#iterator).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/rest_parameters).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/round#Examples)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/setTimeout).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/spread_operator).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/toLowerCase).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/toUpperCase).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://monitoring.url.loader.factory.invalid
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://monitoring.url.loader.factory.invalidPermissions
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/he).
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/http.html#http_response_writableended
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/stream.html#stream_readable_pipe_destination_options
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npms.io/search?q=ponyfill.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://openjsf.org/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-48
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-54
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-57
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-59
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-61
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-64
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-75
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/cthackers/adm-zip/master/LICENSE
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://registry.npmjs.org
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sizzlejs.com/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/16254385/undocumented-response-finished-in-node-js
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5148698084376576
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5709390967472128
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillFailRequestDidComm
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portalsPrerenderHost::StartPrerenderingrender_frame_hos
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google./_/chrome/plus.google.cominbox.google.comdrive.google.comServiceWorker.DiskCache.
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb/down?speech_recognition_downstrea
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthsignalToNoiseRatiowifiAcc
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verificati
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/babel-polyfill)
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xivilization.net
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_409e7262-1
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_100010D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_100010D0
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess token adjusted: SecurityJump to behavior
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs NeatReader Setup 8.1.4.exe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs NeatReader Setup 8.1.4.exe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006D57000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ../../base/file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\../../base/files/file_path_watcher_win.ccUpdateWatchDestroyWatchSetupWatchHandleOnObjectSignaled( vs NeatReader Setup 8.1.4.exe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dllb! vs NeatReader Setup 8.1.4.exe
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs NeatReader Setup 8.1.4.exe
Source: NeatReader Setup 8.1.4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean6.winEXE@12/130@0/0
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReaderJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\neatreader-updaterJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeMutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeMutant created: NULL
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeMutant created: \Sessions\1\BaseNamedObjects\bbff271c-caf8-5302-b3c6-6d9ee38f27e3
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsbD873.tmpJump to behavior
Source: NeatReader Setup 8.1.4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007655000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779951010.0000000006F50000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile read: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe "C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe"
Source: unknownProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe"
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\NeatReader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\NeatReader\Crashpad --url=http://localhost:9000 "--annotation=_companyName=Gauzy Tech" "--annotation=_productName=NeatReader Desk App" --annotation=_version=8.1.4 --annotation=prod=Electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dc
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\NeatReader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\NeatReader\Crashpad --url=http://localhost:9000 "--annotation=_companyName=Gauzy Tech" "--annotation=_productName=NeatReader Desk App" --annotation=_version=8.1.4 --annotation=prod=Electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dcJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1Jump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mscms.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msspellcheckingfacility.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mf.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ddraw.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dciman32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: comppkgsup.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mfh264enc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: NeatReader.lnk.0.drLNK file: ..\..\..\..\..\Program Files (x86)\NeatReader\NeatReader.exe
Source: NeatReader.lnk0.0.drLNK file: ..\..\..\Program Files (x86)\NeatReader\NeatReader.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: NeatReader Setup 8.1.4.exeStatic PE information: certificate valid
Source: NeatReader Setup 8.1.4.exeStatic file information: File size 62455064 > 1048576
Source: NeatReader Setup 8.1.4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: ffmpeg.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libEGL.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vulkan-1.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1776823382.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1776661234.0000000004C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007655000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb0 source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1780169049.0000000007655000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdbp" source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vulkan-1.dll.pdb@ source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1776823382.0000000005BE0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1776661234.0000000004C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vk_swiftshader.dll.pdb source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: M.pdB source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.00000000051D5000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_100010D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_100010D0
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .voltbl
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .voltbl
Source: NeatReader.exe.0.drStatic PE information: section name: .00cfg
Source: NeatReader.exe.0.drStatic PE information: section name: .rodata
Source: NeatReader.exe.0.drStatic PE information: section name: .voltbl
Source: NeatReader.exe.0.drStatic PE information: section name: CPADinfo
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .voltbl
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\WinShell.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\NeatReader.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\neatreader-updater\installer.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\Uninstall NeatReader.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\Program Files (x86)\NeatReader\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeatReader.lnkJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\WinShell.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\Uninstall NeatReader.exeJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\System.dllJump to dropped file
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile Volume queried: C:\Users\user\AppData\Roaming\NeatReader\blob_storage\626fbe4f-8fa8-4fe4-8064-ab57ee09eed8 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile Volume queried: C:\Users\user\AppData\Roaming\NeatReader\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile Volume queried: C:\Users\user\AppData\Roaming\NeatReader\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeFile Volume queried: C:\Users\user\AppData\Roaming\NeatReader\Cache FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resourcesJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libsJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwinJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeFile opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-listJump to behavior
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: VMware Virtual Webcam
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tgav
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f2VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamWebcamMax../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: VMnet
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBfunctions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)functions->standard == STANDARD_GL_DESKTOP && (isIntel || isAMD)IsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) || (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() || isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) || (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD || IsAndroid()IsAndroid() || isNvidia(IsAndroid() && isQualcomm) || (isIntel && IsApple())isAMD || isIntelIsNexus5X(vendor, device)IsAndroid() || (IsWindows() && isIntel)(IsWindows() && (isIntel || isAMD)) || (IsLinux() && isNvidia) || IsIOS() || IsAndroidEmulator(functions)IsAndroid() || limitMaxTextureSizeIsAndroid() || (IsApple() && (isIntel || isAMD || isNvidia))limitMaxTextureSizeIsApple()IsAndroid() || isAMD || !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() || (IsAndroid() && isNvidia) || (IsWindows() && isNvidia) || (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() || (IsLinux() && isAMD)IsApple() || (IsWindows() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() || IsAndroid() || IsWindows()functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD && IsWindows())isDualGPUMacWithNVIDIAisTSANBuild && IsLinux() && isNvidiaIsApple() && (isAMD || isIntel || isNvidia)IsLinux() && IsWayland()!CanMapBufferForRead(functions)IsApple() && hasAMDIsAdreno42xOr3xx(func
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: num_failuresrelease_after_msThrottling.RequestThrottled%08x: %02x ../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed:
Source: NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1724019640.0000000006750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeAPI call chain: ExitProcess graph end nodegraph_0-3523
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_100010D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_100010D0
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\NeatReader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\NeatReader\Crashpad --url=http://localhost:9000 "--annotation=_companyName=Gauzy Tech" "--annotation=_productName=NeatReader Desk App" --annotation=_version=8.1.4 --annotation=prod=Electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dcJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\neatreader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\neatreader\crashpad --url=http://localhost:9000 "--annotation=_companyname=gauzy tech" "--annotation=_productname=neatreader desk app" --annotation=_version=8.1.4 --annotation=prod=electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dc
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1560 /prefetch:2
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --lang=en-gb --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --lang=en-gb --app-path="c:\program files (x86)\neatreader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --disable-gpu-compositing --lang=en-gb --app-path="c:\program files (x86)\neatreader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\neatreader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\neatreader\crashpad --url=http://localhost:9000 "--annotation=_companyname=gauzy tech" "--annotation=_productname=neatreader desk app" --annotation=_version=8.1.4 --annotation=prod=electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dcJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1560 /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --lang=en-gb --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --lang=en-gb --app-path="c:\program files (x86)\neatreader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeProcess created: C:\Program Files (x86)\NeatReader\NeatReader.exe "c:\program files (x86)\neatreader\neatreader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess --disable-gpu-compositing --lang=en-gb --app-path="c:\program files (x86)\neatreader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1Jump to behavior
Source: NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006D57000.00000004.00001000.00020000.00000000.sdmp, NeatReader.exe, 00000001.00000000.1837107732.00000000062C3000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: ../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progmanffff:%hx%n%4hx%n.
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources\app.asar VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\package.json VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\index.js VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin\index.js VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\win32\index.js VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Users\user\AppData\Roaming\NeatReader VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Users\user\AppData\Roaming\NeatReader\appData VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86) VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader VolumeInformationJump to behavior
Source: C:\Program Files (x86)\NeatReader\NeatReader.exeQueries volume information: C:\Program Files (x86)\NeatReader\resources VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\NeatReader Setup 8.1.4.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		2
Masquerading		11
Input Capture		1
Security Software Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		12
Process Injection		1
Access Token Manipulation		LSASS Memory2
Process Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Search Order Hijacking		1
Registry Run Keys / Startup Folder		12
Process Injection		Security Account Manager1
Remote System Discovery		SMB/Windows Admin Shares1
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
DLL Side-Loading		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		LSA Secrets24
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1521514 Sample: NeatReader Setup 8.1.4.exe Startdate: 28/09/2024 Architecture: WINDOWS Score: 6 5 NeatReader Setup 8.1.4.exe 13 142 2->5         started        8 NeatReader.exe 38 2->8         started        file3 18 C:\Users\user\AppData\Local\...\installer.exe, PE32 5->18 dropped 20 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 5->20 dropped 22 C:\Users\user\AppData\Local\...\nsProcess.dll, PE32 5->22 dropped 24 16 other files (none is malicious) 5->24 dropped 10 NeatReader.exe 3 8->10         started        12 NeatReader.exe 1 8->12         started        14 NeatReader.exe 12 8->14         started        16 2 other processes 8->16 process4

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
NeatReader Setup 8.1.4.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\NeatReader\NeatReader.exe0%ReversingLabs
C:\Program Files (x86)\NeatReader\Uninstall NeatReader.exe0%ReversingLabs
C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\ffmpeg.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin\fontlist0%ReversingLabs
C:\Program Files (x86)\NeatReader\resources\elevate.exe0%ReversingLabs
C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\vk_swiftshader.dll0%ReversingLabs
C:\Program Files (x86)\NeatReader\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\WinShell.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsProcess.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsis7z.dll0%ReversingLabs
C:\Users\user\AppData\Local\neatreader-updater\installer.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled0%URL Reputationsafe
http://www.opensource.org/licenses/mit-license.php0%URL Reputationsafe
https://openjsf.org/0%URL Reputationsafe
https://jsperf.com/getall-vs-sizzle/20%URL Reputationsafe
http://underscorejs.org/LICENSE0%URL Reputationsafe
https://sizzlejs.com/0%URL Reputationsafe
https://npms.io/search?q=ponyfill.0%URL Reputationsafe
https://bugs.jquery.com/ticket/123590%URL Reputationsafe
https://bugs.chromium.org/p/chromium/issues/detail?id=3786070%URL Reputationsafe
https://bugs.chromium.org/p/chromium/issues/detail?id=5893470%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/antelle/node-stream-zipNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
    		unknown
    https://www.google.com/speech-api/full-duplex/v1NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
      		unknown
      https://github.com/unshiftio/one-time.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
        		unknown
        http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThereNeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
          		unknown
          https://github.com/pillarjs/resolve-path#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
            		unknown
            https://crbug.com/650547call_clear_twiceUsingNeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              http://wonko.com/post/html-escaping)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                		unknown
                http://github.com/koajs/koa/commit/b968688afe2c727ae141f50aa983d481dbc1dbbf)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                  		unknown
                  https://github.com/jshttp/mime-types#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                    		unknown
                    http://github.com/koajs/koa/commit/7e46c2058cb5994809eab5f4dbb12f21e937c72b)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                      		unknown
                      https://github.com/koajs/koa/blob/master/docs/error-handling.mdNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                        		unknown
                        https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newNeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                          		unknown
                          https://github.com/nodejs/string_decoderNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                            		unknown
                            https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabledNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://github.com/sindresorhus/path-is-absolute.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                		unknown
                                http://www.opensource.org/licenses/mit-license.phpNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://github.com/ZJONSSON/node-unzipper#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anonNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://crbug.com/110263NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://github.com/koajs/koa/commit/00e8f7a1b7603aabdb7fb3567f485cb1c2076702)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://mdn.io/clearTimeout).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://openjsf.org/NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://github.com/jshttp/on-finished.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://github.com/koajs/koa/commit/b7bfa7113b8d1af49a57ab767f24a599ed92044f)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://crbug.com/593024select_view_in_geometry_shaderTheNeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://html.spec.whatwg.org/multipage/infrastructure.html#space-characterNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://github.com/wesleytodd/setprototypeofNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://bugs.chromium.org/p/v8/issues/detail?id=90NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://github.com/substack/node-hashish).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://crbug.com/593024NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://github.com/koajs/koa.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://github.com/jquery/jquery/blob/3.2.1/AUTHORS.txtNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://guides.github.com/activities/contributing-to-open-source/).MITNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://jsperf.com/getall-vs-sizzle/2NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://crbug.com/710443NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://github.com/winstonjs/winston/blob/2.x/lib/winston/logger.js#L198-L201NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://underscorejs.org/LICENSENeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argumeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalformeNeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://anglebug.com/3997NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://stackoverflow.com/a/1068308/13216NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://crbug.com/642605NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://github.com/pvorb/node-md5#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://anglebug.com/1452NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://crbug.com/1165751DisableNeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://github.com/gyson/koa-convert#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespaceNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://github.com/jshttp/media-typer.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://sizzlejs.com/NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://github.com/koajs/koa/commit/ad91ce2346cb34e5d5a49d07dd952d15f6c832a3)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://ljharb.codesNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://npms.io/search?q=ponyfill.NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://certs.starfieldtech.com/repository/0NeatReader Setup 8.1.4.exe, 00000000.00000003.1779355683.0000000006750000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://github.com/facebook/react-native/pull/1632NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://github.com/jshttp/mime-types.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://bugs.jquery.com/ticket/12359NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://github.com/visionmedia/debug#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.unicode.org/copyright.htmlNeatReader Setup 8.1.4.exe, 00000000.00000003.1704965260.0000000005D60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://peter.michaux.ca/articles/lazy-function-definition-pattern)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://github.com/RyanZim/universalify.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://registry.npmjs.orgNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://github.com/3rd-Eden/text-hexNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://ecma-international.org/ecma-262/7.0/#sec-tolength).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://bugs.chromium.org/p/chromium/issues/detail?id=378607NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://github.com/qix-/node-simple-swizzle#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://mths.be/fromcodepointNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://github.com/crypto-utils/keygrip#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://anglebug.com/3970NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://github.com/3rd-Eden/kulerNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://mdn.io/Number/isFinite).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/koajs/koa/pull/614NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://github.com/jshttp/on-finished#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://lodash.com/custom-builds).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://stackoverflow.com/a/16459606/376773NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://github.com/koajs/koa/commit/a007198fa23c19902b1f3ffb81498629e0e9c875)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/jquery/jquery.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://anglebug.com/3859NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://github.com/jshttp/http-assertNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://github.com/jshttp/negotiator.gitNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://stackoverflow.com/a/5982798/376773NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 00000000.00000003.1719831252.000000000520A000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://github.com/koajs/koa/commit/54e8fab3e3d907bbb264caf3e28a24773d0d6fdb)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://bugs.chromium.org/p/chromium/issues/detail?id=589347NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://mdn.io/spread_operator).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://github.com/winstonjs/logform#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://github.com/alessioalex/tiny-each-async#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://anglebug.com/3729NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://crbug.com/830046NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://github.com/es-shims/String.prototype.trimStart#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://anglebug.com/2517NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://github.com/eslint/eslint/issues/3229NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://crbug.com/401439).NeatReader Setup 8.1.4.exe, 00000000.00000003.1779564390.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://github.com/jshttp/media-typer#readmeNeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://crbug.com/672380NeatReader Setup 8.1.4.exe, 00000000.00000003.1726722266.0000000006B50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://mdn.io/iteration_protocols#iterator).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://www.another-d-mention.ro/NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://mdn.io/Structured_clone_algorithm)NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).NeatReader Setup 8.1.4.exe, 00000000.00000003.1720136744.0000000005960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      No contacted IP infos

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                      Analysis ID:1521514
                                                                                                                                                                                      Start date and time:2024-09-28 20:03:48 +02:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 7m 46s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:16
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:NeatReader Setup 8.1.4.exe
                                                                                                                                                                                      Detection:CLEAN
                                                                                                                                                                                      Classification:clean6.winEXE@12/130@0/0
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      • Number of executed functions: 45
                                                                                                                                                                                      • Number of non-executed functions: 25
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, CompPkgSrv.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.185.174
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • VT rate limit hit for: NeatReader Setup 8.1.4.exe

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      14:04:47API Interceptor6x Sleep call for process: NeatReader Setup 8.1.4.exe modified

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      No context

                                                                                                                                                                                      Domains

                                                                                                                                                                                      No context

                                                                                                                                                                                      ASNs

                                                                                                                                                                                      No context

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      No context

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\d3dcompiler_47.dllhttps://desktop.bodygram.cloud/download/latestGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        TestReach-6.2.0.msiGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                          Axon_Dashboard_Installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            snaffler.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              snaffler.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                TestReach-6.2.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  TestReach-6.2.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    Stremio+4.4.120.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\LICENSE.electron.txt

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1096
                                                                                                                                                                                                      Entropy (8bit):5.13006727705212
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                      MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                      SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                      SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                      SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\LICENSES.chromium.html

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):5370001
                                                                                                                                                                                                      Entropy (8bit):4.849557721751705
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
                                                                                                                                                                                                      MD5:6B84319EE8A0A0AF690273D3D2DCBAF4
                                                                                                                                                                                                      SHA1:857CA353E0582D100DCBC6CB6761BB4430D0CB90
                                                                                                                                                                                                      SHA-256:FC2A256467FB4D4FF72BE6C423E5961E98B418554DEEEC296ADED0E757B9A585
                                                                                                                                                                                                      SHA-512:26F9842BFDB429EF132CC1A930DA9187071A339927EDA402E8D54B5EB9E03067612CDADC3A2DAD3D0977F8E6AF18C05EAB6AC91720221C6A0104F96638F85A8A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<style>..html {.. --google-blue-50: rgb(232, 240, 254);.. --google-blue-300: rgb(138, 180, 248);.. --google-blue-600: rgb(26, 115, 232);.. --google-blue-900: rgb(23, 78, 166);.. --google-grey-200: rgb(232, 234, 237);.. --google-grey-800: rgb(60, 64, 67);.. --google-grey-900: rgb(32, 33, 36);.... --interactive-color: var(--google-blue-600);.. --primary-color: var(--google-grey-900);.... --product-background: var(--google-blue-50);.. --product-text-color: var(--google-blue-900);.... background: white;..}....@media (prefers-color-scheme: dark) {.. html {.. --interactive-color: var(--google-blue-300);.. --primary-color: var(--google-grey-200);.... --product-background: v

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\NeatReader.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):117631920
                                                                                                                                                                                                      Entropy (8bit):6.979731352768833
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1572864:7iJCno+qBonCy35Nq2ev+NfglaPGBiUth2c/o/MH9GfHUcFAhsGkXq4fMZc6hECp:dno+qmF+mc/o/IwBokDz6FrMI
                                                                                                                                                                                                      MD5:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      SHA1:668DE973487E499BD72A05485656DC8F83A57A9F
                                                                                                                                                                                                      SHA-256:A85F3A4C5D78D721AC164D7FC1EFED562638EB4E0C55FF7D0C8CF3971C896F48
                                                                                                                                                                                                      SHA-512:F9B71CAB94DA9226F7DBC093E9C680A2CC34FDC69042CB7A880E45C2D846455DEF74A819B5749CBD28A2C212B94235888CF3D02E7862BF32D8BE1215F29DDF9C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."...........K.....@6............@..........................`;....."u....@.................................)...h........................I......../.|;.......................7.....................\...........`....................text...Z........................... ..`.rdata.............................@..@.data.....=..`.......P..............@....00cfg..............................@..@.rodata.`........................... ..`.tls....)............"..............@....voltbl.y............$..................CPADinfo(............&..............@....rsrc................(..............@..@.reloc..../......./.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\Uninstall NeatReader.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):272288
                                                                                                                                                                                                      Entropy (8bit):6.742977795809136
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:k740IXjmmqC7ZdO8s2t0EyL+2iaVgwhcgQL:GqjmmdZo/RK2ZVgmcgC
                                                                                                                                                                                                      MD5:097C6C0CABC6BAFE46D9A0BDA722B4AD
                                                                                                                                                                                                      SHA1:251712A0CD32DD568D8FE2A33837E29D00A2D408
                                                                                                                                                                                                      SHA-256:3C9586E5C536B390660079ECA16F76FDEB773B16521064104AD00E8588A7B36B
                                                                                                                                                                                                      SHA-512:C290E01256F598B2E04F968C6B6E6123A3F54CB9A7191DC7386CAE5DEBA4F9648F3038F1167398D75063213AAE88221B33F575EB44ABBA00DA724F31B9593A87
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@..........................0.......J....@..........................................0...................I...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\chrome_100_percent.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):141525
                                                                                                                                                                                                      Entropy (8bit):7.919777817493783
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:igKzw9bpyZFM5fgm32Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:nKzw9ozA4m3m8Gb0OV8ld0GecQ3mExhk
                                                                                                                                                                                                      MD5:03AAA4F8525BA4B3E30D2A02CB40AB7A
                                                                                                                                                                                                      SHA1:DD9AE5F8B56D317C71D0A0A738F5D4A320A02085
                                                                                                                                                                                                      SHA-256:C3F131FAEEFAB4F506BF61C4B7752A6481F320429731D758EF5413A2F71441F7
                                                                                                                                                                                                      SHA-512:C89A1B89B669602BA7C8BF2C004755CAC7320189603FECB4F4C5CF7A36DB72DA651C7B613607146F0C6DA9EEC5DF412C7FBA75475352192351C02AEBDAA7D9A9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..................#.N...:......T.....T.....T.....T.....T1....T.... T....!T...."T....#T....$T/...+T."..,TM$../T.%..0T:'..7T.'..8T31..9Ta9..:T.;..;T)<...^.=...^8>...^.?...^.B...^.E...^.I...^.M...^.P...^.T..V^WX..W^.Y..X^.[..Y^p\..Z^c]..[^.^..`^.^..a^L...b^....2n~...3n....4n....5n....6n....7n....8n}...:n)...<nb...=n9...>n....?n....@n....An....Bn&...Cn....En....Fn....Hn....In....Kn.)..Ln.3..Rn.7..Sn.9..Tn]B..Un.J..Vn.K..Wn3M..Xn.O..Yn:R..[n.R..]n.U..^n.X.._n.Y..`n.[..an.]..bn.^..cn.`..dn.a..fn.d..gnlf..in.i..jn,k..ln.n..mn.q..rn.s..tnb...un....vn....wn....xn...yn....zn,...{n....|n2...}n....~n....n.....n.....n.....n.....nY....n....n.....n.....nd....n9....n.....n....n.....n.....ne....n<....n.....n.....n.....n\....n#....n.....n.....n.....n.....nV....n.....n8....n.....n.....n.....n.....ng....n0....n.....n.....na....n&....n.....n.....n.....n.....n.....n.....p.....p.....p0....p.....p%....pO....p.....pf....p.....p.....pT....p.....p.....p.....p.....p.....p.....p.....p2....p.....pK....p.....p(.

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\chrome_200_percent.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):206981
                                                                                                                                                                                                      Entropy (8bit):7.946665927992836
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:TDQYaF+9b7zA4m0k5GMRejnbdZnVE6Yopym74:gfs7T6edhVELo374
                                                                                                                                                                                                      MD5:7D4F330A5443EADF32E041C63E7E70AD
                                                                                                                                                                                                      SHA1:26CE6FB98C0F28F508D7B88CF94A442B81E80C88
                                                                                                                                                                                                      SHA-256:B8704BE578E7396EE3F2188D0C87D0EDE5C5702E9BB8C841B5F8D458ABF1356D
                                                                                                                                                                                                      SHA-512:F1B9B0DD7396863AA0FECA06175B7F9EA0BE4122351ECF0A0549EE4C34F85AC8C63CC927D7409A40B6E19FA91D2CB00A145616BA19F47045B2345BFBC2D4802D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..................#.O...:......Tz....T.....Tm....T2....Tp....Tk... T)&..!Te+.."Tu...#T.5..$T":..+TyB..,T.D../T_F..0T.I..7TYJ..8T.^..9T.p..:T'v..;T.v...^#x...^.|...^8....^,....^1....^p....^.....^c....^....V^...W^....X^....Y^....Z^....[^....`^<...a^....b^=...2n....3n....4n....5n....6nB...7n{...8n....:n....<n.&..=n.-..>n73..?n.8..@n.?..AnWA..Bn.E..Cn.I..EnsS..Fn.V..Hn._..In.b..Kn.l..Ln.v..Rn*{..Sn.|..Tn....Un*...Vn....Wn....Xn*...Yn?...[nW...]nr...^n?..._n....`n....an=...bn;...cn(...dnI...fn:...gnb...in_...jn}...ln....mn2...rn....tn....un....vn....wnr...xn....yn....zn....{n....|n....}n....~n. ...n."...n.#...n_%...n.'...n.,...n.1...nv9...nWA...n.B...n.D...npE...n.F...n,H...n.I...nKM...n-Q...n.T...nGV...n.W...n.Y...n%....nu....n.....n.....n.....n.....n.....n.....n.....n.....n]....n#....n.....n.....n.....n(....nI....n=....n3....nV....nz....n.....n.....nc....n.....n.....n.....p.....p.....p:....p.....pG....p}....pV....p.....p.....pj....p.....p.....p2....p(....p.....p@....p.....pe....p.....p..

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3714200
                                                                                                                                                                                                      Entropy (8bit):6.570736584573205
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:sXMoHAsisjBFjJMLhHELxJm8ZU8W/GBj5Z535TMpinAizxkl/cD11bqCG7jHbOkD:srZOb8W/G5hnAizxz7NZy9AG
                                                                                                                                                                                                      MD5:2F2E363C9A9BAA0A9626DB374CC4E8A4
                                                                                                                                                                                                      SHA1:17F405E81E5FCE4C5A02CA049F7BD48B31674C8F
                                                                                                                                                                                                      SHA-256:2630F4188BD2EA5451CA61D83869BF7068A4F0440401C949A9FEB9FB476E15DF
                                                                                                                                                                                                      SHA-512:E668A5D1F5E6F821EBFA0913E201F0DFD8DA2F96605701F8DB18D14EA4FDEAC73AEB9B4FE1F22EAEFFCDD1C0F73A6701763727D5B09775666F82B678404E4924
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: TestReach-6.2.0.msi, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: Axon_Dashboard_Installer.msi, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: snaffler.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: snaffler.exe, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: TestReach-6.2.0.msi, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: TestReach-6.2.0.msi, Detection: malicious, Browse
                                                                                                                                                                                                      • Filename: Stremio+4.4.120.exe, Detection: malicious, Browse
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................s.....s.............G......./..................................)......+..........Rich...................PE..L..................!.....*6.........P.*......@6..............................@9.......9...@A.........................46.u...X37......P7.@.............8.."...`7.,.......T...................l...........@............07.T............................text...e(6......*6................. ..`.data...h....@6..d....6.............@....idata.......07.......6.............@..@.rsrc...@....P7.......6.............@..@.reloc..,....`7.......6.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\ffmpeg.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2584064
                                                                                                                                                                                                      Entropy (8bit):6.867373949563202
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:JbW/NuM92guiyeJNQltLHLS/vGPJHbDG7SW:tWFuM92gu/ZHLScRDM
                                                                                                                                                                                                      MD5:94BD681436FF248B03114C9A1FF48B09
                                                                                                                                                                                                      SHA1:F1928DA886448559F57194ADBFA940130AC10A31
                                                                                                                                                                                                      SHA-256:9F33C5FFF122D95AB6B8F956158F93804E80E8EB27B38F2948623EBC748ED8D9
                                                                                                                                                                                                      SHA-512:22C8DF6ACA587CBD6006FF7650C6A84777A0D4A423DDF390F7B1885C2D1FDC1CBEEA79A47DCFEE29DC443ADA91612B31E629AB41378A556DACD6815075D042F3
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!...... ..J...............................................`9...........@A.........................K&......Q&.(.............................8.......&.......................&......O .............DS&..............................text...e. ....... ................. ..`.rdata...M...0 ..N..." .............@..@.data...`.....&..*...p&.............@....00cfg.......`8.......&.............@..@.tls.........p8.......&.............@....voltbl.......8.......&..................reloc........8.......&.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\icudtl.dat

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):10413488
                                                                                                                                                                                                      Entropy (8bit):6.281507508108464
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:196608:+UGwSv9AAQnt6liXUxR0rHa93WhlU6tcCLhl:+oKlQnAliXUxR0rHa93WhlU6t3Ln
                                                                                                                                                                                                      MD5:80A7528515595D8B0BF99A477A7EFF0D
                                                                                                                                                                                                      SHA1:FDE9A195FC5A6A23EC82B8594F958CFCF3159437
                                                                                                                                                                                                      SHA-256:6E0B6B0D9E14C905F2278DBF25B7BB58CC0622B7680E3B6FF617A1D42348736B
                                                                                                                                                                                                      SHA-512:C8DF47A00F7B2472D272A26B3600B7E82BE7CA22526D6453901FF06370B3ABB66328655868DB9D4E0A11DCBA02E3788CC4883261FD9A7D3E521577DDE1B88459
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .5....A.......A..P....A.......A.. ....A..p....B.......B..0&..(B...&..8B...&..HB.. n..\B..pn..oB..`o...B...o...B.. p...B...q...B..0r...B...r...B...r...B...s...C...t...C.. v..-C...v..@C...w..SC..px..fC..0y..yC...{...C...|...C.. }...C..`~...C...~...C.......C.......C..p....D.....$D......7D..p...JD.. ...]D......nD......D.. ....D..p....D.......D.......D..0....D.......D......E.. ..."E..p...3E......GE......WE......jE..`....E.......E.......E.......E..`....E.......E.......E.......F..`0..0F....&.GF....&.^F..P.&.uF..@.&..F....&..F....&..F....&..F..p.&..F....&..G...W(.'G..P#).@G..`.)._G....)..G.. B*..G....*..G..p.*..G..`.+..G..0.+..H....+.)H....+.BH...W+.^H.. .+.|H....-..H....-..H....-..H....-..H..P.-..H....-..I.......I......-I..`...EI......UI...8..hI...9..{I..P9...I...9...I...9...I..P:...I...:...I...;...I...]...J..._...J.. ...2J..p...GJ..P...\J..`./.qJ..

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\libEGL.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):354816
                                                                                                                                                                                                      Entropy (8bit):6.5791835920022566
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:8z/HOSsej/GoilKtpeTJztCwdm6EhVRuGZ4uVPZrdzVpTAGW1cSAiXcI:b7lKtpDwdm6EwVuVPDz/vAF
                                                                                                                                                                                                      MD5:A18F9DBFF39676B0DFA86F66B768C45A
                                                                                                                                                                                                      SHA1:D2726EF6F61C8008738438D931C676812E14124B
                                                                                                                                                                                                      SHA-256:A58F172C9C9984EB651AD4C5B870EF21D508AE9284ED1B4B81CD15D5AC2843FC
                                                                                                                                                                                                      SHA-512:8C3A71D9C69EA230A1A0A5133801E6D4BE9116FD0D8A0503A218704318FD4A8CE29EC0F8781F7180D1DFCD8010DFC223C56E5F2AF3583F04FA465246C84BD89D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!.........V.......O....................................................@A........................\...........(.......x........................5..................................P0..................d............................text...Q........................... ..`.rdata....... ......................@..@.data....3... ......................@....00cfg.......`.......(..............@..@.tls.........p.......*..............@....voltbl..............,...................rsrc...x...........................@..@.reloc...5.......6...4..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\libGLESv2.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):6924288
                                                                                                                                                                                                      Entropy (8bit):6.78607570697073
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:98304:zQC8egWG0K9+suw5CCVwAuD5lTsnCir1l5V/jAPS+DrvPC8z:zQC8eTGsw5JwAull27borH
                                                                                                                                                                                                      MD5:EA0386C952F7896CF0D1B275B4A23EE6
                                                                                                                                                                                                      SHA1:2E853ADFBBB4097898B64C9850751B0B41B990BE
                                                                                                                                                                                                      SHA-256:D428852CD603A7C83B214005DBF4FAAB3751D15FC37FB1DCC75F8247E8001973
                                                                                                                                                                                                      SHA-512:ABD6ED5E62EAA47E2860709CF067A1A9DD4F9C8108FA34B419B72C7F4F6B2C88624645B4A7FF9EA3B42D3647268D583AA9651DE38DBDFB6DD977E29FB3CA1323
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!.....rN..0........E...................................................@A........................-.a.......c.d....P.......................`......<.a.....................@.a.......N...............c.T...d.a.@....................text....qN......rN................. ..`.rdata..d4....N..6...vN.............@..@.data....P3...c..\....c.............@....00cfg....... ........f.............@..@.tls.........0........f.............@....voltbl......@........f..................rsrc........P........f.............@..@.reloc.......`........f.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\am.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):154369
                                                                                                                                                                                                      Entropy (8bit):5.008301713077239
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:nJ1NSM/92t7Rh4rgEkDvuHq/VoZLokijEG/yZJjh6oVjUWRSuo90kef97ZVt1nnu:nzym+u9QfCx30jH8+x
                                                                                                                                                                                                      MD5:5C617F3833923FCA5717A549FA57ADCA
                                                                                                                                                                                                      SHA1:0102AC3C8041FAB6A1A65A3BCAF7E79C0B7FD719
                                                                                                                                                                                                      SHA-256:5F323C0BD185D5BD5F7EA737018F14FD6EA500BA5440BC74F5C09B635518EADC
                                                                                                                                                                                                      SHA-512:87034E798355875F3459567ED1F11E5455FC5ADC9634EEC33E9DB2446451FEBF7F35F617709A9B09BF3BC52F195EDEA0CB47D474D2C11CA93A8B5383142D45E9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.f4..k.u4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5.... 5....%5....-5....55....=5....D5....K5....R5....S5....T5.....5.....5.....5.....5.....6.....6.....6.....6...."6....>6....p6.....6.....6.....6.....6.....6.....6.....6.....7.....7....$7....+7....B7....N7....[7....}7..*..7..+..7..,..7../..7..0..7..1.88..2.T8..3.d8..4..8..5..8..6.69..7.^9..>..9..?..9..N..9..g..9..i..9..j..9..k..9..l..9...I.9...I.:...I3;...I<;...J{;...J.;...J.;...J.;...J.;...J.;...J.<...J#<...J|<...J.<...J.<...J.<...J.<...J.=.. J.=..!J.=.."J.=..#J.=..$J.=..%J(>..&J.>..'J??..)J.?..*J.@..+JL@..,Jb@../J.@..0JlA..1J|B..2J.B..3J.B..5J+C..6J.C..7J.D..8J.D..9J.E..:J@E..;J_G..<J|H..=JWI..>J.I..@J.J..BJ.J..CJ4J..DJGJ..EJ`J..FJ.J..KJ2K..LJsK..MJ*L..NJFL..OJrL..PJ.L..QJ-M..RJ.M..SJ.N..TJXN..WJ.O..ZJUO..\JdO..]JjO..^JsO.._J.O..`J.O..aJ.O..bJ.O..cJ.P..dJ.P..eJGP..fJxP..gJ.P..hJ.Q..iJYQ..kJrQ..mJ.Q..nJ.Q..oJ.Q..pJ.Q..qJzR..tJqU..wJ.U..xJ.U..yJ.V..zJ#V..{JSV..}JwV...J.V...J.W...J|W

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ar.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):156996
                                                                                                                                                                                                      Entropy (8bit):5.084198860333123
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:91mmOGHNSNRZaJTGxRh+7iMuxHSM2uZtE9yKBZ1F/R2bKSI1+/BI1Iir2L2p:zjOlNRQs+7i0g/BI1Zp
                                                                                                                                                                                                      MD5:8F9C8DD93B03202220B5E226C6956025
                                                                                                                                                                                                      SHA1:8290DBA9B8DCC89928821EAD04F7CF599C0BA557
                                                                                                                                                                                                      SHA-256:E7F9A474399C0CA0DAF28C6153F6EC7AE87423E66C8FFE0849407471D20B6237
                                                                                                                                                                                                      SHA-512:3EB0B80CC7243ED646CFC7BE31EB27F0AA15F2AA8A5D2C50C3E5EFD8A81759637E3F986C5C294262FF3BC94A939BB3803268B4EDA46B3CFE224F596BFB4ED00A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.Z4..k.i4..l.t4..n.|4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5....!5....)5....15....85....?5....F5....H5.....5.....5.....5.....5....'6....*6.....6....86....X6....x6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7.....7....17....97....L7....n7..*..7..+..7..,..7../..7..0..7..1..8..2..8..3.08..4.W8..5.~8..6..8..7..9..>.79..?.B9..N.]9..g.k9..i.n9..j.r9..k.w9..l..9...I.9...I.9...I.:...I.:...J#;...J+;...J<;...JO;...Js;...J.;...J.;...J.;...J.<...J.<...J=<...JC<...Jh<...J}<.. J.<..!J"=.."J<=..#JW=..$J[=..%J}=..&J.=..'JP>..(J.>..)J.?..*J.?..+J.?..,J.@../JG@..0J.@..1J.A..2J.B..3J1B..5JpB..6J.C..7J.D..8J.D..9J.D..:J!E..;J>I..<J.K..=J.L..>J.M..@JRM..BJ\M..CJsM..DJ.M..EJ.M..FJ.M..KJ.N..LJ.N..MJmO..NJ.O..OJ.O..PJ(P..QJ.P..RJ5Q..SJ.Q..TJ.R..WJ.S..ZJmS..[J{S..\J.S..]J.S..^J.S.._J.S..`J.S..aJ.T..bJ.T..cJ.T..dJNT..eJ.T..fJ.T..gJXU..hJwU..iJ.U..kJ.U..mJ.U..nJ.U..oJ.V..pJ=V..qJBW..tJB_..wJ._..xJ._..zJ._..{J.`..}J>`...JS`...J.`...JDa...J.a

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\bg.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):170110
                                                                                                                                                                                                      Entropy (8bit):4.813810055718465
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:P3504qAG1u0PSFq8HyyW4nSpbBqjnUmIKW3RZzrzCLy8Asgiamd3vNgT72eM+sUS:P35vqpTPaTo4njmZzrmLy8ADINW72eMz
                                                                                                                                                                                                      MD5:00D012A55A50BBA5DE8B2FC2E0D163B2
                                                                                                                                                                                                      SHA1:89163FA9905876167A0C7D3446BCB0BD30F88EF4
                                                                                                                                                                                                      SHA-256:BD3A3AACC3CEE9864404755EEE9542E0F21EFBEBD4A71E5333D15783D4CE18C9
                                                                                                                                                                                                      SHA-512:3BD6C774729F3531D316917DEB7D8FE977C5BF5A3E85846F061C4AF5FB6C45F79D8A3557A47D4569AD52819B3CCAB13D386A9F5C1801E25E969E194A956D40A2
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....6....96....;6....?6....K6....^6....y6.....6.....6.....7....77....>7....A7....B7....V7....l7.....7.....7.....7.....7.....7.....7.....8..*.)8..+.,8..,.J8../..8..0..8..1..9..2.+9..3.N9..4..9..5..9..6.8:..7.\:..>..:..?..:..N..:..g..:..i..:..j..:..k..:..l..:...I.:...I1;...I.<...I.<...J.<...J.<...J.=...J!=...JW=...J.=...J.=...J.>...J >...JF>...JX>...J.>...J.>.. J(?..!Jo?.."J.?..#J.?..$J.?..%J.@..&JT@..'J0A..(J.A..)J.B..*J.B..+J.C..,J7C../JhC..0JSD..1J.E..2J.E..3J.E..5J7F..6J.G..7J.G..8J.G..9J.G..:J!H..;J.I..<J.J..=JXK..>J.K..@J.L..BJ.L..CJ.L..DJ@L..EJhL..FJ.L..KJ]M..LJ.M..MJqN..NJ.N..OJ.N..PJ1O..QJ.O..RJrP..SJ.Q..TJ^Q..WJ.R..ZJ.R..\J.R..]J.S..^J.S.._J?S..`JjS..aJ.S..bJ.S..cJ.S..dJ.S..eJ6T..fJlT..gJ.T..hJ.U..iJ^U..kJkU..mJ.U..nJ.U..oJ.U..pJ.V..qJ.V..tJ>Y..wJ.Y..xJ.Y..yJ)Z..zJ7Z..{JKZ..}J}Z...J.Z...Jt[...J.[

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\bn.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):221799
                                                                                                                                                                                                      Entropy (8bit):4.419808794496792
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:fPjRXprzuB7CPIqPp2nKEZ3UzKoZ4CfrNuduY0Jri0CI58JRKgqZBiCYWY0PnxRB:fbbNp2KGCDjr58JMgqbxRRImv7hfUHm/
                                                                                                                                                                                                      MD5:80C804A82C617E7E0FC1E7F0DF63290C
                                                                                                                                                                                                      SHA1:A81F3AC6E92785E4C96E7DBD01FCA8BFD446071A
                                                                                                                                                                                                      SHA-256:B4ED891E8B38452623348DA12D325B52407446114CBA664A8E25A26A7CFAF773
                                                                                                                                                                                                      SHA-512:919856917F185DCAA6204A0B990E49498EF59B72CF93F8B6DA44785F4E889B70C0B05300AC15009260DDB36A8D4F06FEE5D8C4796E60A43C2957EA436F7316BF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....%5....*5....25....:5....?5....G5....N5....U5....\5....]5....^5.....5.....6....=6....h6.....6.....6.....6.....6.....6.....7....A7....o7.....7.....7.....7.....7.....7.....7.....8.....8....28....S8....b8....z8.....8..*..8..,..8../..9..0..9..1..9..2..9..3..9..4..:..5.x:..6..:..7.4;..>..;..?..;..N..;..g..;..i..;..j..;..k..;..l..<...I.<...I]<...I=>...IY>...J.>...J.>...J.>...J.>...J/?...JK?...J}?...J.?...J.@...J'@...JR@...Jh@...J.@...J.@.. JdA..!J.A.."J.A..#J.B..$J2B..%J.B..&J.B..'J0D..(J7E..)JAF..*JlF..+J.F..,J.F../JDG..0J.H..1J.J..2J.J..3J.J..5JqK..6J.L..7J.M..8J.N..9J,N..:J.N..;J.Q..<J.S..=J.T..>J.U..@J.U..BJ.U..CJ.V..DJ'V..EJVV..FJ.V..KJ.W..LJ)X..MJ3Y..NJPY..OJ.Y..PJ.Y..QJ.Z..RJJ[..SJ.\..TJh\..WJ.]..ZJ<^..[JX^..\Jt^..]J}^..^J.^.._J.^..`J._..aJb_..bJc_..cJ._..dJ._..eJ.`..fJ?`..gJ.`..hJ.a..iJEa..kJXa..mJ.a..nJ.a..oJ.a..pJQb..qJSc..tJ.h..wJ.h..xJ.i..yJsi..zJ.i..{J.i..}J.j...J/j...J6k

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ca.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):108499
                                                                                                                                                                                                      Entropy (8bit):5.413075728378605
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:Em2DPcgrI54tBL8l/oq7O5awat8PU02he8X/FS0bzRhqRRhnAkpxlCEtT3nRA39u:EvPcgkoqO5a78PUzhe8X/80nEznAkpxl
                                                                                                                                                                                                      MD5:79EC325651589F138C7840C61316D8F5
                                                                                                                                                                                                      SHA1:37503EDCAE710E2D61F390064FA2D9893D4B9C8D
                                                                                                                                                                                                      SHA-256:9A4E286A58BB9A58E9E30D982783663C9BCE40730CB6DAD4C37980038040919E
                                                                                                                                                                                                      SHA-512:F00A9354871C77947D2B99E83B54BABCB46B5A45C24702C1B5F750156ABCB2A00D12C6B4C2E15634D4D560DE0AFA5B9C368D31F08CF447F2209F51C0B8EF6384
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........&...j.~4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}.05....85....=5....E5....M5....U5....\5....c5....j5....k5....l5.....5.....5.....5.....5.....6.....6.....6.....6.... 6....06....F6....]6....r6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..7..+..7..,.!7../.K7..0.P7..1..7..2..7..3..7..4..7..5..7..6..8..7.08..>.D8..?.N8..N.a8..g.n8..i.q8..j.u8..k.z8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J$:...Ja:...Jm:...J.:...J.:...J.:...J.:.. J.:..!J ;.."J5;..#JJ;..$JM;..%Jg;..&J.;..'J.<..(J.<..)J.=..*J"=..+JL=..,J[=../Jz=..0J.>..1J.>..2J.>..3J.?..5JC?..6J.?..7J)@..8J:@..9JF@..:Jl@..;J.A..<J.B..=J.B..>J.B..@J.C..BJ.C..CJ.C..DJ(C..EJ<C..FJaC..KJ.C..LJ.C..MJ?D..NJaD..OJtD..PJ.D..QJ.E..RJeE..SJ.E..TJ.E..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.G..aJ$G..bJ%G..cJ:G..dJ=G..eJkG..fJ.G..gJ.G..hJ.G..iJ.H..kJ.H..mJBH..nJGH..oJUH..pJ.H..qJ.H..tJxJ..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J2K...JFK

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\cs.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):110242
                                                                                                                                                                                                      Entropy (8bit):5.8210765375728135
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:6G+wdXqt5qYSP7ymjLEwoVD33zSYoYlBw/dhRRkP+8QUQdbiE:JvXPjyfaYl6/P2+8QUQdbd
                                                                                                                                                                                                      MD5:0325D16A747CCA73A3A2B0C94FAC123D
                                                                                                                                                                                                      SHA1:E5989627742ECEE5F8996001002E97627BFBE10D
                                                                                                                                                                                                      SHA-256:C00829FC57C7E1E5419FE3202F114D394A590B8B32B1E55AF42772C93755945D
                                                                                                                                                                                                      SHA-512:B824297DF25C097251432FA72AE1258092E692FF3E4C527599897D7D3E71007CBD80E300DE54B87146889F71D537C7D297C1B3CAC04B6E08D7CE29132EC9E5DC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....$5....)5....15....95....A5....H5....O5....V5....W5....X5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....)6....86....I6....P6....S6....T6....a6....n6....u6....}6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.I7..2.W7..3.e7..4..7..5..7..6..7..7..7..>..8..?..8..N.#8..g.*8..i.-8..j.18..k.68..l.A8...IF8...I_8...I.9...I.9...JA9...JH9...JN9...JT9...Jo9...Jz9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. Jd:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'JK;..(J.;..)J.<..*J1<..+J_<..,Jn<../J.<..0J.=..1J.=..2J.=..3J.=..5J'>..6J.>..7JP?..8Jb?..9Ju?..:J.?..;J.A..<J.B..=JPC..>J.C..@J.C..BJ.C..CJ.C..DJ.C..EJ.C..FJ.D..KJTD..LJrD..MJ.D..NJ.D..OJ.E..PJDE..QJ.E..RJ.E..SJ&F..TJQF..WJ.F..ZJ.G..[J.G..\J.G..]J"G..^J%G.._J;G..`JSG..aJbG..bJeG..cJvG..dJyG..eJ.G..fJ.G..gJ.H..hJ.H..iJ3H..kJ:H..mJ]H..nJdH..oJqH..pJ.H..qJ.I..tJ&L..wJ;L..xJOL..zJ.L..{J.L..}J.L...J.L...JZM

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\da.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):100898
                                                                                                                                                                                                      Entropy (8bit):5.423694312690139
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:mjAsKH2oFmMFyHlqByQxTdofWfZg5Q4+xEGqZ4w8pOmPEFh/j4O:mM9WohFyFnQBf2+xgL1/r
                                                                                                                                                                                                      MD5:29F37A66AD8035D0657A1C7176330C40
                                                                                                                                                                                                      SHA1:EBF26AFA557B44FF5248207425083C750A397F49
                                                                                                                                                                                                      SHA-256:6DA77A20FD6FBB228B2DE5F197225342DA18CBC58D26EBF542CF20D23E00F033
                                                                                                                                                                                                      SHA-512:4C360F13C499A9B4B8E2B6F29EFECEDCC571130B90CB93A3C21486642704711DB0A182B63B3BE307B39C382DE73787269822AF76AF9032E4F9C4A5596EAE8E50
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....#6....76....I6....P6....S6....T6....[6....d6....j6....m6....t6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3.&7..4.@7..5.X7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.8...I.8...I.8...J.8...J.8...J.8...J.9...J/9...J79...JF9...JR9...J.9...J.9...J.9...J.9...J.9...J.9.. J.:..!J,:.."J::..#JJ:..$JP:..%Jf:..&J.:..'J.:..(JH;..)J.;..*J.;..+J.;..,J.;../J.<..0J|<..1J.=..2J.=..3J<=..5Jg=..6J.=..7JF>..8JO>..9J^>..:Jx>..;J.?..<J/@..=J.@..>J.@..@J.A..BJ.A..CJ.A..DJ#A..EJ-A..FJgA..KJ.A..LJ.A..MJFB..NJ_B..OJpB..PJ.B..QJ.B..RJ2C..SJ}C..TJ.C..WJ4D..ZJ]D..\JeD..]JkD..^JnD.._J.D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJRE..hJdE..iJzE..kJ.E..mJ.E..nJ.E..oJ.E..pJ.E..qJ0F..tJLH..wJcH..xJ~H..yJ.H..zJ.H..{J.H..}J.H...J.H...JfI

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\de.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):108417
                                                                                                                                                                                                      Entropy (8bit):5.4792271676996425
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:hHbausrKfikXgkNahUnNqRPIYvfrxWRQNCLubXpkHxQ1NlkGfChxCPQl9v83Opra:pinhUnN1dLq+H8Nr40PyqyrsS0
                                                                                                                                                                                                      MD5:5F9F5187B2C3A4BBE6077A329EF5C2C1
                                                                                                                                                                                                      SHA1:68AB6991F89F5C41C055B07FD97EA6D394D87F12
                                                                                                                                                                                                      SHA-256:E964D841B9588B7412F1FF86F004E6B052F993BF2153E4DC4BEE6C5536BE1744
                                                                                                                                                                                                      SHA-512:560A90D24C5FBA776AE526033163CE61662978599C4B171F0BDBC80C72206A9443ED1AAB58819AE71345ECAFA795527C0673C12B73BA7AC381B7DEF7BBBEE118
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....(6....A6....Z6....a6....d6....e6....o6....y6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.;7..2.I7..3.R7..4.y7..5..7..6..7..7..7..>..8..?..8..N.+8..g.68..i.98..j.=8..k.F8..l.L8...IY8...Iv8...IJ9...IT9...Jx9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J):...J7:...JG:...JP:...J`:...Jo:.. J.:..!J.:.."J.:..#J.:..$J.;..%J(;..&JY;..'J.;..(Jp<..)J.=..*J*=..+JS=..,Jd=../Jx=..0J.>..1J.>..2J.>..3J.?..5J8?..6J.?..7J"@..8J)@..9J4@..:JU@..;JsA..<J.A..=J.B..>J.B..@J.C..BJ.C..CJ.C..DJ C..EJ/C..FJfC..KJ.C..LJ.C..MJpD..NJ.D..OJ.D..PJ.D..QJ!E..RJuE..SJ.E..TJ.F..WJ.F..ZJ.F..\J.F..]J.F..^J.F.._J.F..`J.G..aJ,G..bJ-G..cJ@G..dJCG..eJmG..fJ.G..gJ.G..hJ.G..iJ.H..kJ%H..mJCH..nJMH..oJ[H..pJ~H..qJ.H..tJ}J..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J!K...J0K...J.K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\el.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):188491
                                                                                                                                                                                                      Entropy (8bit):4.875423021643058
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:lA6xGMCiJFTYkDuTX9yGwSREF3IVMRm5ppFFSqu/EFMeELO+niKh52hfZPXYlXSG:lAACiJFMkDuTyF3IiRm5ppFLzFMeF+n/
                                                                                                                                                                                                      MD5:F4083CF1C56EDB2D8701FC1809C9D8EC
                                                                                                                                                                                                      SHA1:909337883E1F898C98DE9B35F7889D257E5455B2
                                                                                                                                                                                                      SHA-256:B624633365C19E6E3CBE200B39889711994809796DBEE7988883165D0CC1D6C2
                                                                                                                                                                                                      SHA-512:27726B5CF51760D6938C17E3B1346F0F9C36940A94FBB9428D9BA8809598E07D7C5429FCFC3EC56EA795D65555B4D19676CDC299D0F8937C503D92CB87B80EE4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....6....C6....|6....~6.....6.....6.....6.....6.....6.....7....=7....j7....q7....t7....u7.....7.....7.....7.....7.....7.....7.....8.....8....J8..*._8..+.b8..,..8../..8..0..8..1.m9..2..9..3..9..4..9..5.;:..6..:..7..:..>..;..?.*;..N.K;..g._;..i.b;..j.f;..k.k;..l.u;...Iz;...I.;...I8=...IP=...J.=...J.=...J.=...J.=...J.>...J.>...Jc>...Jw>...J.>...J.?...J0?...JD?...Jf?...J.?.. J&@..!Jm@.."J.@..#J.@..$J.@..%J.A..&J.A..'JxB..(JDC..)J<D..*JbD..+J.D..,J.D../J.E..0J3F..1J.G..2J.G..3J.H..5JSH..6JNI..7J.I..8J.J..9J8J..:J}J..;JrL..<JOM..=JTN..>J.N..@J.O..BJ#O..CJ>O..DJOO..EJnO..FJ.O..KJ8P..LJ.P..MJ.Q..NJ.Q..OJ.Q..PJtR..QJ8S..RJ.S..SJ.T..TJ.T..WJ.V..ZJqV..[J.V..\J.V..]J.V..^J.V.._J.V..`J.W..aJ#W..bJ$W..cJCW..dJFW..eJsW..fJ.W..gJSX..hJkX..iJ.X..kJ.X..mJ.X..nJ.Y..oJ.Y..pJVY..qJ.Y..tJ.\..wJ.]..xJ=]..yJ.]..zJ.]..{J.^..}J>^...J[^

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\en-GB.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):89514
                                                                                                                                                                                                      Entropy (8bit):5.4765832263521075
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:c1BQQyiGUaBWTHjrDXApScz4RrgasTX65iBxgwSOiJedMJrV0h5BvVfm3ggl+qRR:c/QJDU9HjHBVsdBxgXM523ggl+qH
                                                                                                                                                                                                      MD5:B8B8DE138E6CD2AD1EEE182F2BEFC905
                                                                                                                                                                                                      SHA1:ACB5FBB8D3026D2CF0D5AFCC0B2407F7DC7F7CEE
                                                                                                                                                                                                      SHA-256:4A5E6439C6731A5273970C8C053B4A89018C57F1D9BE81D85F24978233675442
                                                                                                                                                                                                      SHA-512:C5575F68AEE1284A82A47E4D412DF6175550BDE1D8FFD3845D295F88687ECE4A7C04F0AB9FCAB78182FCABB6876CCB9A1F6EE815B0ABC0EB96FE59F5FF849E4B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....:6....A6....D6....E6....M6....U6....\6....a6....f6....q6....u6....|6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3..7..4.-7..5.D7..6.v7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...Ir8...Ix8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J!9...J+9...J:9...J>9...JH9...JQ9.. J.9..!J.9.."J.9..#J.9..$J.9..%J.9..&J.:..'J]:..(J.:..)J.;..*J.;..+J=;..,JI;../JZ;..0J.;..1J.<..2J.<..3J.<..5J.<..6J/=..7J.=..8J.=..9J.=..:J.=..;J.>..<J+?..=J.?..>J.?..@J.?..BJ.?..CJ.?..DJ.@..EJ.@..FJ*@..KJ`@..LJ.@..MJ.@..NJ.@..OJ.A..PJ(A..QJ~A..RJ.A..SJ.B..TJ'B..WJ.B..ZJ.B..[J.B..\J.B..]J.B..^J.B.._J.B..`J.C..aJ C..bJ!C..cJ,C..dJ/C..eJPC..fJjC..gJ.C..hJ.C..iJ.C..kJ.C..mJ.C..nJ.C..oJ.D..pJ!D..qJoD..tJ.E..wJ.E..xJ.E..yJ.F..zJ.F..{J!F..}J;F...JEF

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\en-US.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):90228
                                                                                                                                                                                                      Entropy (8bit):5.468679281798329
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:lnI8PwZKfs9B0fYSED0TI4RVQ2trM8M5Xx5dBxgZSO0JedMVrBHhBeVfD3ggl+CA:LEKE2YStRdMLBxgsvBq3ggl+CGwG
                                                                                                                                                                                                      MD5:AF5C77E1D94DC4F772CB641BD310BC87
                                                                                                                                                                                                      SHA1:0CEEB456E2601E22D873250BCC713BAB573F2247
                                                                                                                                                                                                      SHA-256:781EF5AA8DCE072A3E7732F39A7E991C497C70BFAEC2264369D0D790AB7660A4
                                                                                                                                                                                                      SHA-512:8C3217B7D9B529D00785C7A1B2417A3297C234DEC8383709C89C7FF9296F8ED4E9E6184E4304838EDC5B4DA9C9C3FE329B792C462E48B7175250EA3EA3ACC70C
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........2...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y.!5..z.05..|.65..}.H5....P5....U5....]5....e5....m5....t5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....$6....96....N6....U6....X6....Y6....a6....i6....p6....u6....z6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..6..1..7..2.&7..3.,7..4.@7..5.W7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J49...J=9...JL9...JP9...JZ9...Jc9.. J.9..!J.9.."J.9..#J.9..$J.9..%J.9..&J.:..'Jf:..(J.:..)J.;..*J";..+JG;..,JS;../Jh;..0J.;..1J.<..2J.<..3J.<..5J.<..6J7=..7J.=..8J.=..9J.=..:J.=..;J.>..<J_?..=J.?..>J.@..@J(@..BJ.@..CJ8@..DJ?@..EJJ@..FJf@..KJ.@..LJ.@..MJ.A..NJ0A..OJ@A..PJhA..QJ.A..RJ.B..SJDB..TJhB..WJ.B..ZJ.C..[J.C..\J.C..]J#C..^J'C.._J9C..`JOC..aJbC..bJcC..cJnC..dJqC..eJ.C..fJ.C..gJ.C..hJ.C..iJ.D..kJ.D..mJ4D..nJ8D..oJGD..pJcD..qJ.D..tJ.F..wJ3F..xJBF..yJaF..zJgF..{J~F..}J.F...J.F

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\es-419.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):106030
                                                                                                                                                                                                      Entropy (8bit):5.373963649438172
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:Y1zfcN6nwhQppC6SGDYjRbqZrtlaUuzHjqXGiMdePcHYD9KeO0KWFsMH5BthDViT:ahnwhQu6Psl6pMFmI2Be
                                                                                                                                                                                                      MD5:84A1995559E8FC00C3E46BA63EFF51A6
                                                                                                                                                                                                      SHA1:24B57BABEE3291419FC29AAB9C9A2FC0FE9C3D8A
                                                                                                                                                                                                      SHA-256:2E1CF9D3E3EEBE607DA44873CFE37B9A84615962E3450313C3947920D4DE4FDA
                                                                                                                                                                                                      SHA-512:1B8453367BBEB12F237F850EB0EF67D4B6CAA973F2E6ACCDAE6FF5B7B3991D5BE2C5D76F787D2C7CA5A10D2D0A92B47FD55141C9D900C850F80CD916ABF5425A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....06....H6....`6....g6....j6....k6....t6....}6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.&7..0./7..1.e7..2.y7..3..7..4..7..5..7..6..8..7."8..>.:8..?.D8..N.Y8..g.e8..i.h8..j.l8..k.q8..l.y8...I~8...I.8...If9...Io9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J':...J2:...JL:...JS:...Jp:...J.:.. J.:..!J.;.."J.;..#J%;..$J*;..%JH;..&Jv;..'J.;..(Ja<..)J.<..*J.=..+J1=..,JD=../Jd=..0J.=..1J.>..2J.>..3J.>..5J$?..6J.?..7J.@..8J.@..9J!@..:JF@..;J'A..<J.A..=J(B..>J.B..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJKC..LJ{C..MJ.C..NJ.D..OJ.D..PJGD..QJ.D..RJ.E..SJ\E..TJ.E..WJWF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.F..bJ.F..cJ.F..dJ.F..eJ'G..fJEG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.H..qJzH..tJ.J..wJ.J..xJ;J..yJkJ..zJtJ..{J.J..}J.J...J.J

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\es.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):108109
                                                                                                                                                                                                      Entropy (8bit):5.35370843761187
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:CPOLX5pxZkWBvJdYx/TFKYM3vtdThgFW9XlhgoThoK/rh2L1w3Oy:C2vkwcx4v5F1tYC3z
                                                                                                                                                                                                      MD5:4ACAD14261FA458CBC61451F4255C891
                                                                                                                                                                                                      SHA1:BFBF2429190B85F692BC97D12822CEDD53A70742
                                                                                                                                                                                                      SHA-256:B927984D25359F3D7A20D71AA4B16D2EC4C574461177825B5221865F416D1E71
                                                                                                                                                                                                      SHA-512:24A71134F5C8F3E03B29491E11D0D0D2B9988C2528593C753893986C6DB6FF2BD88E2E5389B086E0785E24141894441EFE3DB976111E2AD5EE5AFBF7374FEC1D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....16....D6....\6....t6....{6....~6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0.57..1.j7..2.~7..3..7..4..7..5..7..6..8..7.'8..>.<8..?.F8..N.[8..g.g8..i.j8..j.n8..k.w8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...JZ:...Je:...J.:...J.:...J.:...J.:.. J.:..!J2;.."JB;..#JT;..$JY;..%Jw;..&J.;..'J.<..(J.<..)J.=..*J+=..+JV=..,Jf=../J.=..0J.>..1J.>..2J.>..3J.>..5J.?..6J.?..7J.?..8J.?..9J.@..:J0@..;J+A..<J.A..=J.B..>JwB..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.B..KJNC..LJ~C..MJ.C..NJ.D..OJ'D..PJjD..QJ.D..RJ:E..SJ.E..TJ.E..WJuF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.G..bJ.G..cJ.G..dJ.G..eJCG..fJfG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.H..nJ.H..oJ.H..pJCH..qJ.H..tJ.J..wJ3J..xJQJ..yJyJ..zJ.J..{J.J..}J.J...J.J

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\et.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):96956
                                                                                                                                                                                                      Entropy (8bit):5.455086908059335
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:BnHIHEpX0aM3DS4xyGXcen6dg9NzuLECchVjpsPQHXG:BnHiEiaMe4x06NyLiV2PQHW
                                                                                                                                                                                                      MD5:3F2F42E0E8FFE5C26295F5E15480EDCA
                                                                                                                                                                                                      SHA1:E183E93FE99145CE0471687E930926018B1FCC19
                                                                                                                                                                                                      SHA-256:9CDEFC472C67247E67DA040B984E800CC8B903A1B39C742E6962FF5C423F391E
                                                                                                                                                                                                      SHA-512:BB61DA1665100B59433D03D05FCD074D36E07EA3C29F2F7C5305E2B560E2A2A8FC508D38B45798D98CD3C1987165667CD723726397E3D1E4BE006C17EFE11C3B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y..5..z.(5..|..5..}.@5....H5....M5....U5....]5....e5....l5....s5....z5....{5....|5.....5.....5.....5.....5.....5.....5.....6.....6.....6...."6....26....A6....V6....j6....q6....t6....u6....~6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.G7..2.R7..3.^7..4.u7..5..7..6..7..7..7..>..7..?..8..N..8..g..8..i.!8..j.%8..k.,8..l.38...I>8...IZ8...I.9...I.9...J69...J=9...JI9...JR9...Ji9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. Ja:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'JG;..(J.;..)J.<..*J1<..+JT<..,Jb<../J{<..0J.<..1J.=..2J.=..3J.=..5J.=..6Ji>..7J.>..8J.>..9J.>..:J.?..;J.@..<J.@..=J.@..>J%A..@J?A..BJGA..CJSA..DJZA..EJlA..FJ.A..KJ.A..LJ.A..MJVB..NJvB..OJ.B..PJ.B..QJ.C..RJXC..SJ.C..TJ.C..WJ:D..ZJXD..\J_D..]JbD..^JgD.._J}D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJcE..hJ.E..iJ.E..kJ.E..mJ.E..nJ.E..oJ.E..pJ.F..qJ^F..tJ.G..wJ.G..xJ.G..yJ.H..zJ.H..{J0H..}JPH...J^H...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\fa.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):151026
                                                                                                                                                                                                      Entropy (8bit):5.181938015353535
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:QXP4Rawpa8C96NS9/W2ESEmGzR2XQmN4o6TwNv7fizfb8YIO8jdr8TwatK/E3oLF:QXP4Rawpa8C96NS9/W2ESEmGV2XQmN4s
                                                                                                                                                                                                      MD5:0FBE88D360ABC020EF6D511FF5CB70A5
                                                                                                                                                                                                      SHA1:8ABC47BC30BB0128B84CA4335DC09A67B051EDF4
                                                                                                                                                                                                      SHA-256:7E8F7F42300178F001EA5F74C63DB25D813B7C25989114DC7673C76FD92A72C9
                                                                                                                                                                                                      SHA-512:1EB2F414521B4EAD4ECCC26305CF89EDDF2A9E26BC5E8D100946A8B442694E48DF6FDCDE858197B23CDD47C83ED7C316D280A642017E7516C5DB73C3322FBA26
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.B4..k.Q4..l.\4..n.d4..o.i4..p.v4..q.|4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....5.....5.....5.....5.... 5....'5.....5....05....x5.....5.....5.....5.....5.....6.....6.....6....#6....:6....`6....}6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7....27....`7..*.s7..+.v7..,..7../..7..0..7..1..8..2..8..3.,8..4.]8..5..8..6..8..7.'9..>.`9..?.k9..N..9..g..9..i..9..j..9..k..9..l..9...I.9...I.9...I.:...I.;...JO;...JW;...Jl;...Jy;...J.;...J.;...J.;...J.;...JQ<...Jb<...J.<...J.<...J.<...J.<.. J-=..!Ja=.."J|=..#J.=..$J.=..%J.=..&J0>..'J.?..(J.?..)J.@..*J.@..+J*A..,J;A../JbA..0JMB..1J.C..2J.C..3J.C..5J,D..6J.D..7J.E..8J.E..9J.E..:J+F..;J.H..<J.I..=J.J..>J.J..BJ!K..CJ=K..DJKK..EJbK..FJ.K..KJ-L..LJ.L..MJ.M..NJ<M..OJcM..PJ.M..QJ-N..RJ.N..SJ#O..TJ`O..WJ,P..ZJ{P..\J.P..]J.P..^J.P.._J.P..`J.P..aJ.P..bJ.P..cJ.Q..dJ.Q..eJ]Q..fJ.Q..gJ.R..hJ>R..iJvR..kJ.R..mJ.R..nJ.R..oJ.R..pJ.S..qJ.S..tJ!W..wJ.W..xJ.W..yJ.X..zJ!X..{J_X..}J.X...J.X...JGY...J.Y...J.Z...JEZ

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\fi.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):99485
                                                                                                                                                                                                      Entropy (8bit):5.416956540869923
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:6EsQoWFTTTqWU9S0JEji18vlhROdA0EjjNM1TO9mRX:6EFf7iE218vUd4shX
                                                                                                                                                                                                      MD5:0C5F18712C639646E37FED054781B147
                                                                                                                                                                                                      SHA1:FAECB7CB6838783E15BC52C8DC019736A334D59B
                                                                                                                                                                                                      SHA-256:4E538A14F1DBC872A85FDB4BE1E19145553ECFA3B07EE7C810B690C52B889684
                                                                                                                                                                                                      SHA-512:EF9F1158C35045BBEF92FE70D9006CD7DCC3C834F5A4BEBA5B269AD6C16F9790E316B7E2617100567919AD647A1353CFA8B80D5EDE23CEC9E5F7AE9B4E49C154
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.h4..k.w4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5...."5....'5..../5....75....?5....F5....M5....T5....U5....V5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....(6....76....>6....A6....B6....K6....S6....Z6...._6....f6....u6....}6.....6.....6..*..6..+..6..,..6../..6..0..6..1.'7..2.57..3.D7..4.`7..5.z7..6..7..7..7..>..7..?..7..N..8..g.&8..i.)8..j.-8..k.28..l.:8...I?8...I\8...I.9...I)9...JZ9...Ja9...Ji9...Jt9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:...J-:.. Js:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'Js;..(J.;..)J5<..*JH<..+Jr<..,J.<../J.<..0J,=..1J.=..2J.=..3J.>..5J?>..6J.>..7J.?..8J.?..9J$?..:JG?..;J3@..<J.@..=J.A..>JRA..@JrA..BJvA..CJ.A..DJ.A..EJ.A..FJ.A..KJ.B..LJ)B..MJ}B..NJ.B..OJ.B..PJ.B..QJ.C..RJ[C..SJ.C..TJ.C..WJ5D..ZJ_D..\JgD..]JoD..^JtD.._J.D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJQE..hJhE..iJ.E..kJ.E..mJ.E..nJ.E..oJ.E..pJ.E..qJKF..tJ.G..wJ.G..xJ.G..yJ.G..zJ.G..{J.H..}J2H...JBH...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\fil.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):110288
                                                                                                                                                                                                      Entropy (8bit):5.196308788997154
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:3NqmgtbTGldYzVgQNjLeyspz4NvuNpEWnGkuljgOAM64CzPEchYkZzk17PaXmAMD:sbTEd07PjgOAaCzh7VSKmAW
                                                                                                                                                                                                      MD5:249AC7111D6310C67B42E973F6AA7646
                                                                                                                                                                                                      SHA1:DB19F2FA4EEEEC09906ED31BF6295E7831BF9E2C
                                                                                                                                                                                                      SHA-256:CB536B478FEFFD3B55EC53676CCE84CEFC9E000C1205273BAFCDAF6EE6EDD381
                                                                                                                                                                                                      SHA-512:E96D000925BE9FAE898602F5D62AE3E642E91AA2957D723FFDFE9CAC9BD277BA2155BE31620FBC326D5CC43D47A0E08314FE27688A6EAF786491D6B39A52A00A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....!6....:6....Q6....j6....q6....t6....u6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0.77..1.k7..2.|7..3..7..4..7..5..7..6..7..7..8..>..8..?.68..N.I8..g.T8..i.W8..j.[8..k.`8..l.n8...Is8...I.8...ID9...IL9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J+:...J::...J@:...JP:...J_:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&J?;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1JY>..2Jk>..3J.>..5J.>..6J#?..7J.?..8J.?..9J.?..:J.@..;JxA..<J:B..=J.B..>J*C..@JKC..BJUC..CJiC..DJqC..EJ.C..FJ.C..KJ.C..LJ.D..MJ~D..NJ.D..OJ.D..PJ.D..QJOE..RJ.E..SJ.E..TJ"F..WJ.F..ZJ.F..[J.F..\J.G..]J.G..^J.G.._J'G..`JCG..aJXG..bJYG..cJjG..dJmG..eJ.G..fJ.G..gJ.H..hJ"H..iJ>H..kJJH..mJrH..nJxH..oJ.H..pJ.H..qJ!I..tJMK..wJmK..xJ.K..yJ.K..zJ.K..{J.K..}J.K...J.L

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\fr.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):116577
                                                                                                                                                                                                      Entropy (8bit):5.38655533656306
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:4RR3mKv3ixbJPRQUClLZkyv6mQKyIwKByroFDuFcZYjlguPyNn/Uv:4z3rPixdPR3ClLZkyv6myIwKgrwDuFAk
                                                                                                                                                                                                      MD5:0B5AF66A1378557717B72F84A6E9C2C3
                                                                                                                                                                                                      SHA1:B98FE52F6BDD39453DA79EDACF144F6C1E41FD81
                                                                                                                                                                                                      SHA-256:BE6CF9443A8D5E0AFBC36FEB2550C9B1C3C0D7481986C2CBA9B0E0F8A5972FC9
                                                                                                                                                                                                      SHA-512:95FF6A6605956447AE2B82505807CB610AD7FB17430FE5F79B19F21C484B6D72E4A71D1040B375CB83388E1EE57C7303934AB1DC1C71A22F7635E015B1830ED9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.l4..k.{4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....&5....+5....35....;5....C5....J5....Q5....X5....Y5....Z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....,6....D6....K6....N6....O6....W6...._6....h6....n6....u6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.C7..2.V7..3.`7..4.~7..5..7..6..7..7..7..>..8..?..8..N.08..g.<8..i.?8..j.C8..k.H8..l.N8...IQ8...Ip8...IB9...II9...Jm9...Jx9...J.9...J.9...J.9...J.9...J.9...J.9...J5:...J>:...JT:...J_:...Jv:...J.:.. J.:..!J.;.."J.;..#J0;..$J2;..%JV;..&J.;..'J.<..(J.<..)J5=..*JQ=..+Jw=..,J.=../J.=..0J8>..1J.?..2J.?..3J4?..5Jf?..6J.?..7J.@..8J.@..9J.@..:J.A..;J.B..<J.C..=JLD..>J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ E..KJnE..LJ.E..MJ.F..NJ2F..OJEF..PJzF..QJ.F..RJeG..SJ.G..TJ.G..WJ.H..ZJ.H..[J.H..\J.H..]J.H..^J.I.._J.I..`J(I..aJ;I..bJ<I..cJSI..dJ^I..eJ.I..fJ.I..gJ.I..hJ.J..iJ'J..kJ5J..mJXJ..nJ`J..oJnJ..pJ.J..qJ.K..tJ.M..wJ.M..xJ.M..zJ.N..{J!N..}J=N...JRN...J.N...J.O

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\gu.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):212334
                                                                                                                                                                                                      Entropy (8bit):4.468693017407305
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:vLx83is0a1A626ZO8n308LcKHdO3C362oY5maBeQOo5qP2G/KO4ue5GS2TsfWsjE:vL18qxv
                                                                                                                                                                                                      MD5:CF428ECEC583B73172FA789BA3F9AA6B
                                                                                                                                                                                                      SHA1:9A7456009B5A53C4F6470A370319395DA394E462
                                                                                                                                                                                                      SHA-256:1D4D407233A4C78D5A9A242B43B21AA89FB68A0632BC52B0A515D69491632E85
                                                                                                                                                                                                      SHA-512:2F86F9679E04B8188D7CE44BF0A7BF4B998D9771E9A8A83B4BE4DBA5E5D21EBF6A00091792896D9A8D4ED38EAECD43D8D2CAD920237AF1EA702DADC0341BE9C9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5....)6....Z6.....6.....6.....6.....6.....6.....7....$7....C7....p7.....7.....7.....7.....7.....7.....7.....7.....8....'8....H8....T8....v8.....8..*..8..+..8..,..8../..9..0.=9..1..9..2..9..3..9..4..:..5.H:..6..:..7..:..>.9;..?.L;..N..;..g..;..i..;..j..;..k..;..l..;...I.;...I.;...Ij=...I.=...J.=...J.=...J.=...J.>...J@>...JS>...J.>...J.>...Jw?...J.?...J.?...J.?...J.?...J.@.. J.@..!J.A.."J.A..#JWA..$JjA..%J.A..&J.B..'J&C..(J'D..)J0E..*J^E..+J.E..,J.E../J#F..0JkG..1J)I..2JFI..3J.I..5J.J..6J8K..7J[L..8J.L..9J.L..:J5M..;J.P..<JRR..=JxS..>J.S..@J`T..BJpT..CJ.T..DJ.T..EJ.T..FJ!U..KJ.U..LJ2V..MJ9W..NJcW..OJ.W..PJ.W..QJ.X..RJ.Y..SJ`Z..TJ.Z..WJ.[..ZJD\..[J`\..\J.\..]J.\..^J.\.._J.\..`JK]..aJ.]..bJ.]..cJ.]..dJ.]..eJ.^..fJc^..gJ._..hJ-_..iJ._..kJ._..mJ.`..nJ.`..oJ8`..pJ.`..qJla..tJ.f..wJ.f..xJ4g..yJ.g..zJ.g..{J.g..}J*h...JMh

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\he.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):132154
                                                                                                                                                                                                      Entropy (8bit):4.844933793112407
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:IH8reuJQWaOKXLpiglHN58nX3XTnw2FCC9V:DeuJWhXLpiglHN58nHXTnw2FCC9V
                                                                                                                                                                                                      MD5:A275C3557E819C6E9FB029643E38FA17
                                                                                                                                                                                                      SHA1:8C005CB081417FF2BE0D7D8FB6356519A96F5703
                                                                                                                                                                                                      SHA-256:4A9862EE8E139AE74E6336E0207D484E1A1AE0F689B5F1CC06B6FEA66D2090D9
                                                                                                                                                                                                      SHA-512:72936FFB29AD5B7FAB17357286EEE7FA9A6B933423FC8618B19FDD841B37D9CC613A35E04614CB74F69F49A4E8BF7A8B48BB55A10E160D8363DBDF697BC314C6
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5.....5.....5.....5.....5.....5.....5.....5.....6.....6....A6....X6....k6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7..../7..*.:7..+.=7..,.[7../.l7..0.y7..1..7..2..7..3..7..4..8..5.18..6.u8..7..8..>..8..?..8..N..8..g..8..i..8..j..8..k..8..l..8...I.8...I.9...I.:...I.:...JM:...JW:...Ja:...Jv:...J.:...J.:...J.:...J.:...J1;...J>;...JS;...J];...Jz;...J.;.. J.;..!J#<.."J8<..#JQ<..$JY<..%J.<..&J.<..'JR=..(J.=..)J.>..*J.>..+J.>..,J.>../J.?..0J.?..1J.@..2J.@..3J.@..5J0A..6J.A..7J.B..8J.B..9J.B..:J.C..;J.E..<J.F..=J.H..>JZH..@J.H..BJ.H..CJ.H..DJ.H..EJ.H..FJ.I..KJfI..LJ.I..MJ.J..NJJJ..OJaJ..PJ.J..QJ'K..RJ{K..SJ.K..TJ.L..WJ.L..ZJ.L..[J.M..\J.M..]J.M..^J M.._JEM..`JcM..aJ}M..bJ~M..cJ.M..dJ.M..eJ.M..fJ.N..gJ.N..hJ.N..iJ.N..kJ.N..mJ.O..nJ.O..oJ)O..pJdO..qJ.P..tJ.S..wJ.S..xJ.S..yJ.T..zJ(T..{JET..}JeT...JzT

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\hi.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):219113
                                                                                                                                                                                                      Entropy (8bit):4.437297845271283
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:+8UrfNIncwfKSIv73cdEVhkAovrCFO/S/+fm2BfvTH+f+aJBKfzzruE3b8RLljlB:/Urfm+59R
                                                                                                                                                                                                      MD5:EB017AC26477D54C707D3E965EC352C5
                                                                                                                                                                                                      SHA1:112001C7A38D9B95D3D0E422E10C585079356018
                                                                                                                                                                                                      SHA-256:06424570167C9BDD7E13B115A632D6AB58DE7A4FA14F8D094627BD12D85E9318
                                                                                                                                                                                                      SHA-512:8DFB1F8B18AE62841A40DE244CE725B9AD865B4DE7D250C0D5799F6896D274276E73672E3DE455D0312A397D20598C768462895E4A768511B7CA530717611837
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.P4..k._4..l.j4..n.r4..o.w4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5.....5....'5.....5....55....<5....=5....>5.....5.....5.....6....B6....s6....u6....y6.....6.....6.....6.....6.....7....L7....v7....}7.....7.....7.....7.....7.....7.....7.....8....08....I8...._8.....8..*..8..+..8..,..8../..9..0..9..1..9..2..9..3..9..4..:..5.I:..6..:..7..:..>.C;..?.V;..N..;..g..;..i..;..j..;..k..;..l..;...I.;...I.<...I+>...ID>...J.>...J.>...J.>...J.>...J ?...J9?...J~?...J.?...JU@...Jy@...J.@...J.@...J.@...J.@.. J.A..!J.A.."J-B..#JbB..$JrB..%J.B..&J6C..'J-D..(J.E..)J.F..*J:F..+JyF..,J.F../J.F..0J.H..1J.I..2J.I..3J#J..5J.J..6J.K..7J.M..8J?M..9JpM..:J.M..;J.P..<J!R..=J\S..>J.S..@J!T..BJ7T..CJVT..DJhT..EJ.T..FJ)U..KJZV..LJ.V..MJ.W..NJ.W..OJ.X..PJMX..QJ#Y..RJ.Y..SJ.Z..TJ_[..WJ.\..ZJ.\..\J.]..]J.]..^J.].._Jj]..`J.]..aJ.^..bJ.^..cJ8^..dJ;^..eJ._..fJa_..gJ._..hJ0`..kJp`..mJ.`..nJ.`..oJ.`..pJ]a..qJCb..tJ.i..wJwi..xJ.i..yJ$j..zJ:j..{J.j..}J.j...J.j...J.k...J.l

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\hr.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):105383
                                                                                                                                                                                                      Entropy (8bit):5.507562593845028
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:MMN0LeqtKRxAGCyle77l/XpUa+tbakWlMMoLu87R53Kkx9i:Mfyr5nKp
                                                                                                                                                                                                      MD5:551026FCBD640C1B911ED5B4CB7ADA68
                                                                                                                                                                                                      SHA1:3AAC7631C7F23E15A1ABC4FA1CEE98ACB695AADB
                                                                                                                                                                                                      SHA-256:CC48D7DEAF73103E22E3E5900503396E2A2C9E5BF1450A4DF8CE94179B1E47A2
                                                                                                                                                                                                      SHA-512:7BED851ACC8A137C481968902006917C6EABDF1476C4CD74DEA7BFA731BD45EFF6B742C4B4EF48BA9C9EB4B2BA86C09C14878C05FF797BF56DA075DA9E53BFC9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........'...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|. 5..}.25....:5....?5....G5....O5....W5....^5....e5....l5....m5....n5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....06....F6....M6....P6....Q6....\6....h6....m6....t6....|6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.77..2.I7..3.X7..4.u7..5..7..6..7..7..7..>..8..?..8..N."8..g.+8..i..8..j.28..k.98..l.A8...IF8...Id8...I#9...I+9...JS9...JZ9...J`9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J+:...J<:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.:..&J&;..'J.;..(J.;..)JW<..*Jk<..+J.<..,J.<../J.<..0J0=..1J.=..2J.=..3J.>..5JM>..6J.>..7J.?..8J.?..9J.?..:J.?..;J.A..<J.B..=J.C..>J.C..@J.C..BJ.C..CJ.C..DJ.D..EJ.D..FJ<D..KJ{D..LJ.D..MJ.E..NJ!E..OJ8E..PJ`E..QJ.E..RJ.F..SJeF..TJ.F..WJ G..ZJEG..\JLG..]JRG..^JXG.._JpG..`J.G..aJ.G..bJ.G..cJ.G..dJ.G..eJ.G..fJ.H..gJPH..hJeH..iJ.H..kJ.H..mJ.H..nJ.H..oJ.H..pJ.H..qJgI..tJ2L..wJGL..xJfL..yJ.L..zJ.L..{J.L..}J.L...J.L...JNM

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\hu.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):113044
                                                                                                                                                                                                      Entropy (8bit):5.646517078166082
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:srCzB7nRkbJiKw7UiGKAWEc2dA3RdpEtL1543ICJ:srCV2bOUiGlc1RdpEPu3ICJ
                                                                                                                                                                                                      MD5:E51AFBBA3250E655BC01E424A29E3162
                                                                                                                                                                                                      SHA1:D7AAF2F2F9629BA9F7CF8A513C2905A13D0B6A8F
                                                                                                                                                                                                      SHA-256:61AE4E65474CB4ECF5EDB2EC9BB9EA2B7A47BBF769F81C8FEE1282C13B209783
                                                                                                                                                                                                      SHA-512:57FC72149761CDF1DE5C021BF7E63D79D91EF2E54DEA57B9BD9F659DBB2C2F76DC43904C53518C00FE4CA80B92B6FC57489E275FD0006B2295F31DD45C0618EC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....-6....G6....g6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7..*..7..+."7..,.@7../.Q7..0.[7..1..7..2..7..3..7..4..7..5..7..6."8..7.=8..>.^8..?.k8..N.~8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...Iw9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J :...Ja:...Jq:...J.:...J.:...J.:...J.:.. J.:..!J.;.."J#;..#J6;..$J;;..%JX;..&Jx;..'J.;..(J\<..)J.<..*J.<..+J.=..,J,=../JI=..0J.=..1J.>..2J.>..3J.>..5J.?..6J.?..7J.?..8J.@..9J.@..:J<@..;JUA..<J.A..=JDB..>J.B..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ)C..KJ{C..LJ.C..MJ.D..NJ7D..OJLD..PJ.D..QJ.E..RJXE..SJ.E..TJ.E..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.G..`J.G..aJ?G..bJ@G..cJTG..dJWG..eJ.G..fJ.G..gJ.H..hJ0H..iJIH..kJPH..mJ.H..nJ.H..oJ.H..pJ.H..qJ&I..tJ.J..wJ.J..xJ.K..yJ.K..zJ7K..{JSK..}JpK...J.K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\id.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):96899
                                                                                                                                                                                                      Entropy (8bit):5.3420616047371015
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:MJKML7prsGEKho95/SWpEmNUwRKUEJ4eI8B4X1CPXsAzb2ZghlrRGjcCdAbJ:ML76ko95KWy4eIn8XsAzaZGl8cCdO
                                                                                                                                                                                                      MD5:564AA91127C872D2C3B2E281137FB1BA
                                                                                                                                                                                                      SHA1:556D41A203D15031C6DF5D78154C8F1D86D68F3B
                                                                                                                                                                                                      SHA-256:4ED52BA67272F1626B4E7775B3DDF41CEBB9660BD505E269EDE858A15E8D975A
                                                                                                                                                                                                      SHA-512:E09F9B113ACA5388DEBD9DABCCAEF63D72B51E4A08067AAD2E8DE6907D337CA61B841488C5408BAFF0DE4F8C1ACE50B8E924724BC1A02B4DF14606066303267A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.b4..k.q4..l.|4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5....!5....)5....15....95....@5....G5....N5....O5....P5....s5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....'6.....6....16....26....:6....B6....J6....O6....U6....a6....h6....l6.....6..*..6..+..6..,..6../..6..0..6..1..6..2..7..3..7..4.67..5.H7..6.~7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.9...J.9...J'9...J49...Js9...J|9...J.9...J.9...J.9...J.9.. J.9..!J.:.."J.:..#J.:..$J#:..%J>:..&Jp:..'J.:..(JE;..)J.;..*J.;..+J.;..,J.;../J.<..0J.<..1J]=..2Jl=..3J~=..5J.=..6J.>..7J{>..8J.>..9J.>..:J.>..;J.?..<J.@..=J.@..>J.@..@J.@..BJ.@..CJ.@..DJ.A..EJ.A..FJ&A..KJhA..LJ.A..MJ.A..NJ.A..OJ.B..PJ5B..QJ.B..RJ.B..SJ.C..TJGC..WJ.C..ZJ.C..[J.C..\J.D..]J.D..^J.D.._J#D..`J;D..aJ\D..bJ]D..cJkD..dJnD..eJ.D..fJ.D..gJ.E..hJ.E..iJ0E..kJ?E..mJ^E..nJbE..oJqE..pJ.E..qJ.E..tJOG..wJaG..xJrG..yJ.G..zJ.G..{J.G..}J.G...J.G

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\it.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):105591
                                                                                                                                                                                                      Entropy (8bit):5.277422916407698
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:Ub5255TLQ2Vxyi9yN4tA7kxA78dgDufZfW01c:UFw5TLQ2Vwi9yN4tA7kxA78qkZOac
                                                                                                                                                                                                      MD5:FA6ECEAAA453FB66BD631AA9BABE0026
                                                                                                                                                                                                      SHA1:790BFEFC29597D09F313C08E7B23FF298D60FA23
                                                                                                                                                                                                      SHA-256:4E2089D3FD90977F9A3A88B2AF7FA9FF3B9864969D2F4582431626AE1F37C158
                                                                                                                                                                                                      SHA-512:88EB70A25A6B76E5B3272D4BAE0721F23610DDD1284F54CB991EEF3AD78ECA13F47C6A8D79D5FB73F8FE171D5ABEA770B6902D0A1541884CBD5677F3DD4920F5
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........#...j.x4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.*5....25....75....?5....G5....O5....V5....]5....d5....e5....f5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....!6....46....L6....b6....i6....l6....m6....{6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0..7..1.d7..2.x7..3..7..4..7..5..7..6..8..7..8..>.08..?.;8..N.L8..g.V8..i.Y8..j.]8..k.d8..l.k8...Iq8...I.8...I]9...Id9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J*:...J3:...JL:...JQ:...Jb:...Jm:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&JJ;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1Jv>..2J.>..3J.>..5J.>..6JL?..7J.?..8J.?..9J.?..:J.?..;J.A..<J.A..=J(B..>JvB..BJ.B..CJ.B..DJ.B..EJ.B..FJ.B..KJ/C..LJcC..MJ.C..NJ.C..OJ.D..PJ@D..QJ.D..RJ.D..SJSE..TJ.E..WJ+F..ZJ]F..[JeF..\JmF..]JqF..^JuF.._J.F..`J.F..aJ.F..bJ.F..cJ.F..dJ.F..eJ.F..fJ.G..gJUG..hJfG..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.G..qJ8H..tJ.J..wJ%J..xJ7J..yJ^J..zJcJ..{J.J..}J.J...J.J...J/K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ja.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):127428
                                                                                                                                                                                                      Entropy (8bit):5.826025776360829
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:T0gtNfSwl76rsWg4AkDiQ492E46Tesg+ahB+nLi0doNHVQ:Ig3fjl76IWA+4TiiAB+Li2oNHVQ
                                                                                                                                                                                                      MD5:932A8B529D16E79C1471FB8C92109EEB
                                                                                                                                                                                                      SHA1:4CEC50AF799472BEA97FC1B1A127C31D9D08B176
                                                                                                                                                                                                      SHA-256:275307A3A9708C0698565F10941C57D42E1D2F55709A025D37E588699B5A985E
                                                                                                                                                                                                      SHA-512:F2DDB70F819EF08B51C73748F2898EBC987D1D46DFA8E8EA00D2309AC51E37973310BB4F2A3503BB7AD5EF68150B01F3FE5492470D1E30FAB374159EF44F8F4B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j..4..k.+4..l.44..m.<4..o.Q4..p.^4..q.d4..v.s4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5....D5....]5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....6....@6....i6....p6....s6....|6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.'7..0.07..1.u7..2..7..3..7..4..7..5..7..6.58..7.P8..>.n8..?.x8..N..8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...I.9...I.9...J.:...J.:...J.:...J.:...JF:...JL:...Jm:...J.:...J.:...J.:...J.:...J.:...J.;...J-;.. J.;..!J.;.."J.;..#J.;..$J.;..%J.<..&JB<..'J.<..(JP=..)J.=..*J.=..+J">..,J1>../JF>..0J.>..1J.?..2J.?..3J.?..5J;@..6J.@..7JJA..8JhA..9JzA..:J.A..;J.B..<J?C..=J.C..>J.D..@J?D..BJND..CJ`D..DJfD..EJxD..FJ.D..KJ.E..LJ:E..MJ.E..NJ.E..OJ.E..PJ.F..QJeF..RJ.F..SJ#G..TJZG..WJ.G..ZJ:H..\J@H..]JCH..^JFH.._JjH..`J.H..aJ.H..bJ.H..cJ.H..dJ.H..eJ.I..fJ4I..gJ.I..hJ.I..iJ.I..kJ.I..mJ.I..nJ.I..oJ.J..pJ.J..qJ.J..tJeL..wJ.L..xJ.L..zJ.L..{J)M..}JaM...JyM...J.N...J]N...J.N...J.O

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\kn.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):243013
                                                                                                                                                                                                      Entropy (8bit):4.364997137141875
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:VwI+rxPrIbgMkipVLe4wrZELNm7SIY/u5ZDu6oSPE7JQO5/d/OACAGAfKI:OI+B0bg4m7S3+ZDu6oSs7JQOV5GAfF
                                                                                                                                                                                                      MD5:9224BEB43327CAF18C4FDE76482AE12A
                                                                                                                                                                                                      SHA1:EBAA89421838C093E36D74CEC8BB3521772F29CF
                                                                                                                                                                                                      SHA-256:1A3FA5261B58113AE1A5CF140ABD93E812B4A866A19A4C54929FFFEE5F42B18B
                                                                                                                                                                                                      SHA-512:2C3AE5FD43607F34562B935BF6FB5DC62D083073F430959C4D883C188F744F49AC38D3A3BFA8C3E61113A2E4813D06FCB499FFE3CBFD07979B405B0CD6EB2432
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........"...j.v4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.(5....05....55....=5....E5....M5....T5....[5....b5....c5....d5.....5....-6....d6.....6.....6.....6.....6.....7....57....f7.....7.....7.....8....H8....O8....R8....T8....l8.....8.....8.....8.....8.....9.....9....-9....h9..*..9..+..9..,..9../..9..0..9..1..:..2..:..3..:..4..;..5.c;..6..;..7..<..>.b<..?.u<..N..<..g..<..i..<..j..<..k..<..l..<...I.<...Ig=...Ib?...I.?...J.?...J.?...J.@...J5@...J.@...J.@...J.@...J.A...J.A...J.B...JIB...JXB...J.B...J.B.. JYC..!J.C.."J.C..#J,D..$JDD..%J.D..&J.E..'JNF..(JRG..)JdH..*J.H..+J.H..,J(I../J.I..0J.K..1J(M..2J?M..3J.M..5J'N..6JqO..7J.P..8J+Q..9JVQ..:J.Q..;J.U..<J?W..=J.X..>JZY..BJ.Y..CJ.Z..DJ.Z..EJEZ..FJ.Z..KJ.[..LJ.\..MJ:]..NJm]..OJ.]..PJ6^..QJ3_..RJ.`..SJ.`..TJYa..WJ.b..ZJ6c..[JQc..\Jlc..]J~c..^J.c.._J.c..`J9d..aJwd..bJxd..cJ.d..dJ.d..eJ.d..fJFe..gJ.f..hJ$f..iJrf..kJ.f..mJ.f..nJ.f..oJ.g..pJsg..qJ.h..tJ.n..wJ&o..xJyo..yJ.o..zJ.o..{J9p..}Jip...J.p...J.q

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ko.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):107006
                                                                                                                                                                                                      Entropy (8bit):6.13524501321474
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:L6jlXiuY72PcT5t4CuAJq/4KiWgDqbYSwnT:WjllY7e6teKQezSwT
                                                                                                                                                                                                      MD5:D6C5199671535C5B644D730C9D8C9063
                                                                                                                                                                                                      SHA1:7BC876A53B0DA752FC93A088AF1ECD043DEA6AD0
                                                                                                                                                                                                      SHA-256:0A46CCE08401A72E44178349A61CDBAE5FD78CA4F071BFF2BF5F2E8C877A25F8
                                                                                                                                                                                                      SHA-512:71F8C2A676C7E672476D578EC36D8E9B16F823FE257F7DA7C22B84DCDEBFB7C18480FB52A386F14B9D60D2AAC6C322AAEDE7D61F3032842D3BF713EDDA8CF857
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j..4..k..4..l.'4..m./4..o.54..p.<4..q.B4..r.Q4..s.b4..t.k4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4..../5....;5....K5....^5....n5....p5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6.....6....,6....26....;6....M6..*.Z6..+.]6..,..6../..6..0..6..1..6..2..7..3..7..4.17..5.Y7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..8...I.8...I;8...I.8...I.9...J)9...J29...J;9...JG9...J[9...Ja9...Jn9...J~9...J.9...J.9...J.9...J.9...J.:...J':.. Jm:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.<..0J.=..1J.>..2J.>..3J.>..5J.>..6Jo?..7J.?..8J.?..9J.?..:J.@..;J*A..<J.A..=J>B..>J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJ[C..LJ.C..MJ.C..NJ.D..OJ*D..PJTD..QJ.D..RJ.D..SJRE..TJwE..WJ.F..ZJ3F..\J9F..]J<F..^JBF.._JVF..`JvF..aJ.F..bJ.F..cJ.F..dJ.F..eJ.F..fJ.G..gJPG..hJdG..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.G..qJ*H..tJ.I..wJ.I..xJ.I..zJ.I..{J.J..}J J...J0J...J.J...J.J...J;K...J.K...J.K...J.K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\lt.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):114368
                                                                                                                                                                                                      Entropy (8bit):5.628766403232453
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:RmrvD38onfyORY5gaJzU5R8FYlKUxnaJGN5c0z5PEAy6K5rmz3MWbhg5m1NqF6Sb:Y738oKGyQfKenaIcApbXdtrqF6S05nI
                                                                                                                                                                                                      MD5:29AEEB61DF906C770E43ED477160F5BC
                                                                                                                                                                                                      SHA1:D3224DFF1967DDD1618D1573D91C3149DED8AE3E
                                                                                                                                                                                                      SHA-256:225E5784A7A616F83D81E6F3FDC5510E975E9FBDE741B673DEECE5DED1604A9D
                                                                                                                                                                                                      SHA-512:09F601216EF230C20E58391C566CAF388B0ED5421CACBC06FD50BEF242ACAC599E09F92FE63AA055DD314E0EBE9985B76016D82D32B426E51B1F63C7B888AC9A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........!...j.t4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}.&5.....5....35....;5....C5....K5....R5....Y5....`5....a5....b5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....'6....?6....V6....]6....`6....a6....k6....v6....}6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../.)7..0.,7..1.]7..2.n7..3..7..4..7..5..7..6..8..7.98..>.Y8..?.b8..N.u8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J,:...Je:...Jo:...J.:...J.:...J.:...J.:.. J.;..!J0;.."JC;..#JT;..$J[;..%Jx;..&J.;..'J"<..(J.<..)J9=..*JS=..+J.=..,J.=../J.=..0JF>..1J.?..2J.?..3J4?..5J]?..6J.?..7J.@..8J.A..9J.A..:J/A..;JYC..<J.D..=J.E..>J.F..@J)F..BJ2F..CJHF..DJQF..EJdF..FJ.F..KJ.F..LJ)G..MJ.G..NJ.G..OJ.G..PJ.H..QJ.H..RJ.H..SJ7I..TJwI..WJBJ..ZJjJ..\JuJ..]J{J..^J.J.._J.J..`J.J..aJ.J..bJ.J..cJ.J..dJ.J..eJ.K..fJ$K..gJeK..hJ.K..iJ.K..kJ.K..mJ.K..nJ.K..oJ.K..pJ.L..qJ.L..tJ.P..wJ.Q..xJ&Q..yJMQ..zJUQ..{JvQ..}J.Q...J.Q...J.R

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\lv.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):113868
                                                                                                                                                                                                      Entropy (8bit):5.628642662789089
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:0rv+yaMchZGB5nDJSM+hzyez0YNUc8YjJ8I4WSuAhaIphcmE425BaYK/faVdX1:0rvdapZGTmUc8Yd8ScVfaVdF
                                                                                                                                                                                                      MD5:CE3CB88E12F86EB6F6AD23A4D34F49E5
                                                                                                                                                                                                      SHA1:31ED4DDBFE6BEFA49C6C28089EDB1B1617D896BD
                                                                                                                                                                                                      SHA-256:D58B6308B64A1CDA4EE0B2B395672728CE7ABB73C44961FC911386569CAEE60E
                                                                                                                                                                                                      SHA-512:5DB77B4E3FE2A2C76FC15134B7DB1C4ACDCD08CD296AA1657A08B55871353FC7F911222FF16078379A8596D401A66272A431FA9FEFF8BDA5BEDAC9D7479D02F4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....,6....>6....W6....o6....v6....y6....z6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.=7..0.M7..1..7..2..7..3..7..4..7..5..7..6..8..7.88..>.L8..?.T8..N.d8..g.n8..i.q8..j.u8..k.z8..l..8...I.8...I.8...IT9...I]9...J}9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J::...JF:...JW:...J`:...Jt:...J.:.. J.:..!J.:.."J.;..#J";..$J(;..%J=;..&Jb;..'J.;..(JT<..)J.<..*J.<..+J.=..,J"=../J==..0J.=..1J.>..2J.>..3J.>..5J.?..6Jz?..7JD@..8JK@..9J\@..:J.@..;J.B..<J.C..=J=D..>J.D..@J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ.E..KJRE..LJvE..MJ.E..NJ.E..OJ.F..PJ:F..QJ.F..RJ.F..SJ&G..TJUG..WJ.G..ZJ.H..[J.H..\J"H..]J*H..^J.H.._JOH..`JeH..aJ.H..bJ.H..cJ.H..dJ.H..eJ.H..fJ.H..gJ8I..hJOI..iJtI..kJ{I..mJ.I..nJ.I..oJ.I..pJ.I..qJaJ..tJIM..wJdM..xJ.M..yJ.M..zJ.M..{J.M..}J.M...J.N

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ml.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):256394
                                                                                                                                                                                                      Entropy (8bit):4.3824317738273235
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:ipt3yrxsIaPEL+YBkW4m/rvFdq2C1TmHh03m:mtGpaPk/XJdPETS03m
                                                                                                                                                                                                      MD5:AA549352CE43C7F3AADCF24DB4B28039
                                                                                                                                                                                                      SHA1:52F9DE28A67E438A4B055B0988F2C4DC480A61FA
                                                                                                                                                                                                      SHA-256:E51D9A02AD11CB9825368DA9A17AF7294B7E6BF11079E2072E4BEC028ECAF20F
                                                                                                                                                                                                      SHA-512:D220AC779B5AA363E4837430FB66FC3833FE0331FBA3C634AD920F8DBA8DBB1F32FDE0EB6DA26CABD9C089326A46252DF22ADE62299D6BC37C9B0F3694E8AB51
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.p4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}."5....*5..../5....75....?5....G5....N5....U5....\5....]5....^5.....5.....6....I6.....6.....6.....6.....6.....7.....7....?7.....7.....7.....7....(8..../8....28....48....U8....s8.....8.....8.....8.....9....09....N9....y9..*..9..+..9..,..9../..:..0..:..1..:..2..:..3..;..4.P;..5..;..6.J<..7..<..>..=..?.&=..N.Z=..g.|=..i..=..j..=..k..=..l..=...I.=...I.>...I.@...I)@...J.@...J.@...J.@...J.@...J+A...J=A...J.A...J.A...JfB...J.B...J.B...J.B...J.C...J@C.. J.C..!JED.."JvD..#J.D..$J.D..%J-E..&J.E..'J.F..(J.G..)J=I..*J{I..+J.I..,J,J../JyJ..0J.L..1J:N..2JQN..3J.N..5J?O..6J.P..7J.Q..8J.Q..9J.R..:J~R..;JJU..<J]V..=J<W..>J.X..@JcX..BJ~X..CJ.X..DJ.X..EJ.X..FJlY..KJ~Z..LJ.Z..MJ.\..NJ>\..OJ.\..PJ.]..QJ.^..RJ.^..SJ._..TJ@`..WJ.a..ZJ[b..\J.b..]J.b..^J.b.._J.b..`J<c..aJvc..bJwc..cJ.c..dJ.c..eJ.d..fJPd..gJ.e..hJDe..iJ.e..kJ.e..mJ2f..nJ]f..oJ.f..pJ.f..qJ.g..tJdk..wJ.k..xJ.k..yJtl..zJ.l..{J.m..}JCm...Jkm...J.n

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\mr.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):209573
                                                                                                                                                                                                      Entropy (8bit):4.450668379803355
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:LM82qbqMB6D/W502ZleTc7eegSZhBFvWSLQEDE5dEBZt+TYjDR6KAu:Jwtu
                                                                                                                                                                                                      MD5:896759A28D38E5D8F415570DD6F4D85E
                                                                                                                                                                                                      SHA1:23F55CDE464192839434A1E727CEB285B8B1F82B
                                                                                                                                                                                                      SHA-256:4293AFACF1C4DCE2423C368A45FEC4B33AAC7232E7B7C1919AA8A5A20FB026A1
                                                                                                                                                                                                      SHA-512:4392943394E2EBC257ED230F993D6F0280AD4106E2623BD9A498C8CBB8DCAF05A49FB998F855FBBA637030F43E68D15DC429D71604EF285F211A9C86480C4E60
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5.....5.....5.....6...."6....o6....q6....u6.....6.....6.....6.....6.....7....>7....b7....i7....l7....n7.....7.....7.....7.....7.....7.....8.....8.... 8....U8..*.y8..+.|8..,..8../..8..0..8..1.]9..2.t9..3..9..4..9..5..:..6.o:..7..:..>..:..?..;..N.0;..g.F;..i.I;..j.M;..k.R;..l.c;...Ih;...I.;...Ix=...I.=...J.=...J.=...J.=...J.>...JU>...Jn>...J.>...J.>...JZ?...Jq?...J.?...J.?...J.?...J.@.. J.@..!J+A.."JWA..#J.A..$J.A..%J.A..&J[B..'JcC..(JZD..)JTE..*J.E..+J.E..,J.F../JRF..0J.G..1J.I..2J.I..3J.I..5JUJ..6J.K..7J.L..8J.L..9J.M..:JhM..;J.O..<J.P..=J.Q..>J)R..@J.R..BJ.R..CJ.R..DJ.R..EJ.S..FJaS..KJ T..LJ}T..MJsU..NJ.U..OJ.U..PJlV..QJXW..RJ.X..SJ.X..TJUY..WJ.Z..ZJ.[..[J.[..\JA[..]JP[..^J\[.._J.[..`J.[..aJ(\..bJ)\..cJR\..dJU\..eJ.\..fJ.\..gJW]..hJt]..iJ.]..kJ.]..mJ+^..nJ=^..oJT^..pJ.^..qJ2_..tJyb..wJ.b..xJ.c..yJcc..zJrc..{J.c..}J.c...J.d

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ms.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):99639
                                                                                                                                                                                                      Entropy (8bit):5.243278535485018
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:Hcy5Z74bI/tcHEry1GQ/ApwYXBSBYOYSjfhos036Kw+8uDe:8yT4bIKEGqwYXBSdJo76Kp8uDe
                                                                                                                                                                                                      MD5:407DD10484A99B21FFDAE6016132BF26
                                                                                                                                                                                                      SHA1:D1D7A5524FDF026A49391522C42D059406BD0442
                                                                                                                                                                                                      SHA-256:83248A2AAEFB87FC19454AFA34BF5DF99B95B98F823B534DE0BAE552C8260D93
                                                                                                                                                                                                      SHA-512:908B71411E34EC56E77C5837A856898F929DDDC81D95A7E2B6D47F4F4E1D72B499D627A8CEC7233E4F39292F592B6A90354E6325AAFACC145C994ABEA1FF6F64
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.d4..k.s4..l.~4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5....#5....+5....35....;5....B5....I5....P5....Q5....R5....|5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....'6....@6....W6....^6....a6....b6....l6....w6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.77..2.D7..3.O7..4.n7..5..7..6..7..7..7..>..7..?..7..N..8..g..8..i..8..j..8..k."8..l.*8...I/8...IG8...I.8...I.8...J.9...J$9...J*9...J19...JH9...JP9...Jn9...J{9...J.9...J.9...J.9...J.9...J.9...J.9.. JH:..!Jc:.."Jo:..#Jw:..$J~:..%J.:..&J.:..'J$;..(J.;..)J.;..*J.<..+J(<..,J3<../JO<..0J.<..1J.=..2J.=..3J.=..5J.=..6J4>..7J.>..8J.>..9J.>..:J.>..;J.?..<JI@..=J.@..>J.@..@J.A..BJ.A..CJ!A..DJ*A..EJ9A..FJUA..KJ.A..LJ.A..MJ.B..NJ,B..OJ;B..PJhB..QJ.B..RJ.C..SJaC..TJ.C..WJ.D..ZJ@D..\JFD..]JKD..^JPD.._JbD..`JyD..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJ<E..hJQE..iJeE..kJsE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJ.G..wJ.G..xJ.G..yJ.H..zJ.H..{JAH..}J\H...JlH...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\nb.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):98518
                                                                                                                                                                                                      Entropy (8bit):5.395332505716346
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:gom2lbcn3CeEFoivwBiXEHZqFdIm8VUvCAchEHAxF:gc4nymDHZqFdIwC7F
                                                                                                                                                                                                      MD5:1BDFC009F54C1E5BC8EEEB5017F9DE53
                                                                                                                                                                                                      SHA1:7427D3F37771886AF1C0AF1D20468960C524377D
                                                                                                                                                                                                      SHA-256:21F3EFE54A2A0ED9E2F618B2A50F89B44957BC7C779E7F88C1F10B310CEA8BD5
                                                                                                                                                                                                      SHA-512:EEE4AED543D30C7A74A64350CF67B454EC4AD56DC6A51F88DEC648B80A33146F5BD3FFADAB16A1F0B8E1FFE427F56F58A86DA748ED1B118EA7FA72610D84C07A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....(6....)6....06....86....C6....G6....N6....Y6....`6....d6....|6..*..6..+..6..,..6../..6..0..6..1..6..2..6..3..7..4.$7..5.97..6.p7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J 9...J(9...J@9...JM9...J.9...J.9...J.9...J.9...J.9...J.9.. J.:..!J1:.."JA:..#JQ:..$JW:..%Jl:..&J.:..'J.;..(Jv;..)J.;..*J.;..+J.<..,J.<../J*<..0J.<..1J2=..2JA=..3JQ=..5J}=..6J.=..7JG>..8JW>..9Jd>..:J.>..;Jn?..<J.?..=JR@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJBA..LJmA..MJ.A..NJ.B..OJ.B..PJQB..QJ.B..RJ.B..SJCC..TJnC..WJ.D..ZJCD..\JJD..]JPD..^JSD.._JgD..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJ/E..hJAE..iJZE..kJbE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJsG..wJ.G..xJ.G..yJ.G..zJ.G..{J.G..}J.H...J!H...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\nl.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):101895
                                                                                                                                                                                                      Entropy (8bit):5.3499106046374685
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:u6KTrYE5am7spkFjegH7IINejowGTielwo6ytW9:kNjeKqRmUyc9
                                                                                                                                                                                                      MD5:FA16E91633AA0F20E49B7E19BB57AACB
                                                                                                                                                                                                      SHA1:595D392D20DF35ED71F4461CD5C85B77A68612F1
                                                                                                                                                                                                      SHA-256:E94551CA94505F068ECD0619AF676B7B3A869F6068AF87F0F537CACE8055BA4B
                                                                                                                                                                                                      SHA-512:D3FA50F247CB216E07D4905BFEC4AB39D15BBC9B60CF0E3DC733BDCD2A0CBB1F8513589C40111335797248119E59AB2D2D46C2CF18C496796FD4B7233A829A30
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........$...j.z4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.,5....45....95....A5....I5....Q5....X5...._5....f5....g5....h5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....)6....D6....U6....\6...._6....`6....m6....z6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.B7..2.N7..3.[7..4.v7..5..7..6..7..7..7..>..7..?..8..N..8..g.'8..i.*8..j..8..k.58..l.;8...I@8...I\8...I/9...I89...JV9...J^9...Jd9...Jn9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:.. J]:..!J{:.."J.:..#J.:..$J.:..%J.:..&J.:..'JK;..(J.;..)J.<..*J%<..+JR<..,Ja<../Ju<..0J.<..1J.=..2J.=..3J.=..5J.=..6Jc>..7J.>..8J.>..9J.>..:J.?..;J.@..<J.@..=J.A..>JNA..@JqA..BJzA..CJ.A..DJ.A..EJ.A..FJ.A..KJ.B..LJ=B..MJ.B..NJ.B..OJ.B..PJ.C..QJoC..RJ.C..SJ.C..TJ+D..WJ.D..ZJ.D..[J.D..\J.E..]J.E..^J.E.._J#E..`J=E..aJOE..bJPE..cJ[E..dJ^E..eJ.E..fJ.E..gJ.E..hJ.F..iJ'F..kJ.F..mJJF..nJRF..oJ`F..pJ.F..qJ.F..tJ.H..wJ.H..xJ.H..yJ.H..zJ.H..{J.I..}J/I...JBI

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\pl.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):110678
                                                                                                                                                                                                      Entropy (8bit):5.741625091591969
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:t8ZTz/RoRMa8odxIQW6AeJJzg349OM4oNsNYyhIi+3ZyL5kA:t8Nz/eIQDg3Y4rYIIi+3Ze
                                                                                                                                                                                                      MD5:DA0BFC4EF754490879E8DD567961064A
                                                                                                                                                                                                      SHA1:F331C571422C5BB85F90FE915756AD9787103C24
                                                                                                                                                                                                      SHA-256:C57C2E534DA554E42388815CD3E848630ED46E1E61E640A6F3D4FD7CBDFB2AED
                                                                                                                                                                                                      SHA-512:1CCDE932C1354FC0880AFB7EB1FE9A8B93297CFBB21E0DBDB78A07B116B951672A2D1DD25E0DC94FA1384AC7BB22A007B468A391457851BF8C88EFB9708A7F37
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....(6....>6....U6....\6...._6....`6....k6....w6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0.&7..1.U7..2.d7..3.m7..4..7..5..7..6..7..7..7..>..8..?..8..N./8..g.98..i.<8..j.@8..k.E8..l.L8...IQ8...Io8...I=9...ID9...Jp9...Jw9...J}9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:...J3:...J@:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'J.;..(J.;..)Ju<..*J.<..+J.<..,J.<../J.<..0Ji=..1J.>..2J)>..3J;>..5Js>..6J.>..7J.?..8J.?..9J.?..:J.?..;J.A..<J.B..=JRC..>J.C..@J.C..BJ.C..CJ.C..DJ.C..EJ.C..FJ.D..KJFD..LJjD..MJ.D..NJ.D..OJ.D..PJ!E..QJxE..RJ.E..SJ.F..TJ5F..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.G.._J.G..`J.G..aJHG..bJIG..cJ`G..dJcG..eJ.G..fJ.G..gJ.G..hJ.G..iJ.H..kJ.H..mJ?H..nJEH..oJRH..pJrH..qJ.H..tJ.K..wJ.K..xJ.L..yJDL..zJLL..{J^L..}JyL...J.L...J.M

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\pt-BR.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):105311
                                                                                                                                                                                                      Entropy (8bit):5.420675337894776
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:TTEl8e6Vb//PtDjipJtpm/QzrKj0Y0X4xhBc6x0xGUY3yDeMTwO5e:fEl8eyb/XR9/QrKJL5XMTlk
                                                                                                                                                                                                      MD5:31E00C1FDFB9F86D7F5B5B285689CFF8
                                                                                                                                                                                                      SHA1:C5131466499D78C7282F29B3B12F8934A139991F
                                                                                                                                                                                                      SHA-256:ED9ADACAD575344216EE986E9C04908A5093AA7A0EBFBF2549DF4C668A35F356
                                                                                                                                                                                                      SHA-512:B36B87330B29F99CA32D781175F1FD485FA034EAFA2458F4191B70BDBFB2866FD56EDB0E97CE7232B0DC3135B939EB7AC1161B1002D9322DBC7EE016B8069F09
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6..../6....E6....[6....b6....e6....f6....o6....x6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.;7..2.N7..3.X7..4.|7..5..7..6..7..7..7..>..7..?..8..N..8..g.%8..i.(8..j.,8..k.18..l.88...I=8...IX8...I.9...I.9...J?9...JG9...JM9...J^9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. J[:..!J}:.."J.:..#J.:..$J.:..%J.:..&J.:..'Jf;..(J.;..)JN<..*Jh<..+J.<..,J.<../J.<..0JW=..1J+>..2JA>..3JU>..5J.>..6J.>..7J|?..8J.?..9J.?..:J.?..;J?A..<J.A..=J.B..>J.B..@J!C..BJ)C..CJ5C..DJ?C..EJNC..FJqC..KJ.C..LJ.C..MJHD..NJZD..OJoD..PJ.D..QJ.E..RJUE..SJ.E..TJ.E..WJvF..ZJ.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.F..bJ.F..cJ.G..dJ.G..eJ0G..fJWG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.G..nJ.H..oJ.H..pJ3H..qJ.H..tJ.J..wJ.J..xJ.J..yJ.K..zJ.K..{J7K..}JWK...JiK...J.K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\pt-PT.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):106331
                                                                                                                                                                                                      Entropy (8bit):5.4055438207415145
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:tcJdPoUL5qsr/y2VfgE5fcBw4d6hrxz2qKHWhLtOAZ12kR9C:+ksrbr0Bw9VtOAz2kzC
                                                                                                                                                                                                      MD5:F33190E2616875ED2349115E128A54FB
                                                                                                                                                                                                      SHA1:27E44FB2CDFECC19F5C91FF2F2E69956CD59BE57
                                                                                                                                                                                                      SHA-256:DA64B5178BB41BE0684CB3EF1204BECB457520FE4960C3252F5CCD6A9EE9E29A
                                                                                                                                                                                                      SHA-512:3020DA0FDCF7984557EF7AF1C9F0E7CBD1BF364A8841E6671CEC4B517AC89E9C4BED680A2A2E76B18DB5E2D10C7F1A41C5758306E3F20EB248796B2BE6E02FCB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.... 6....46....K6....b6....i6....l6....m6....v6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.N7..2.a7..3.k7..4..7..5..7..6..7..7..8..>.$8..?./8..N.D8..g.P8..i.S8..j.W8..k.\8..l.c8...Ih8...I.8...II9...IO9...Jt9...J~9...J.9...J.9...J.9...J.9...J.9...J.9...J&:...J4:...JL:...JS:...Jn:...J}:.. J.:..!J.:.."J.:..#J.;..$J.;..%J9;..&Jo;..'J.;..(JN<..)J.<..*J.<..+J.=..,J.=../J6=..0J.=..1J.>..2J.>..3J.>..5J%?..6J.?..7J.@..8J#@..9J;@..:J]@..;JxA..<J.A..=J.B..>J.B..@J.B..BJ.B..CJ.B..DJ.C..EJ.C..FJKC..KJ.C..LJ.C..MJ7D..NJcD..OJsD..PJ.D..QJ.E..RJVE..SJ.E..TJ.E..WJzF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.G..bJ.G..cJ.G..dJ.G..eJOG..fJzG..gJ.G..hJ.G..iJ.H..kJ.H..mJ;H..nJAH..oJNH..pJwH..qJ.H..tJ.J..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J#K...J5K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ro.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):108582
                                                                                                                                                                                                      Entropy (8bit):5.453389680590652
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:pvGWGGi3mp16a3y5/zOSoPMyVwPgJe2DLpsPlJtWIhx5h6/uxFDv32B+A:purMpsIFJe2iPzx5h6/uxFr38/
                                                                                                                                                                                                      MD5:4C4112B99FDA13B8FA5373D379F476FB
                                                                                                                                                                                                      SHA1:2422AFA9EA5B204FE84CC241CF6EDA2C8B319FA2
                                                                                                                                                                                                      SHA-256:99730524E53CA07481F8CDBBDACE228AED42ABC19D2277D26C42F47653F3CF07
                                                                                                                                                                                                      SHA-512:C663A678D0EEB66697F430E785C32FDB021A40C6456807F3842FA0E2C9AE3450FD59C3EE15E9A0975B8D100FC7C7118A06AFD595404A29D777780106C8E1AD4F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....86....S6....q6....x6....{6....|6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.67..0.G7..1.s7..2..7..3..7..4..7..5..7..6..8..7.!8..>.88..?.@8..N.O8..g.]8..i.`8..j.d8..k.i8..l.n8...Is8...I.8...IL9...IV9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J*:...J3:...JB:...JR:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.;..&J1;..'J.;..(J.<..)J{<..*J.<..+J.<..,J.<../J.<..0J[=..1J.>..2J.>..3J1>..5J]>..6J.>..7Jg?..8Jr?..9J.?..:J.?..;J.A..<J.A..=JMB..>J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJMC..LJyC..MJ.C..NJ.C..OJ.D..PJ8D..QJ.D..RJ.D..SJ.E..TJUE..WJ.E..ZJ.F..\J.F..]J.F..^J.F.._J0F..`JJF..aJ]F..bJ^F..cJrF..dJuF..eJ.F..fJ.F..gJ.F..hJ.G..iJ$G..kJ+G..mJJG..nJSG..oJaG..pJ.G..qJ.H..tJ$J..wJ?J..xJ[J..yJ.J..zJ.J..{J.J..}J.J...J.J...JgK...J.K

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ru.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):170643
                                                                                                                                                                                                      Entropy (8bit):4.97301585978007
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:KWFppsemP4lV+TQUXEmOAdOiOFIQgIvZfbRrK5VH934RzDqa7BLuW1LV2Lle9X+p:KWFpp9mQLPQVOAdOwQgIv1RcVH9IRzhM
                                                                                                                                                                                                      MD5:5D77BC0C2AA843EC5BE6A3614C062359
                                                                                                                                                                                                      SHA1:0B22C3376169A5BBB4697D586E4A0D3094739DD5
                                                                                                                                                                                                      SHA-256:EC6654FFD877EC62D8AFCF90469ECEF5790E17C7306654CFE4B905DE449B06D8
                                                                                                                                                                                                      SHA-512:A2CF1FF9F7020BA1998A7091B802DD1AEB59BF2B800A41FF221152E2D017435372BFCD52EC454DB543E856288E2DC381DC46A7926D4BB4B917B8749657FEE0AB
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.L4..k.[4..l.f4..n.n4..o.s4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....5.....5.....5.....5....#5....*5....15....85....95....:5.....5.....5.....5.....5.....6.....6.....6.....6....66....H6....g6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7....47....L7....V7....b7.....7..*..7..+..7..,..7../..7..0..7..1.H8..2._8..3.y8..4..8..5..8..6.S9..7.w9..>..9..?..9..N..9..g..9..i..9..j..9..k..9..l..9...I.:...I7:...I.;...I.;...J.<...J.<...J)<...J@<...Jt<...J.<...J.<...J.<...J,=...JI=...Jf=...Jx=...J.=...J.=.. J.>..!JX>.."Ju>..#J.>..$J.>..%J.>..&J.?..'J.@..(J.@..)JeA..*J.A..+J.A..,J.A../J B..0J.C..1JLD..2JeD..3J.D..5J.D..6J.E..7J.F..8J.G..9J%G..:J}G..;J.K..<J.L..=J9N..>J.N..BJ.N..CJ.N..DJ.O..EJ%O..FJgO..KJ.O..LJ1P..MJ.P..NJ.Q..OJ/Q..PJsQ..QJ.R..RJfR..SJ.S..TJHS..WJ.T..ZJfT..\J|T..]J.T..^J.T.._J.T..`J.T..aJ.U..bJ.U..cJCU..dJFU..eJ.U..fJ.U..gJ.V..hJ;V..iJgV..kJxV..nJ.V..oJ.V..pJ.V..qJ.W..tJw^..wJ.^..xJ.^..zJ.^..{J._..}Jf_...J._...J._...JA`...J.`...J.`

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\sk.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):111961
                                                                                                                                                                                                      Entropy (8bit):5.78637987197169
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:ufxhFgi4HHK9eDpYaQWQtTe7hukM+zBHCYaiggGP352wmQPE:hBSaQWI2ukM+zBHCYauGPp2wLPE
                                                                                                                                                                                                      MD5:BA56090D9658733694473C7861D04040
                                                                                                                                                                                                      SHA1:DDE05B47D06FA81ABADC1B8F74E5993D0EA61CA1
                                                                                                                                                                                                      SHA-256:D7BAA6B1C0355E1CE9088C6EB508235C7A640BA70CC7AD84C9AC607026400495
                                                                                                                                                                                                      SHA-512:ED49F76F2EF4975E105FE13850258A51E44D0FFA7167A52B398276898237636AA50F62209757DCD756E3FAEF5581E314E261BAA3A1E46B183A3B93AF68605C59
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6...."6....36....C6....V6....]6....`6....a6....o6....}6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.E7..2.S7..3.c7..4..7..5..7..6..7..7..7..>..8..?..8..N."8..g..8..i.18..j.58..k.>8..l.H8...IM8...Im8...I'9...I19...J[9...Jc9...Ji9...Jy9...J.9...J.9...J.9...J.9...J.:...J.:...J1:...J9:...JH:...JV:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.;..&J5;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.<..0J~=..1J?>..2JN>..3Jc>..5J.>..6J.?..7J.?..8J.?..9J.?..:J.@..;J.A..<J.B..=J.C..>J.D..@J.D..BJ6D..CJED..DJND..EJ_D..FJ.D..KJ.D..LJ.E..MJ}E..NJ.E..OJ.E..PJ.E..QJ7F..RJtF..SJ.F..TJ.F..WJ.G..ZJ.G..[J.G..\J.G..]J.G..^J.G.._J.G..`J.G..aJ.H..bJ.H..cJ+H..dJ.H..eJnH..fJ.H..gJ.H..hJ.H..iJ.I..kJ.I..mJ1I..nJ9I..oJNI..pJsI..qJ.I..tJ{M..wJ.M..xJ.M..yJ.M..zJ.M..{J.N..}J6N...JHN...J.N

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\sl.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):106585
                                                                                                                                                                                                      Entropy (8bit):5.474857990972114
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:RU1M1nublajdqz6HYogW4xVivgnUhXaA99DqJdIqTCORahNNi/fzU1BwwRqt:RUpZWqzon6x8DgIqTCO6Li/fzMwoqt
                                                                                                                                                                                                      MD5:B1E33BBB0ABBE113A024694BF4608C5B
                                                                                                                                                                                                      SHA1:A157C8578685F5084FD805C9D0734BC7646D77D9
                                                                                                                                                                                                      SHA-256:48E9004441F8AFB200601EC2843A03892076DEB1706E1D3A7BBDBFCDD137AB57
                                                                                                                                                                                                      SHA-512:94854EB7021AB112B710332A410AF53E59A42C4A501EB02098A41004613E5B2F7727A192C74E2A1C17BFC584A85477E75BD1EEA0187E79DB1DE83C8253BEC322
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.f4..k.u4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5.... 5....%5....-5....55....=5....D5....K5....R5....S5....T5....~5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....56....<6....?6....@6....K6....S6....Y6....^6....f6....q6....v6....|6.....6..*..6..+..6..,..6../..6..0..6..1.#7..2.27..3.?7..4.[7..5.p7..6..7..7..7..>..7..?..7..N..7..g..8..i..8..j..8..k..8..l..8...I.8...IF8...I.9...I.9...J09...J79...JL9...JS9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. J^:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'Jh;..(J.;..)JE<..*JY<..+J.<..,J.<../J.<..0J.=..1J.=..2J.=..3J.=..5J.>..6J.>..7Jd?..8Ju?..9J.?..:J.?..;JTB..<JJC..=J;D..>JuD..@J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ.D..KJ0E..LJXE..MJ.E..NJ.E..OJ.E..PJ.F..QJZF..RJ.F..SJ.F..TJ.G..WJ.G..ZJ.G..[J.G..\J.G..]J.G..^J.G.._J.G..`J.G..aJ.H..bJ.H..cJ.H..dJ.H..eJBH..fJrH..gJ.H..hJ.H..iJ.H..kJ.H..mJ.I..nJ.I..oJ#I..pJJI..qJ.I..tJVM..wJuM..xJ.M..yJ.M..zJ.M..{J.M..}J.N...J.N...J.N

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\sr.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):161804
                                                                                                                                                                                                      Entropy (8bit):4.913015445699687
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:u6umjOFT3hFmGK7vVsY+f1GX20Dl370BQn0yh9K3Y+Nst3r1GLTL6itWYJ/k/Zp:HT+TP0B7XDp370+n59URV/k/Zp
                                                                                                                                                                                                      MD5:C56D29BCF5FB38EA25AB1A855690F9A9
                                                                                                                                                                                                      SHA1:F3161F2890971EF929473C58654DAC0718983957
                                                                                                                                                                                                      SHA-256:68A04BAE37629675C49D9AAEB68A1DA974AAC427B61151A18F3210499702202D
                                                                                                                                                                                                      SHA-512:551A72041772737139190894F5DEE50963F5597A2271BD2E94AF390CAE34967CC435BF5504601C061CF6C2CCCCD19E7BB708538A6789F185412FC715E85D54BE
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........,...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y..5..z.$5..|.*5..}.<5....D5....I5....Q5....Y5....a5....h5....o5....v5....w5....x5.....5.....5.....6....96....n6....p6....t6.....6.....6.....6.....6.....6.....7....47....;7....>7....?7....I7....U7....n7....|7.....7.....7.....7.....7.....7..*..8..+..8..,.$8../.L8..0.U8..1..8..2..8..3..8..4.#9..5.T9..6..9..7..9..>..:..?.$:..N.E:..g.[:..i.^:..j.b:..k.g:..l.u:...Iz:...I.:...I.<...I.<...JU<...Jc<...Jo<...J.<...J.<...J.<...J.=...J.=...Jw=...J.=...J.=...J.=...J.=...J.>.. J.>..!J.>.."J.>..#J ?..$J,?..%J]?..&J.?..'J_@..(J.@..)J.A..*J.A..+J.A..,J.B../J<B..0J.B..1J.D..2J.D..3JBD..5J.D..6JrE..7J.F..8J.F..9J.F..:J.F..;J.J..<JRK..=J.L..>J-M..@JbM..BJnM..CJ.M..DJ.M..EJ.M..FJ.M..KJZN..LJ.N..MJLO..NJuO..OJ.O..PJ.O..QJrP..RJ.P..SJpQ..TJ.Q..WJsR..ZJ.R..[J.R..\J.R..]J.R..^J.R.._J.S..`JDS..aJfS..bJgS..cJ.S..dJ.S..eJ.S..fJ T..gJmT..hJ.T..iJ.T..kJ.T..mJ.T..nJ.U..oJ.U..pJRU..qJ'V..tJ.Z..wJ)[..xJ^[..yJ.[..zJ.[..{J.[..}J.\...J$\

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\sv.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):98495
                                                                                                                                                                                                      Entropy (8bit):5.49554714075014
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:49G15Swi3ANlCXU8qwJ4Ey9HdSfvlALur/WLdP/ldO12D2CMqeLKBqQOPXE9b3cY:JTvi3AKT8OCbU+Vn3
                                                                                                                                                                                                      MD5:2BEFBABEABBBAE5E7C57934ACC5CD41F
                                                                                                                                                                                                      SHA1:D48E9FD4D73627F4DCC57EC31924D97F6FD6B8D1
                                                                                                                                                                                                      SHA-256:C63E812FEE929492974C9B5DFA14A7587258E6FABED355A105015B296246B068
                                                                                                                                                                                                      SHA-512:8E06850701C6BC2A4A5ED8B9D59F68B68D631BE7B037E2DF2A738B5A44D36A37B1419E739341A00EE7681249A434CA69BA53BBC58FF0F204322F7DFDE2D43405
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....$5....)5....15....95....A5....H5....O5....V5....W5....X5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....&6....-6....06....16....96....A6....L6....R6....Z6....e6....q6....x6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3..7..4.>7..5.S7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.8...I.8...I.8...J.8...J.8...J.8...J.8...J.9...J.9...J19...J?9...Jz9...J.9...J.9...J.9...J.9...J.9.. J.:..!J&:.."J8:..#JD:..$JI:..%Jg:..&J.:..'J.:..(J[;..)J.;..*J.;..+J.<..,J.<../J9<..0J.<..1Jb=..2Jt=..3J.=..5J.=..6J(>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=J.@..>J.@..@J.A..BJ.A..CJ.A..DJ.A..EJ&A..FJMA..KJ.A..LJ.A..MJ.B..NJ1B..OJAB..PJgB..QJ.B..RJ.B..SJHC..TJoC..WJ.C..ZJ.D..[J.D..\J!D..]J'D..^J*D.._JAD..`JWD..aJrD..bJsD..cJ.D..dJ.D..eJ.D..fJ.D..gJ0E..hJEE..iJYE..kJ`E..mJ|E..nJ.E..oJ.E..pJ.E..qJ.F..tJeG..wJzG..xJ.G..yJ.G..zJ.G..{J.G..}J.H...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\sw.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):100164
                                                                                                                                                                                                      Entropy (8bit):5.339155264286809
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:AUaDx9XlYKed5nDi5jXmQtVPGoHLeH+jKHw9E:AU8MnDiZmIVaH+jKHw9E
                                                                                                                                                                                                      MD5:2490296567A1CD3C7B0852E1ED7D115D
                                                                                                                                                                                                      SHA1:04B527742CEA9487344AE08C463D6FD4BA16B1CE
                                                                                                                                                                                                      SHA-256:8B07BFAFA5C97BE2DA9B6146535B7848D88A44D43A45AB06DFAE286D93FD64CE
                                                                                                                                                                                                      SHA-512:B930C14847012E12BB19BF217C79516C569FC163204D9C2B21A36F6F5061A50C3EC057882970517FC3BC4BEEBCF3D1B1402CCD521404CBA827309940A5496B3F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.^4..k.m4..l.x4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5....%5....-5....55....<5....C5....J5....K5....L5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....%6....;6....B6....E6....F6....M6....R6....Y6....^6....e6....q6....{6.....6.....6..*..6..+..6..,..6../..6..0..6..1.+7..2.A7..3.K7..4.a7..5.~7..6..7..7..7..>..7..?..7..N..8..g..8..i..8..j. 8..k.%8..l.+8...I/8...Ib8...I69...I;9...J^9...Jb9...Jp9...Jy9...J.9...J.9...J.9...J.9...J.:...J.:...J*:...J1:...JJ:...JV:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&JM;..'J.;..(J%<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1Jt>..2J.>..3J.>..5J.>..6J.?..7J.?..8J.?..9J.?..:J.?..;J.@..<J~A..=J.A..>J+B..@JGB..BJMB..CJYB..DJiB..EJsB..FJ.B..KJ.B..LJ.C..MJvC..NJ.C..OJ.C..PJ.C..QJ'D..RJoD..SJ.D..TJ.D..WJkE..ZJ.E..\J.E..]J.E..^J.E.._J.E..`J.E..aJ.E..bJ.E..cJ.F..dJ.F..eJ3F..fJSF..gJ.F..hJ.F..iJ.F..kJ.F..mJ.F..nJ.F..oJ.G..pJ+G..qJsG..tJ.H..wJ.H..xJ.H..yJ!I..zJ*I..{JCI..}J`I...JiI...J.I

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\ta.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):251131
                                                                                                                                                                                                      Entropy (8bit):4.183819952310117
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:ow9AvDLcYemZ9w7towiy+bvnTDE2k4ca6QVW0LlGJfB1okotPttRmL+EG5aIAuwA:39I/cXmHw2tRBp
                                                                                                                                                                                                      MD5:8C8B63DFB6DBF75603D3E2E4FE981F9D
                                                                                                                                                                                                      SHA1:3E7C9A1A01526367B016DF20822A41E430328E94
                                                                                                                                                                                                      SHA-256:22EB9D73331E92C898B27546A9E775FA8DF0FDADA391734A9291B2A016662652
                                                                                                                                                                                                      SHA-512:978AF09738B4E00BA58F91B82DB6CD455FFB3CB4951C25ABAF79B8159C6FCD9212348373EF5A5A421F9FF5B4604A3F5B54AEA3257DCF566807B6A84824CA54BC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.`4..k.o4..l.z4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5.....5....'5..../5....75....>5....E5....L5....M5....N5.....5.....6....D6.....6.....6.....6.....6.....7....(7....G7.....7.....7.....7....38....:8....=8....>8....\8....z8.....8.....8.....8.....8.....9....,9....u9..*..9..+..9..,..9../..9..0..:..1..:..2..:..3..:..4.J;..5..;..6.m<..7..<..>..=..?..=..N.S=..g.l=..i.o=..j.s=..k.x=..l..=...I.=...I.=...I.?...I.?...JE@...JW@...Jo@...J.@...J.@...J.@...J'A...JTA...J.A...J.B...J2B...J>B...JsB...J.B.. JfC..!J.C.."J.C..#J,D..$JGD..%J.D..&J3E..'J.F..(J.G..)J.I..*JTI..+J.I..,J&J../JsJ..0J.K..1J.N..2J.N..3JeN..5J.O..6JiP..7JkQ..8J.Q..9J.R..:J.R..;J$U..<JUV..=JcW..>JcX..@J.X..BJ.X..CJ.Y..DJ.Y..EJIY..FJ.Y..KJ.Z..LJ.Z..MJ.[..NJ(\..OJ.\..PJ.]..QJE^..RJ._..SJ._..TJn`..WJ.b..ZJ{b..[J.b..\J.b..]J.b..^J.b.._J.c..`Jac..aJ.c..bJ.c..cJ.c..dJ.c..eJ2d..fJ.d..gJ.e..hJ.e..iJ.e..kJ(f..mJ.f..nJ.f..oJ.f..pJ=g..qJ<h..tJel..wJ.l..xJ.l..yJrm..zJ.m..{J.n..}JCn...Jen

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\te.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):233515
                                                                                                                                                                                                      Entropy (8bit):4.393720868758364
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:li+xJA6UspbDcUSanSBXvQBgIiCQvWSsxU/dUVo9wLwxEE:lHxJA6UspbDcUSanSBXvQBgIiCQvWSse
                                                                                                                                                                                                      MD5:8C3DA965070A32BB6DEA236943B340F6
                                                                                                                                                                                                      SHA1:F726DDF5052FD3D9D0634250835FCEDACF599603
                                                                                                                                                                                                      SHA-256:F36F7AED903CD79D2EA2100B9446E210261AEC24D5910EFCFC04FE30A6CF227F
                                                                                                                                                                                                      SHA-512:269E97097C9BB6EAB917C4297E44569A379AA9CE77A3F719043F582DD29894717783A37BED0C1ABBF218597C0BBDE267E048B284B811539985ADC5BA36132F8E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5....+6...._6.....6.....6.....6.....6.....7....:7....k7.....7.....7.....7.....8.....8...."8....$8....K8....r8.....8.....8.....8.....8.....8.....9....^9..*..9..+..9..,..9../..9..0..9..1..:..2..:..3..:..4..;..5.w;..6..;..7.)<..>..<..?..<..N..<..g..<..i..<..j..<..k..=..l..=...I.=...I.=...Ig?...I.?...J.?...J.?...J.@...J)@...Js@...J.@...J.@...J.A...J.A...J.A...J)B...JBB...J~B...J.B.. JuC..!J.C.."J.D..#JID..$JgD..%J.D..&J.E..'J8F..(J@G..)JeH..*J.H..+J.H..,J.I../JoI..0J&K..1J'M..2J>M..3J.M..5J.N..6JhO..7JBP..8J~P..9J.P..:J.Q..;JYS..<JDT..=J"U..>J.U..@JPV..BJlV..CJ.V..DJ.V..EJ.V..FJRW..KJ)X..LJ.X..MJ.Y..NJ.Y..OJAZ..PJ.Z..QJ.[..RJI\..SJ.]..TJi]..WJ.^..ZJ.^..[J._..\J1_..]J:_..^JR_.._J._..`J._..aJ6`..bJ7`..cJ~`..dJ.`..eJ.`..fJ/a..gJ.a..hJ.b..iJnb..kJ.b..mJ.b..nJ.b..oJ.c..pJxc..qJOd..tJ.g..wJ.g..xJ"h..yJ.h..zJ.h..{J.i..}JEi...J.i

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\th.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):199961
                                                                                                                                                                                                      Entropy (8bit):4.471892692957686
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:aMMGozCJFkcSCkIOBrQrUXFIw3reJZK8Q9w1p7ETsGpY0bhdxPtA0kC5/0:aMMnzsFkcSCkIOBrQrUXFIw3reJZK8Qm
                                                                                                                                                                                                      MD5:F265EC50E0EB62893FBC187C1C962DD9
                                                                                                                                                                                                      SHA1:5A60FF7287E5D4E35F000D229A4CBB37DB76ACC0
                                                                                                                                                                                                      SHA-256:CFFD61F7954CA10038529D14FDA6A4E34C8EA1A9F202EAD0B0C2DB93143EF485
                                                                                                                                                                                                      SHA-512:696140D16655B6D1C17D59B3E280F3F387ADB8AD58C4A0D369925BD01CF03A3FD934C3B8E02E9E868BB64F81E7CFBFA532E732D1CD705C52C7B0F588765ECBEA
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.,4..k.;4..l.A4..o.I4..p.V4..q.\4..r.k4..s.|4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....5.....5.....5.....5.....5.... 5....k5.....5.....5.....6....R6....T6....X6....j6.....6.....6.....6.....6.....7....17....87....;7....Y7....z7.....7.....7.....7.....7.....7.....7.... 8..*.A8..+.D8..,.U8../..8..0..8..1..9..2.J9..3.b9..4..9..5..9..6.q:..7..:..>..:..?..:..N..;..g.';..i.*;..j..;..k.3;..l.P;...IU;...I.;...I.=...I;=...J.=...J.=...J.=...J.=...J.>...J.>...Je>...J.>...J.?...J1?...J.?...J.?...J.?...J.?.. J}@..!J.@.."J.@..#J.A..$J0A..%J`A..&J.A..'J.B..(J.C..)J.D..*J(E..+JuE..,J.E../J.E..0J.G..1J.H..2J.H..3J.I..5JmI..6JBJ..7J.K..8J,K..9JVK..:J.K..;J.N..<J.O..=J.O..>JlP..@J.P..BJ.P..CJ.P..DJ.P..EJ.Q..FJXQ..KJ.Q..LJ5R..MJ#S..NJIS..OJgS..PJ.S..QJtT..RJ&U..SJ.U..TJ.V..WJ6W..ZJ.W..\J.W..]J.W..^J.W.._J.W..`JAX..aJbX..bJcX..cJ.X..dJ.X..eJ.X..fJ.X..gJUY..hJlY..iJ.Y..kJ.Y..mJ Z..nJ/Z..oJCZ..pJ.Z..qJ.[..tJ.^..wJ.^..xJ.^..yJx_..zJ._..{J._..}J.`...J&`...J=a...J.a

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\tr.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):103632
                                                                                                                                                                                                      Entropy (8bit):5.620092397160877
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:uTJeZiainAmSngesR/Rv2NEiOwi1PNpskBa5Y8GKhEtJj3:bZMAe8NEhwiBNps2r
                                                                                                                                                                                                      MD5:D8373D7BC1BDEE4CFB48D85694A78FF9
                                                                                                                                                                                                      SHA1:323408E39B2C953728420E5F21B1D1EB25DE6C2B
                                                                                                                                                                                                      SHA-256:B1B66BFEC0AFF21C64EC8BA3F19008501F196F80E7E41B2E8AE73114357DF458
                                                                                                                                                                                                      SHA-512:6960D7C0481985E0F151D66D047A02E7C31CDD670AFD71A0A3949B9B0AB9E083A5CA55FAA48E38C8793EBBF1218A4503043867D1999B163A923E5AFCE8058888
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........"...j.v4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.(5....05....55....=5....E5....M5....T5....[5....b5....c5....d5.....5.....5.....5.....5.....5.....5.....6.....6.....6....#6....36....E6....\6....u6....|6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.T7..2.a7..3.o7..4..7..5..7..6..7..7..8..>.%8..?..8..N.<8..g.G8..i.J8..j.N8..k.S8..l.Y8...Ib8...I.8...Ir9...I~9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...JP:...Je:...Jr:...Jx:...J.:...J.:.. J.:..!J.;.."J.;..#J#;..$J(;..%J;;..&J];..'J.;..)JP<..*Jc<..+J.<..,J.<../J.<..0JE=..1J.>..2J.>..3J*>..5Jj>..6J.>..7JB?..8JW?..9Ji?..:J.?..;J.@..<J/A..=J.A..>J.A..@J.A..BJ.A..CJ.B..DJ.B..EJ.B..FJCB..KJ.B..LJ.B..MJ.C..NJ8C..OJQC..PJ.C..QJ.C..RJ/D..SJ.D..TJ.D..WJ2E..ZJ[E..[JaE..\JiE..]JkE..^JoE.._J.E..`J.E..aJ.E..bJ.E..cJ.E..dJ.E..eJ.E..fJ.F..gJdF..hJ{F..iJ.F..kJ.F..mJ.F..nJ.F..oJ.F..pJ.G..qJUG..tJ.H..wJ.H..xJ.I..yJ9I..zJEI..{JfI..}J.I...J.I...J.J

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\uk.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):171613
                                                                                                                                                                                                      Entropy (8bit):5.007044552893733
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:fxJB3IjwWDCj+KU/TI7Yf7/QLNiXMMQOCqbCEb4UdL+v:5JB3IjwSrILNiXMoCqbbW
                                                                                                                                                                                                      MD5:E87CBE2CFFA7D3A95A8F837231D6F44F
                                                                                                                                                                                                      SHA1:40F7D1602B47C7A7AD445FE04377E3145F8CAFF7
                                                                                                                                                                                                      SHA-256:FA035595C375522D09F9DE5A545F5339FCD3DDB224FB19F1828A7958B7DFF3E8
                                                                                                                                                                                                      SHA-512:4A8B970B50DA8B92B824C92C6075C8B4440826DA5A581C91AD6E5B78BC65E3B80BE0080E4FBB20AD91E3EE30F8A3A05CA6925E93C76C8D2474CDB9A8825ACC74
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.h4..k.w4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5...."5....'5..../5....75....?5....F5....M5....T5....U5....V5.....5.....5.....5.....6....^6....`6....d6....v6.....6.....6.....6.....6.....7..../7....67....97....:7....J7....\7....n7....|7.....7.....7.....7.....7.....7..*..8..+..8..,.#8../.g8..0.y8..1..8..2..8..3..9..4.M9..5.|9..6..9..7..9..>.$:..?.3:..N.T:..g.`:..i.c:..j.g:..k.n:..l.z:...I.:...I.:...I.<...I0<...Jw<...J.<...J.<...J.<...J.<...J.<...J.=...J%=...J.=...J.=...J.=...J.=...J.=...J.=.. J.>..!J.>.."J.>..#J.?..$J.?..&JJ?..'J.?..(J.@..)JnA..*J.A..+J.A..,J.B../JUB..0J0C..1JoD..2J.D..3J.D..5J.E..6J.E..7J{G..8J.G..9J.G..:J.G..;J.L..<J.N..=J.O..>J.O..@J.P..BJ.P..CJ>P..DJWP..EJtP..FJ.P..KJ>Q..LJ.Q..MJ%R..NJLR..OJxR..PJ.R..QJ|S..RJ.S..SJoT..TJ.T..WJ.U..ZJ.V..\J/V..]J;V..^JAV.._JxV..`J.V..aJ.V..bJ.V..cJ.V..dJ.V..eJ9W..fJsW..gJ.W..hJ.X..iJLX..kJ[X..mJ.X..nJ.X..oJ.X..pJ.X..qJ.Y..tJ(`..wJ]`..xJp`..yJ.`..zJ.`..{J.a..}J7a...JRa...J.b...Jfb

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\vi.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):122335
                                                                                                                                                                                                      Entropy (8bit):5.796834440522502
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:2Qn4KMPnMpPiz+sEqOa2WYmc/1BCa1bNeqhzi5OZpW8uTtdLpFeSZTzeNQ:7n6ZacGbNjzioZWN1
                                                                                                                                                                                                      MD5:4BC4E64F60FF1F96F5124A089713FE5A
                                                                                                                                                                                                      SHA1:31D3792DF18AAE92D77BD7E4A6A6A2D091AD7BCF
                                                                                                                                                                                                      SHA-256:585B6476211FDA89BD97C32E266944ED61E1DBBA660E7F3940DB84C8EB7DD0BB
                                                                                                                                                                                                      SHA-512:203FE638C7B066A3AB239642AC3A08475BF0EC114EB48D3339BE81E619EABAB868931BFA6E1344D87F2B9CE6452EC8D71B685D241C9FEE915D1F4978E2143B8D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.L4..k.[4..l.f4..n.n4..o.s4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....5.....5.....5.....5....#5....*5....15....85....95....:5....]5....n5.....5.....5.....5.....5.....5.....5.....5.....5.....6....'6....76....O6....V6....Y6....Z6....c6....l6....x6....~6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0.'7..1.[7..2.h7..3.s7..4..7..5..7..6..7..7..7..>.&8..?.28..N.T8..g.Z8..i.]8..j.a8..k.f8..l.o8...It8...I.8...I.9...I.9...J.9...J.9...J.9...J.:...J*:...J6:...JX:...Jh:...J.:...J.:...J.:...J.;...J.;...J.;.. J~;..!J.;.."J.;..#J.;..$J.;..%J.;..&J3<..'J.<..(J@=..)J.=..*J.=..+J.>..,J.>../J3>..0J.>..1J.?..2J.?..3J.@..5JA@..6J.@..7J)A..8J@A..9JQA..:JsA..;J.B..<J?C..=J.C..>J.D..@J*D..BJ/D..CJ8D..DJKD..EJUD..FJ.D..KJ.D..LJ.D..MJzE..NJ.E..OJ.E..PJ.E..QJWF..RJ.F..SJ.G..TJCG..WJ-H..ZJ_H..[JjH..\JsH..]JyH..^J}H.._J.H..`J.H..aJ.H..bJ.H..cJ.H..dJ.H..eJ.I..fJ5I..gJ.I..hJ.I..iJ.I..kJ.I..mJ.J..nJ$J..oJ3J..pJKJ..qJ.J..tJ.L..wJ.L..xJ.M..yJMM..zJUM..{JzM..}J.M...J.M

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\zh-CN.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):90960
                                                                                                                                                                                                      Entropy (8bit):6.704102795095848
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:fS4xPz13JLazuzqWI3EnkHhE9vcolEclL:K4Zz13euz3+B8pl9L
                                                                                                                                                                                                      MD5:D9FB680D115846809114DE2B35AB4CE3
                                                                                                                                                                                                      SHA1:D1F68E0181233C98FFBE91B09910B9D87C1E35EB
                                                                                                                                                                                                      SHA-256:690DAFDEB5BE360E8B3A84C711D0D48B3CFC74C871B89A8F03F8058738CA9834
                                                                                                                                                                                                      SHA-512:5968BBA15BEBF047DF19B519DA87BDE959CCF1E564012043EA390B3C1E572BBAED79B8BE6BFB884F4F9DA8F1C25F3E6709D6620C582910DEAF723906FDB04525
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j.&4..k.54..l.<4..m.D4..o.J4..p.O4..q.U4..r.d4..s.u4..t.~4..v..4..w..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5....55....>5....J5....\5....n5....p5....t5....z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6.....6...."6....66..*.?6..+.B6..,.o6../..6..0..6..1..6..2..6..3..6..4..6..5..7..6.F7..7.[7..>.p7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...Ia8...Ig8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.9...JE9...JW9...Ji9...Jo9...J~9...J.9.. J.9..!J.:.."J.:..#J.:..$J$:..%J3:..&JZ:..'J.:..(JT;..)J.;..*J.;..+J.<..,J.<../J0<..0J.<..1Je=..2Jv=..3J.=..5J.=..6J.>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=JZ@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJNA..LJlA..MJ.A..NJ.A..OJ.B..PJ<B..QJ.B..RJ.B..SJ7C..TJhC..WJ.D..ZJ3D..[J9D..\J?D..]JBD..^JED.._J]D..`JuD..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJHE..hJ\E..iJkE..kJwE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJ.G..wJ.G..xJ.G..yJ.G..zJ.H..{J.H..}J<H...JHH...J.H...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\locales\zh-TW.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):90921
                                                                                                                                                                                                      Entropy (8bit):6.701067465304723
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:1536:Nx0gkZ46QB0MYZ2wcxAhdmDMQ+23mVcb7/8sfjkMQP1Rh5u/UxLiow5No4V3XiP9:PXkZkaMs2TAhdmSYkg35N/9XiPm45ycd
                                                                                                                                                                                                      MD5:D0141FD3E851CDB790549C069A76ABCD
                                                                                                                                                                                                      SHA1:3DA3787A8EA94AA066C5E5D17E42481330E0CAFF
                                                                                                                                                                                                      SHA-256:8187E67CDE3292C6F18EA0A40F8F8D3F2CD604E62FEEC9EC40C71B5D2BCDEC9D
                                                                                                                                                                                                      SHA-512:947E19E8FAD3A761E5E1D0380547A8F9BC06F28CF8103D80865EB9CED9E3ED3D601BD92710EF1CB9FA68D56EB62AE95C1AAD78145D455BCB6DDA1B8C280F4162
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............j. 4..k./4..l.:4..n.B4..o.G4..p.O4..q.U4..r.d4..s.u4..t.~4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....5....95....B5....N5....]5....l5....p5....t5....z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6...."6....(6.....6....B6..*.K6..+.N6..,.~6../..6..0..6..1..6..2..6..3..6..4..6..5..7..6.T7..7.i7..>.{7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.8...J.8...J.9...J'9...Jc9...Ju9...J.9...J.9...J.9...J.9.. J.9..!J-:.."J<:..#JH:..$JN:..%J`:..&J.:..'J.;..(Jr;..)J.;..*J.;..+J*<..,J6<../JE<..0J.<..1Js=..2J.=..3J.=..5J.=..6J'>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=J`@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJDA..LJeA..MJ.A..NJ.A..OJ.A..PJ.B..QJtB..RJ.B..SJ.C..TJ+C..WJ.C..ZJ.C..[J.C..\J.C..]J.C..^J.C.._J.D..`J5D..aJMD..bJND..cJ]D..dJ`D..eJ.D..fJ.D..gJ.D..hJ.E..iJ.E..kJ.E..mJ8E..nJ>E..oJOE..pJdE..qJ.E..tJXG..wJuG..xJ.G..yJ.G..zJ.G..{J.G..}J.G...J.G...JTH...J.H

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources.pak

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):5086576
                                                                                                                                                                                                      Entropy (8bit):7.950998865230536
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:98304:l3s0L4ikWDclBYCiqOs7y33cJGVh1uiUdrwruUFJ7rK5zkIFvd4XT8:tsQ4ivKYCDJoh8iqkruUXrK5N
                                                                                                                                                                                                      MD5:1F95BE6A00B153FD2BA5B149C21E3C25
                                                                                                                                                                                                      SHA1:D955B861C86E1D3DE73024B3383AA11264C87BA4
                                                                                                                                                                                                      SHA-256:F4EA4113A0DA76D70F72BBEF82374C4EB7E63936E3F6931CC56B27A7300F9715
                                                                                                                                                                                                      SHA-512:9BC4EE4344BCBCFCA1F6E84606FD730B21E58ADBDCEB1E47BA23931FF59ABDFF67DB368C912F63C51823A864B91E53699469D52AD9AD33301050D369E79D215E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........+...f.D...h.M#....U#....Z#...,.&...,.....,.0...,.A...,%K...,.R...,.U...,Z[...,.]...,.`...,.`...,.b...,.b...,.d...,.i...,Dn...,.x...,K....,.....,.....-h....-.....-S....-~....-....-.....-....-.....-i....-.....-.....-.....-.....-.....-.....-]....-.....-.....-.....-N#...-G(...-.<.. -.?..!-y@.."-.C...0.H...0.S...0.T...0.W...0.\...0.e...0=g...0ci...0.}...0.....0.....0Z....0,....0....0.....0@....0.....0.....0q....0.....0T....0.....0}....0.....0.....0I....0-....0p....0.....0.....0l....0.....0.....0_....0Z....0*!...0.4...0.@...0El...0.s...0.....06....0F....0....0n....0....0*....0.....0F....1.....1~....1.....1x....1g....1.....1.....1*....1:....1.....3.....3.....4.....4.....4.....4g....4.....4.....4/....4B....4|....4E....4)....4J....4.....4A....4.!...4oL...4YQ...4.X...4"b...4.c...4.f...4.j...4.q...4.y...4U....4"....@.....@:....@.....@.....@.....@.....@@....@.....@."...@h'...@.,...@.6...@2=...@.O...@6b...@.h...@Vm...@....@.....@....@.....@d....@....@%....@.....@.....@....@.....@,.

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app-update.yml

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):168
                                                                                                                                                                                                      Entropy (8bit):5.389258774620848
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:8tnQfcmkltUHVsZELv9sFPEPDpSWQn0ERXAEBbAB+NyCHgxAAKzecXCJdgv:67UH5LF4gDwWQn9RXhGAHmA+cXT
                                                                                                                                                                                                      MD5:EB323EEE2FE05435DCC43B46AE755749
                                                                                                                                                                                                      SHA1:0ADBA58BBCC880DC0FCA355348C5BA307DD83ABB
                                                                                                                                                                                                      SHA-256:2EA32F6C23775A377481A4AB796901FFDEC770D0151068796429523AC5A7CB99
                                                                                                                                                                                                      SHA-512:ADBB0DD42699DA6D4EDBE21A0FBDAA4C4CBB3F95A1B4B684D5372346D5B06140D786F5134766E2609A8BF32622836A8DDA99CCEAA0299D53AFE4276A6F05DF23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:owner: Gauzytech.repo: NeatReaderDeskAppPackager.provider: github.updaterCacheDirName: neatreader-updater.publisherName:. - ...............

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):25126098
                                                                                                                                                                                                      Entropy (8bit):6.535225776771471
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:196608:sEf0O0rZKOquTP0Rj+VbkWdc1ccqV3WKyL6z1Nn8yz9w/2:XnVZ15ybkWdc1ccqV3WKyLQ8yze/2
                                                                                                                                                                                                      MD5:FEC1F659221729195F6250A1BC947EDB
                                                                                                                                                                                                      SHA1:0CDDDE4C8A3DA8D7B5332023C0F44A21EDB91788
                                                                                                                                                                                                      SHA-256:97F8AF682F1ABD9E4F5F9B7CF391FD3310E6BAE793E9F64A170EA583E6663422
                                                                                                                                                                                                      SHA-512:804A6049E8A1EEFB04206BECC4F6B441D1A43A40D2CC6B66F6F7F6E27B9E41E23C51AAA966BF6668203A5906F1AEC5A042ACF1E1A1065B3749AF13997DDDC6AF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:................{"files":{"LICENSE.md":{"size":6587,"offset":"0"},"README.md":{"size":2610,"offset":"6587"},"electron-main.js":{"size":32448,"offset":"9197"},"notarize.js":{"size":1383,"offset":"41645"},"package.json":{"size":785,"offset":"43028"},"res":{"files":{"dmgbackground.png":{"size":15701,"offset":"43813"},"entitlements.mac.inherit.plist":{"size":425,"offset":"59514"},"fileicon.icns":{"size":8,"offset":"59939"},"fileicon.ico":{"size":1081406,"offset":"59947"},"installer_win.ico":{"size":104510,"offset":"1141353"},"logo.icns":{"size":158095,"offset":"1245863"},"logo.ico":{"size":121806,"offset":"1403958"},"myCert2019.pfx":{"size":5605,"offset":"1525764"},"myCert2021.pfx":{"size":4351,"offset":"1531369"},"......":{"size":253,"offset":"1535720"}}},"build-app":{"files":{"asset-manifest.json":{"size":1946,"offset":"1535973"},"desk.bundle.js":{"size":1446625,"offset":"1537919"},"favicon.ico":{"size":67646,"offset":"2984544"},"index.html":{"size":960,"offset":"3052190"},"m

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\LICENSE

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1061
                                                                                                                                                                                                      Entropy (8bit):5.10019973945846
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:JTrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:5aJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                      MD5:04CDC42E6AB6E50D5DBCAEB49E36259D
                                                                                                                                                                                                      SHA1:89DE8E53B9D281CC34AF448F63E1205BB6F6716F
                                                                                                                                                                                                      SHA-256:DC30C81D5B085C711E1F97F47C8446DA285B67B1415BBD1F4D3231A1A96EA29D
                                                                                                                                                                                                      SHA-512:660F0955B4864CA50CC8FB3084EA71A01C4B211D2AA06B320A2136F93D7F36D9B00592602BC6A2EEC0878BD25D7A439650F82C508B428105B602C42242099C04
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MIT License..Copyright (c) 2017 oldj..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WIT

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\demo.js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):185
                                                                                                                                                                                                      Entropy (8bit):4.590000335232084
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:UV9weLFEJBPOKaDgDvXbfAzHKLRWiIvFHbGvKlWuFzGLfFFwHbGsHuQMv:UXEbyerfAzHK+vFHKvEhzEYHKwuQMv
                                                                                                                                                                                                      MD5:1A159E84E567AD40E95E1D48CBDCF044
                                                                                                                                                                                                      SHA1:28DD65A0D76F51EA81EED41C785DCD86B697D5C8
                                                                                                                                                                                                      SHA-256:9905E2EB71FBB9C550A49F386C09D8B4988536493EFB20A7E19E926B1AAD4554
                                                                                                                                                                                                      SHA-512:0B63F911E5CC5421FFE222AB7564B5A8CCC383AA14AA9307B4CCEA96E5F5C7F9DFBAEFFF3B66671ECC015636ED2EBB46A4B677C1740CE4BB8172D16E97F577AD
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/**. * @author oldj. * @blog http://oldj.net. */..'use strict'..require('./index').getFonts(). .then(fonts => {. console.log(fonts). }). .catch(err => {. console.log(err). }).

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\index.js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):450
                                                                                                                                                                                                      Entropy (8bit):4.816462148236487
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:UXEmZ7CrQHzF/ZQq/vF34ZH6yzON4BH6SbIglRbPke:2ExqzF/ZT34H/zQyHJIURLz
                                                                                                                                                                                                      MD5:5ECEB0471DD89A13D7665D720A68A0BA
                                                                                                                                                                                                      SHA1:5BA17AFCBB9AE32F4C006D6E205D7A9669E5E100
                                                                                                                                                                                                      SHA-256:CBC4D927634768FD73576217494C180E0C8D4B58BA72AE4E8FFA36C7714ECE2F
                                                                                                                                                                                                      SHA-512:87F1F5E463B74BFAC2526DEEA677695E9A42034FD0604356E934A0B1153B39C871E2BBDFF7737480939E376D6B8DFD8C53075109F53C0D977FBB7B486A9AF97B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/**. * @author oldj. * @blog http://oldj.net. */..'use strict'..const platform = process.platform.const for_darwin = require('./libs/darwin').const for_win32 = require('./libs/win32')..exports.getFonts = () => Promise.resolve().then(() => {. if (platform === 'darwin') {. return for_darwin().. } else if (platform === 'win32') {. return for_win32().. } else {. return Promise.reject(`Error: font-list not support on ${platform}.`). }.}).

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin\fontlist

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):18672
                                                                                                                                                                                                      Entropy (8bit):1.2513931584657838
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:xmiVaUTy/u/GvpvnQeX25TniFNEw37CDbplM6yX1KqUcNqP2VPtjY2iEa:xmiVV3s5gpsK4NrVkK
                                                                                                                                                                                                      MD5:90F82F5F098602106082F346FD5CEC2C
                                                                                                                                                                                                      SHA1:4EAF83850764ADD914E42C51CE35632E0BDCC349
                                                                                                                                                                                                      SHA-256:117C76F2A1632870577CD182D811F65841BC49C8EE1FD96CCB0CF44395C3D4BF
                                                                                                                                                                                                      SHA-512:0FFCB12144CEEF3320C3E3F53CB990CBAD563E5A1F55B39F7C8C9B7B1BD30CEE38D36D25194CCDF7E49E8EFDF83A4604D08890753313846C1C164E6DCBB07BBC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:.......................... .........H...__PAGEZERO..........................................................(...__TEXT..........................................................__text..........__TEXT..........@...............@...............................__stubs.........__TEXT..................$.......................................__stub_helper...__TEXT..........0.......L.......0...............................__cstring.......__TEXT..........|...............|...............................__objc_methname.__TEXT..................4.......................................__unwind_info...__TEXT..................H...........................................(...__DATA..........................................................__nl_symbol_ptr.__DATA..........................................................__la_symbol_ptr.__DATA..................0.......................................__cfstring......__DATA..........@....... .......@...............................__objc_imageinfo__DATA..........

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin\index.js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1115
                                                                                                                                                                                                      Entropy (8bit):4.64600895990603
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:SP+jRASEBH4+nPRM0+2GbYv1bBPCnLhd5o5w7QvN5kOinH:SPAEx4ORM9OlsISqKOinH
                                                                                                                                                                                                      MD5:425F1822F7A5B7162C987630B9512BCD
                                                                                                                                                                                                      SHA1:7595E01BFF938738AE1DE75B5BA06C7D41ABFDBD
                                                                                                                                                                                                      SHA-256:0424800DCA9635AEBAB1A318E4A4CC00B0D53E86EFF0BD724F1B92F2CD7196E6
                                                                                                                                                                                                      SHA-512:EEC25CFD5066B8736FD2C6345B1468A0847DFFC805683501D99C6982B962D73ED43981C3FCA837310319895F40EEDEA8FF67D1C4B5226973276B8AD6F67D4D8D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/**. * index. * @author oldj. * @blog https://oldj.net. */..'use strict'..const path = require('path').const execFile = require('child_process').execFile.const bin = path.join(__dirname, 'fontlist')..const font_exceptions = ['iconfont']..function tryToGetFonts (s) {. let fonts = []. let m = s.match(/\([\s\S]+?\)/). if (m) {. let a = m[0].replace(/\(|\)/g, '').split('\n'). fonts = fonts.concat(a.map(i => {. return i.replace(/^\s+|\s+$/g, '').replace(/\,$/, ''). })). }.. return fonts.}..module.exports = () => new Promise((resolve, reject) => {. execFile(bin, (error, stdout, stderr) => {. if (error) {. reject(error). return. }.. let fonts = []. if (stdout) {. fonts = fonts.concat(tryToGetFonts(stdout)). }. if (stderr) {. fonts = fonts.concat(tryToGetFonts(stderr)). }.. let dict = {}. fonts.map(i => {. if (i) {. dict[i] = 1. }. }). fonts = []. for (let k in dict) {. if (dict.hasOwnProperty(k)

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\win32\fonts.vbs

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):663
                                                                                                                                                                                                      Entropy (8bit):4.769055573454181
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12:4fjaQNv1nCBgqpKEITKEYwAuRlYiqveAxKRGHjY:4f+QNvt/q0EqKEYwAElYiqveAxKGHjY
                                                                                                                                                                                                      MD5:535E7E4E7C659BE25CAC9E936FD60FE2
                                                                                                                                                                                                      SHA1:EB8D0BAD0EBC651BA435468253A74B927228A919
                                                                                                                                                                                                      SHA-256:A292B00EFD2AD22A57900886065EB2DBA008F526C3B3B161D44F7C620667241D
                                                                                                                                                                                                      SHA-512:FBEB119453ED0786B3DAD3D529A60DC6ED8FC96F1E4A62AA6AC522969FCF017AC53F1CF998C93CB400FB5EB02E027686C55B4FAD8400EAD522A3E4C01833EF53
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:Option Explicit..Dim objShell, objFSO, objFile, objFolder.Dim objFolderItem, colItems, objFont.Dim strFileName...Const FONTS = &H14& ' Fonts Folder..' Instantiate Objects.Set objShell = CreateObject("Shell.Application").Set objFolder = objShell.Namespace(FONTS).Set objFolderItem = objFolder.Self.Set colItems = objFolder.Items.Set objFSO = CreateObject("Scripting.FileSystemObject")..For Each objFont in colItems. WScript.StdOut.WriteLine(objFont.Path & vbtab & objFont.Name).Next..Set objShell = nothing.Set objFile = nothing.Set objFolder = nothing.Set objFolderItem = nothing.Set colItems = nothing.Set objFont = nothing.Set objFSO = nothing..wscript.quit.

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\win32\index.js

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):1343
                                                                                                                                                                                                      Entropy (8bit):4.822997476682633
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:SP+BRAiF/ekxAUtovF12v8TemDBPC2KE+FuaCeigtQdec87BOtH:SPedewBiLi8KmDIEQuYbT7BOtH
                                                                                                                                                                                                      MD5:17581571CEE41DAC6A45B03321197F0E
                                                                                                                                                                                                      SHA1:82C1743AE4002AF4901D3E3F5B02DD773FBCBD12
                                                                                                                                                                                                      SHA-256:53EE13B13161F7D0BDA392DB251B7ECDC4ECFA127A76E46EC3CC01A25426B964
                                                                                                                                                                                                      SHA-512:BD009381E248AD85CCA9367B67ADB97DF53454A850F9F7394713B97CDD10CF649377E22263D9E35F7AD7A652B206FD58DE4B82DC282FE241F5D42EADA7804E7E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:/**. * index. * @author oldj. * @blog https://oldj.net. */..'use strict'..const path = require('path').const exec = require('child_process').exec..function tryToGetFonts (s) {. let a = s.split('\n'). if (a[0].includes('Microsoft')) {. a.splice(0, 3). }.. a = a.map(i => {. i = i. .split('\t')[0]. .split(path.sep). i = i[i.length - 1].. if (!i.match(/^[\w\s]+$/)) {. i = ''. }.. i = i. .replace(/^\s+|\s+$/g, ''). .replace(/(Regular|..)$/i, ''). .replace(/^\s+|\s+$/g, '').. if (i.includes(' ')) {. i = `"${i}"`. }.. return i. }).. return a.filter(i => i).}..module.exports = () => new Promise((resolve, reject) => {. let fn = path.join(__dirname, 'fonts.vbs'). //let c = fs.readFileSync(path.join('for_win', 'fonts.vbs'), 'utf-8'). //fs.writeFileSync(fn, c, 'utf-8').. let cmd = `cscript "${fn}"`. exec(cmd, (err, stdout, stderr) => {. let fonts = [].. if (err) {. reject(err). return. }.. if (stdout

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\package.json

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):353
                                                                                                                                                                                                      Entropy (8bit):4.60125646845405
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:q/OmcnyI2HxE79/Zc3xsJonI7EFM3oc67OO6GBzM/Ly+T6z6sJonI7yJnqS1W:TsHxE7BKsegsI6aVGBzMbmWseguV1W
                                                                                                                                                                                                      MD5:85560E6AD13034B0E28169BD3432243D
                                                                                                                                                                                                      SHA1:BEA79471C8FC0978284D355A9134845C215941D0
                                                                                                                                                                                                      SHA-256:B3CC2EAB6C0942252FB88457B1F5E73AEC0E09CB6A226BC9003385237D023D6E
                                                                                                                                                                                                      SHA-512:B6D52552E3693633CEEE744287FD1FBE27FC479A9B2A69BAEBEE28F06D79BF0907CCC1EBE1D847B096E4640141D20E3BCF057CBC97068B7EA7D843BC3F2CD791
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{. "author": {. "name": "oldj". },. "deprecated": false,. "description": "list system fonts",. "homepage": "https://github.com/oldj/node-font-list#readme",. "license": "MIT",. "main": "index.js",. "name": "font-list",. "repository": {. "type": "git",. "url": "git+https://github.com/oldj/node-font-list.git". },. "version": "1.1.0".}

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\resources\elevate.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):126384
                                                                                                                                                                                                      Entropy (8bit):6.730823060228504
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:lVbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlDg+9cgVAS:HPrwRhte1XsE1lDgycgV7
                                                                                                                                                                                                      MD5:10809BE421D4374705AF579B40D5A8B6
                                                                                                                                                                                                      SHA1:01F50BD18E0C8A73ED18B2FFC0762D83D3765FC0
                                                                                                                                                                                                      SHA-256:40DCCB7D21EF1A6C6A6983DCB26DF03DB91FE149ECFC9FED1FA52F3B707A4E23
                                                                                                                                                                                                      SHA-512:154DBA012979F124AA3255FB405C9736A852F56FF446F6DEE3999DF32ED6F160FC8740E53E1F599D182DA74B39C4FBC74D26D6BEE2A2177546028AF19083B052
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x................I......T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\snapshot_blob.bin

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):48494
                                                                                                                                                                                                      Entropy (8bit):7.9893942456255695
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:XnU1/CJykNENv/4xC5TiD/ESI4gOSv0k849y6vQ8xiOhw+qfroloGdUDgaebDSHN:X8CxMvSUiD/JI2Sv0p49YN/eOD4bDU+s
                                                                                                                                                                                                      MD5:BD6D735F6707806E22433F524406EEEE
                                                                                                                                                                                                      SHA1:991DFB6D847663F16636ABC908B2BB95C83B5BFD
                                                                                                                                                                                                      SHA-256:51943B85CCB0FE6F0749B64840A6827B4F895B10BE4529C2054847EE8CCC5EBB
                                                                                                                                                                                                      SHA-512:E88F8366D32D2D3E197FDAE5F417C67825304AA00AA30826C3A3E70C55A61CFC3D9FA2D20F7839478C4F90F3D68D84A58CB5970F7017B87C96AE0EA959DC3911
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.........m.9.1.269.28-electron.0............................................X..........{\\...g.....$!.6.`EK*1IE...Q<!.IP.fB&.(.K*ii..+FlP..-m.V<b.-.i.*V.x...X.S.....+....{``.......{...g.........6V..._.E..FEE..s...E..c%*...&4.M.y.~k..}.....V..7(+.h....m.......>.m......?.3...Z..C...A.....Y.n0...u...._.......B....v.g....-._..V......RUuI.........6^..*Jt.NK..0...\r.!..%G..r.......e....k..|d.W.{.B..f....QQ.J.e9.....dG.....M;.G.%...L.n`w<6..........g...(......?......V.TD../..+...p:.......|\.......;p...N..>....._..8..q+..N|.....1~.(......o.8..O..<....^.k.3.....{...AQ`S....>.....$)HV.. UA..t...d(.T.. [A..\.y....((T.W.P.TP..BA..Z.u...4(hT..YA..V.m....U..SA..n.=.z..).W0.`P...c....(8.`T...q...&.L).V.X`....,.Y.`A..I.$[.bA..i..[....2-. ...r-. ....-.[.. hA.....XPkA....4X.hA.....X.jA........N..,..^..,.`..A..,8f...#...`.1..-..`.)..-P..Y.+\V..H.".$+..H.".4+.XgE...VdY.mE...V.Y.oE...V...X.....+j.....z+..h...f+Z.h...v+.Z.aE..]Vt[.cE..}V.[1`..CV..b..

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):375296
                                                                                                                                                                                                      Entropy (8bit):6.569398699780301
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:r0q9ThOMhidEqD5VNoQlFje8+ki4dlM8NEkqZCC9uZaWprSfd9ewO/5i0:j9CNoQbe8+ki4dLC1uZawLhY0
                                                                                                                                                                                                      MD5:875845164505BC563F8C188440E2B178
                                                                                                                                                                                                      SHA1:2BDE0941D65C9B85E7ED72714842ADB8B43C9294
                                                                                                                                                                                                      SHA-256:3851FE0E6938424C964627276C926CF362BF5BBCB5C83276DD3EC3C3BB056C6A
                                                                                                                                                                                                      SHA-512:50A734BC005C58777C4B564541027CCBA36E9477A9463F7E21DA617D06E426CD4D300CC67339475F0EB116CDE4A38FF6ED57EC4A579C45CE12845BF1ABEB0BC8
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!.....X...\...............................................0............@A.........................7.......=..P................................8...+.......................*......H................>...............................text...>V.......X.................. ..`.rdata..|....p.......\..............@..@.data....4...p.......V..............@....00cfg...............t..............@..@.tls.................v..............@....voltbl..............x...................rsrc................z..............@..@.reloc...8.......:..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2839040
                                                                                                                                                                                                      Entropy (8bit):6.771436357855
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:t5UizaF2YKr1TPlFLWQ46F+JQVR58xyLERmIKTk9mUVJAsQG7ethexvi0URr+zOH:tOSaprTxcJnOguZ127
                                                                                                                                                                                                      MD5:94833E7539BF5256CC11F6D9CECAFB90
                                                                                                                                                                                                      SHA1:DE07A1C9F55671D55701D2667607E8BC98A0C0A8
                                                                                                                                                                                                      SHA-256:CDF5F26C30B6AAF164EF6C1C1502A929613EF87D548E15E753CE70E7D4D2DCA1
                                                                                                                                                                                                      SHA-512:09E56F76D4F932BC50847EC5F7E7016FBF7D3127466274B8A51EEAEBC653384EDAF0EADA768F3BE75DFB133E114F499806E9E6F80E633CD55B5E238C1802ACE4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!......&..<........"......................................p0...........@A........................l.).. ..a.).d.... /......................0/.40..<.).....................@.).....X0&...............).P............................text...s.&.......&................. ..`.rdata..D.... &.......&.............@..@.data.........*.......).............@....00cfg................*.............@..@.tls........../.......*.............@....voltbl.O...../.......*..................rsrc........ /.......*.............@..@.reloc..40...0/..2... *.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\uninstallerIcon.ico

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):121806
                                                                                                                                                                                                      Entropy (8bit):5.067418679247204
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:768:XwCkIMi7aTvUAOy2s16wz1/+Jv3n5ydricOjmJUwZmjx681/uV81prFB6FMv:MIVGTc4F+CYjmmwZmjxi+bqFm
                                                                                                                                                                                                      MD5:F5B33964F35D20C8EFFC0863709F9E1D
                                                                                                                                                                                                      SHA1:79DAF111FA7A6B06787039C64259A30F43AFEB28
                                                                                                                                                                                                      SHA-256:AB5A5C17355115D1B627579BC7E05E3E5F930F824D4D8A103110C77F991D036D
                                                                                                                                                                                                      SHA-512:848EACE5BD55A1FD848077695AD19D9639F6EA74FB316415EF6CA2D5710CBEBC7189FF3ABD67C759FA8FAB3AF924D7B5805EDD5CB65CEE6A325C945C1FCFC54A
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............ .`V..f......... .(....V..@@.... .(B...^..00.... ..%...... .... ............... .h...f....PNG........IHDR.............\r.f..V'IDATx..y..W}...Zz.f.,.h...%![.16^..CBH..!.......K..&d...&..'....'....!!.[,......h$.....k9....gz...S.=.T..4]}..S.}...;K..<x.......<x.......<x.......<x.......d./..?FGG..#.D...l.-.......<k...P....5.........u.x..'.....+........1...........A.....$.[......sf.1.1.QUu.1...f........2..!$. . .@..Hx.....:A...(.;...@.(...Ph.....$._..M. ..A..E.L....u=C)].u}I..)M.&.E..f.#..M.B..,.B.(...O...<.X#T.^.......`...........].,o.E.O..86..b..'5M.PUu.X,..f...E..`...4!..O.....A]....-........`(..9.......1...........b.x6..>..fO.B..!.(.B9..O.V.......%.L.n..eY...F.....}>..A.bk}.k.].S.../...&...TU=O....(.B.F........6.0.%..u........H.@ pP..!xu_..(.X.Px6.J.$..=G..B..'...!....^#l...(E.{.l.../..b.....$...5n$..:.........B..!... ..PO.Z.O...a...:.l.$i.".xE0..K..k}}...E.....[XX...i'..AZ....U..<.p...~.@..].h..h4....?@......G0.|>.<.L~7.J...2J.....H.........f~...Q..vt

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\v8_context_snapshot.bin

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):165672
                                                                                                                                                                                                      Entropy (8bit):7.993838196016534
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:3072:JGafMxPyq/OT/eCIceqeNX8FI6cQVMPfKjWkKyBhmED/mScpJeWg8:JGbfmqC5equ8uIVMPfKjtnvX/mSc2G
                                                                                                                                                                                                      MD5:16A6F859B06AB90F638C55C74E74B109
                                                                                                                                                                                                      SHA1:3C423CCB509B7552C3F1B4589CF1B8A25DE0A1F1
                                                                                                                                                                                                      SHA-256:F28E75DA2CFBAF8AEB069873048CDC604AD70D32FBAC3D8C9D7DC2BD5F9C1734
                                                                                                                                                                                                      SHA-512:0784EE049ADB2A7034E6627C15C8F58532E0A6A5FDFC9A48C56038E26FD4429318A9F3B4EACCBC778AE374DD2F0FA9079933383E81CA54C3FA5666EAD97ED179
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.........8..9.1.269.28-electron.0...........................................A'..6`......(..........M.....s.:..s.L..#."..F.gdd.......c.g....0.B(..P.....F..(.".KQ.7.E.(%}.Z.^k............Kg?..Y.~.Z...{...~.^'...Z.j.....S...o....V-......6..........u0.Q0`i2.6....R.CRA..|^.ZA"..6..D....i#..?. ?LQ..|$.... ..S*..L.....?.VPh.<...;M.y..a..B....RZ.-NMM.l.Z...)...{...b.4.Jo....re..K..%sS_#?Y...s..Z...@+....^.'..Y\.7.#..5.Rwpnp.|3.es.?./..o....O..r.H...R.v*...........?.7.........?...'\..............&.9j.nG..]...........@4.=.F.RT...%.84.MF...i4.-@...r.2Z.j..h.z......F....0./..}..@_.o.w...3..]G...mA.......oA.,..........:XP'..jA.-....XP...YP.......4...$YP.*,h..%-..&Z....nA3-h.........Z...ZeAk-h..m......vZ.n..kA.-.....c.t.NY...:gA.-..]..+.t... ..."dEn+.YQ....FV..ZXQk+jkE.....u...V..r.(.....Y.P+.fEA+..(dE.V4..VTmE..h..M...V4..Y.B+ZlEK.h......V...6[.V+.nE;.h....Vt..X.1+:aE........Vt..[..+.fE.X.%..NA(..S./.e...).Q.j..Z...).m..:...).{..rRPn..KA.)hP.

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\vk_swiftshader.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4064256
                                                                                                                                                                                                      Entropy (8bit):6.632718906424881
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:49152:JZBSYJdRLwAb4slfLIjNFSdahJ3e6s0+iFtNwlPga5+YZLYwdNOKvkVfjiNHVmOh:msdbNMOk/wZntF94wg6fN
                                                                                                                                                                                                      MD5:6EFC3DD2EF157E156A327976786F5AF9
                                                                                                                                                                                                      SHA1:D65231C36D8AD72835DB584693C4AF887BE71B46
                                                                                                                                                                                                      SHA-256:2E93213501DC4F1C0B9AF612AECAF6D94A11DA934CEEA1E1689EBB95623EB518
                                                                                                                                                                                                      SHA-512:578D620DC6772B5FA9D733E34D965D6C0868035226CB85800C38329F91C26B96A3D9A85255765E01BC7887D416E16E30D14216A4BDCED08CBDC488004E75B3CC
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!.....*3.........p./......................................PC...........@A........................x.;.G.....<.P.....A.......................A.|.....;.......................;.....HP3.............8.<.(............................text....(3......*3................. ..`.rdata.......@3.......3.............@..@.data........P<.."...0<.............@....00cfg.......`A......R<.............@..@.tls....%....pA......T<.............@....voltbl.......A......V<..................rsrc.........A......X<.............@..@.reloc..|.....A......^<.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\vk_swiftshader_icd.json

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):106
                                                                                                                                                                                                      Entropy (8bit):4.724752649036734
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                      C:\Program Files (x86)\NeatReader\vulkan-1.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):630784
                                                                                                                                                                                                      Entropy (8bit):6.720686568637708
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:12288:Kj75fGWAhFBHEQJ6naq5vdcqrf4hNQGryua85rcvQUvVjsq:M5fpNBrfw3r/Av
                                                                                                                                                                                                      MD5:2E7229E30D58C2DB4149C8CEEE8E9FF6
                                                                                                                                                                                                      SHA1:E9729C235B3BBFB459AA7CAA7E8DC3ED061696DF
                                                                                                                                                                                                      SHA-256:DB35E7EBA7214348098D866B6F97B8CA3837DB751DBD831A095FE3EA1C6B68DF
                                                                                                                                                                                                      SHA-512:06A0397EFA8BEADD267DD7E91D0DD0036483415834ED6AEE4FAFCB8D0EA5044859B90E3D172F98BF955BB137A3BCF1D37D7FC3809E170E692FD71E4B1DBCF844
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....6.`.........."!......................................................................@A........................4...N.......P................................\..................................H................................................text...~........................... ..`.rdata..,0.......2..................@..@.data....4...@....... ..............@....00cfg...............<..............@..@.tls.................>..............@....voltbl.0............@...................reloc...\.......^...B..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeatReader.lnk

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 28 17:04:43 2024, mtime=Sat Sep 28 17:04:45 2024, atime=Wed Jul 20 13:35:16 2022, length=117631920, window=hide
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2141
                                                                                                                                                                                                      Entropy (8bit):3.458541236726864
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:8mtFGEFudOEa555JdRyAsaQ2qdOQ/dOgdOQ2sOQFUU4OZmqyQwJm:8w5FudOpT5JVsasdpdhdMsYOyQY
                                                                                                                                                                                                      MD5:5F4D8720273DC848AFCB2BC5D5E20A8D
                                                                                                                                                                                                      SHA1:0BD0D587C47905697330EF897AC245A2FA5325F4
                                                                                                                                                                                                      SHA-256:30D22DAE87BDD83F0C1EF469C363F6CCEF35DD604C878C84FBEB44CAE443BCA3
                                                                                                                                                                                                      SHA-512:C546D666F4F8BB7C78D4D5864D2A9FF3D13275403AC7A4F92C9D3BB3B96C78534AB125B8EA11C89C4535473F1EDF283573C6BBF675205CA0AAB61E3A94343AD4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:L..................F.@.. .....w.....v`.........E................................P.O. .:i.....+00.../C:\.....................1.....<Y....PROGRA~2.........O.I<Y......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....<Y....NEATRE~1..F......<Y..<Y............................}...N.e.a.t.R.e.a.d.e.r.....j.2......Tht .NEATRE~1.EXE..N......<Y..<Y.......C........................N.e.a.t.R.e.a.d.e.r...e.x.e......._...............-.......^....................C:\Program Files (x86)\NeatReader\NeatReader.exe....G.r.e.a.t. .c.h.o.i.c.e. .f.o.r. .r.e.a.d.i.n.g. .e.B.o.o.k.<.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.\.N.e.a.t.R.e.a.d.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.\.N.e.a.t.R.e.a.d.e.r...e.x.e.........%ProgramFiles%\NeatReader\NeatReader.exe..............................

                                                                                                                                                                                                      C:\Users\Public\Desktop\NeatReader.lnk

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 28 17:04:43 2024, mtime=Sat Sep 28 17:04:52 2024, atime=Wed Jul 20 13:35:16 2022, length=117631920, window=hide
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):2129
                                                                                                                                                                                                      Entropy (8bit):3.450312036846778
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:8gBFPEYdOEcAVh55JdRyAsaQ2wdOQ/dOgdOQ2sOQFUU4OZmqyQwJm:8asYdOVAd5JVsaWdpdhdMsYOyQY
                                                                                                                                                                                                      MD5:FA4452BF67D80ABEE9ED183FFEE4EF3C
                                                                                                                                                                                                      SHA1:DDA314A81DB2DD308F273C5316B16F7CF7CBC7F9
                                                                                                                                                                                                      SHA-256:189B94E2FF0B11DEFB44F572EA8986ABD890385FFC9A7F00695C4BB033F26F9F
                                                                                                                                                                                                      SHA-512:DD54E917EDABF240FC5AA0B079E2AB4C09F9C019CDD985BD698769FB8F2F8DB7B215A6AA1A62708478A433235D116AB880215EBC621EA15BCD03C56FBC859A66
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:L..................F.@.. .....w......Fs........E................................P.O. .:i.....+00.../C:\.....................1.....<Y....PROGRA~2.........O.I<Y......................V.......'.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....<Y....NEATRE~1..F......<Y..<Y................................N.e.a.t.R.e.a.d.e.r.....j.2......Tht .NEATRE~1.EXE..N......<Y..<Y.......C........................N.e.a.t.R.e.a.d.e.r...e.x.e......._...............-.......^....................C:\Program Files (x86)\NeatReader\NeatReader.exe....G.r.e.a.t. .c.h.o.i.c.e. .f.o.r. .r.e.a.d.i.n.g. .e.B.o.o.k.6.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.\.N.e.a.t.R.e.a.d.e.r...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.N.e.a.t.R.e.a.d.e.r.\.N.e.a.t.R.e.a.d.e.r...e.x.e.........%ProgramFiles%\NeatReader\NeatReader.exe..........................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1a1fcfd8-4426-4b36-9f32-6e1eac32a6f9.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2981845
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):1897064
                                                                                                                                                                                                      Entropy (8bit):7.997641789603083
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:49152:it7sRX5f/WXxI56wEkwzaqKDShe4ld0VhBplfPK:a72d4K6XkwOqKuhnSP/9PK
                                                                                                                                                                                                      MD5:4AE8B9B116FF14F617A2D356FD162ED4
                                                                                                                                                                                                      SHA1:8AA34448C23FB3AE63AD53F8483019FB4B087AD9
                                                                                                                                                                                                      SHA-256:7FDBF21CB85275382127C4E725849341A9247651FF8DB5F8605A0E4C6CF3ABA7
                                                                                                                                                                                                      SHA-512:5B74A425EE34ECCEA54EA868FE8127AF4CCBA2EED7A80CFC396B444C1F978B679D09CDE1DC02BE94A691C952EFD6A4FB55DCAA0EF0DD9589199659910F905DB9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............c.8.0.Wd..!E..T.}nG..8.........EIlS.....K......C.....'..g.(...U..."tS?.u.x..T..'...W..{.".......Q.&.;'nD6&.O.....2...V....a%...=.uY.........i+l;...p.....qo.w...^M.........Q.c..sYbw....%..v...t.K....N..k.]....=_$S._.:.......4|.n.l....y..Q.8..S'9....h...#...9F..{W.5..smP.a.)!.-$...L.q...........#...m...P7..v.zq..6>..3..E.07...y."...ZM....u.l;..._ze^.w..`........N..mC........o.........Q.c.8.."`F..X.....1..OW!....,..H.&.|..R...x/...\C}.c.T.G...ya.x. ..1....|uf..M=g..0......(.k....T3zn.g..R.!}..s.....'^jk.t.:..'y.]DT...6...K..l.m(}...?\..G....Q..5..P.=...I}..o.[m[.Z.g..........z....`Oc...n.`.c:..Z...s.:..v,..9.u....]K;2.G.}o_c{.6.v.cs...}K.\w..3>....G.g.@.CK.9.....].!..i..%..rb..H\..~.!.t..1....^8:...H./.W..3....._...8`....B..Oi;.Gc...o.....=.Q8.'........Z.u. ....l?,..i..lz../9.F...g%r.Sg..+.&3#o.....S..,..".s..H.V.6..~.....A:....|y..^.f.............+.J....H.F...Z.t..us...\.V:.z[...(P$Ip= .,...s....DR....o....kN.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\60c5374f-7448-42cb-b77f-6372d03f3b9e.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 224205
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):1172612
                                                                                                                                                                                                      Entropy (8bit):7.994568326904492
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:24576:14gslidDYPYKSXhf5Unwn/XWXTdgx56wN+kvIzahkX7Z2:it7sRf5f/WXxI56wEkwzaqX7M
                                                                                                                                                                                                      MD5:5E94FE0CE0508608B47DC574D841B227
                                                                                                                                                                                                      SHA1:823415D4C2A06279D9AC4CFF44938B9DB4C4F3E9
                                                                                                                                                                                                      SHA-256:95FCC1253107F5010C8A6B3F6D4DFCEA67413849EBC4FC05333746D6D843B6F3
                                                                                                                                                                                                      SHA-512:BC1B2D53D99661D335F1DA0B42B4C77A085E19A9A0937924039BC29EBEF06355136E593A39BC55A4DDFAA9C7BEBA79043DA9623DC35BA8729F5417D898553F11
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............c.8.0.Wd..!E..T.}nG..8.........EIlS.....K......C.....'..g.(...U..."tS?.u.x..T..'...W..{.".......Q.&.;'nD6&.O.....2...V....a%...=.uY.........i+l;...p.....qo.w...^M.........Q.c..sYbw....%..v...t.K....N..k.]....=_$S._.:.......4|.n.l....y..Q.8..S'9....h...#...9F..{W.5..smP.a.)!.-$...L.q...........#...m...P7..v.zq..6>..3..E.07...y."...ZM....u.l;..._ze^.w..`........N..mC........o.........Q.c.8.."`F..X.....1..OW!....,..H.&.|..R...x/...\C}.c.T.G...ya.x. ..1....|uf..M=g..0......(.k....T3zn.g..R.!}..s.....'^jk.t.:..'y.]DT...6...K..l.m(}...?\..G....Q..5..P.=...I}..o.[m[.Z.g..........z....`Oc...n.`.c:..Z...s.:..v,..9.u....]K;2.G.}o_c{.6.v.cs...}K.\w..3>....G.g.@.CK.9.....].!..i..%..rb..H\..~.!.t..1....^8:...H./.W..3....._...8`....B..Oi;.Gc...o.....=.Q8.'........Z.u. ....l?,..i..lz../9.F...g%r.Sg..+.&3#o.....S..,..".s..H.V.6..~.....A:....|y..^.f.............+.J....H.F...Z.t..us...\.V:.z[...(P$Ip= .,...s....DR....o....kN.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\SpiderBanner.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                      Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                      MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                      SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                      SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                      SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):102400
                                                                                                                                                                                                      Entropy (8bit):6.729923587623207
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                      MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                      SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                      SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                      SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\System.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                      Entropy (8bit):5.719859767584478
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                      MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                      SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                      SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                      SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\WinShell.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):3072
                                                                                                                                                                                                      Entropy (8bit):3.3907428713435226
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:eFGSizG71F+wwBhckFZEdnNLYFI6StBy1FMG/N9+ChRXZ76l/bkJZksWVtfa:iiGv+wwBh/+l42pcp7+jkJ2vTfa
                                                                                                                                                                                                      MD5:1CC7C37B7E0C8CD8BF04B6CC283E1E56
                                                                                                                                                                                                      SHA1:0B9519763BE6625BD5ABCE175DCC59C96D100D4C
                                                                                                                                                                                                      SHA-256:9BE85B986EA66A6997DDE658ABE82B3147ED2A1A3DCB784BB5176F41D22815A6
                                                                                                                                                                                                      SHA-512:7ACF7F8E68AA6066B59CA9F2AE2E67997E6B347BC08EB788D2A119B3295C844B5B9606757168E8D2FBD61C2CDA367BF80E9E48C9A52C28D5A7A00464BFD2048F
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[........[....[....[...Rich..........PE..L.....1T.........."!......................... ...............................0..................................................<............................ ..4....................................................................................text...B........................... ..`.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\app-32.7z

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):61741847
                                                                                                                                                                                                      Entropy (8bit):7.999994280392845
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:786432:+3CxVBpYrPQHNaeGPO7QVg+ARNHrC8NTiD8Bk09DeIyTqEO1nbFli8J+VFTfHGde:Pqs0X+Qu+eWU+gDea7iSYfmuwpHc
                                                                                                                                                                                                      MD5:7C0BED70F849857509B58B28E6373235
                                                                                                                                                                                                      SHA1:3C102ADB83E8F7306307EC837E4C7DECCEDB6122
                                                                                                                                                                                                      SHA-256:1FA2BB851EA86BFF1838B2C2AF6BD0AB3177D71B9C06BBC2F08A40D3B9C84992
                                                                                                                                                                                                      SHA-512:F77BF85CD85F1457977CAB5C448A638400D1D368FB90C3E3BF1192071BA4E6E4ED523233F80A8F28C51CC9D66624E6D6F15D9DC59F18D75AF5ECD2A84E085F30
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:7z..'...+.a.........%.......s./f....]...6.........y......{c..qRl........o1....m.`.].J..Kq.../lwo....0{L.L...../w...3.C....l)./..{..)..6....F....v....J.+...6^.f#.4....:G./.(.m.C5.....+...aW.n..Fj..Q8...r..Q....\..rC~.....@.....r..B.E8...0..C......=K6..f....m.*S.r.J.me..*....8.ub..Z(4...|.;s..s.gy............Ws)8.e(...Gu.s.U;'.e.O*..`.b.....=...%|..w....1pY..(.'-...kQY....-.{..y.I..964..<.d?.Q...j....3P.......i...<0r.96OqFz.........pFf...Z.=.*.,..gZ.....k...}1..W.......C.Ct....oc_.v~;.mm.oF..r...w.d.N......1\....l8(L:...K./...=U.Ey............U......u.f_..c.3W...F.....g.es.B.nX..hZ...."..H...C..8.(pJ....H.Y&fu.0.#...I........r.bF.....K...+.Y...:=B.8.......m=7...n*.X......_Wc....ZL>......r...;...j&...#.IP.r..}.GQ...p.V...7..#\.$...<%+E.fW.~..'....:.T........e..LF@.-..H.[ZR.`.{8.,x..f.k.....V.'.8#bg.'"j..&.)....e..B.[.9..R.Y.....2.A^.........5:....:3..........7.....E.(#......."^}cj..Z~..3.v#.j.z..'.....8..._.+=....|A..8.

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsProcess.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):4608
                                                                                                                                                                                                      Entropy (8bit):4.703695912299512
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
                                                                                                                                                                                                      MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                                                                      SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                                                                      SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                                                                      SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\nsis7z.dll

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):434176
                                                                                                                                                                                                      Entropy (8bit):6.584811966667578
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                      MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                      SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                      SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                      SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\neatreader-updater\installer.exe

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):62455064
                                                                                                                                                                                                      Entropy (8bit):7.999814754145496
                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                      SSDEEP:786432:3y3CxVBpYrPQHNaeGPO7QVg+ARNHrC8NTiD8Bk09DeIyTqEO1nbFli8J+VFTfHG+:3zqs0X+Qu+eWU+gDea7iSYfmuwpH+/
                                                                                                                                                                                                      MD5:DEF17C832C3E8169A69D3E854193F59B
                                                                                                                                                                                                      SHA1:9C0A89EA5F757E411B04CD39CAE2EE77F1EA3093
                                                                                                                                                                                                      SHA-256:CCDC54FC8400B225B46216F3172A57433B99E78F3ACB7DF4FF7D4B7AB56327DE
                                                                                                                                                                                                      SHA-512:BAE92FE973C76945A1D73F86C56EE5E832942FE640D786199D19111000520B12DC9F5DD2F531DFAB62C809AECFEE0D3B151D7E7C8674D463D4AD64DC7EA9F38D
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@..........................p............@..........................................p..............h....I...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Local\neatreader-updater\installer.exe:Zone.Identifier

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Qn:Qn
                                                                                                                                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Qn:Qn
                                                                                                                                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Qn:Qn
                                                                                                                                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:..

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\1f5a889d-2681-4ebb-a159-f0db51483b1a.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                      Entropy (8bit):4.283088322451805
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                                      MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                                      SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                                      SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                                      SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\80fd8e50-000d-414a-a0b3-09d9bdb33977.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):292
                                                                                                                                                                                                      Entropy (8bit):5.0170465520540315
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:YHpoNXR8+eqjgX59edGHShsDHF4R8HgL+MZS7PMVKJTnMRK3VY:YHO8sEXWGyhsBdKU7E4T3y
                                                                                                                                                                                                      MD5:FE7804D3BB98C2FF45B66101FED6902F
                                                                                                                                                                                                      SHA1:71152E3C10E8C1F2920B5108FC2CFA2EBF9708C2
                                                                                                                                                                                                      SHA-256:631FC832EC36D7DCDAC871FD0DBE32612017F1C045D98963F8D51F1E35E56706
                                                                                                                                                                                                      SHA-512:569E62A588043977245BF70C3A49B248D6F324EB99FDADCDB961EF4A93AEFCA8316754FCB273A936A70D8B54EC4D9CBF6FD6887CAC57FEB868B82F4AA2975B25
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13374612306913566","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.google-analytics.com"}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cache\data_0

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cache\data_1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cache\data_2

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cache\data_3

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cache\index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):524656
                                                                                                                                                                                                      Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:LsFlPlRz:LsFR
                                                                                                                                                                                                      MD5:758E56CF9E209144D2F8918F27E4E201
                                                                                                                                                                                                      SHA1:9211640153FC331C90E849A7A6CBC9A66E9568F6
                                                                                                                                                                                                      SHA-256:3FCAE11B525EC9EB55400F3255B1198AA5D8C4AFB397898F9CBA3B9C84D4068B
                                                                                                                                                                                                      SHA-512:1B4ABF2F820C572A1A8CD93F490B5C3C62692E00A0B418D6DEBB4A91308B133E7662B1F9F53A2F82AE3C773B94A544A907730EA8FB67D47F494D9DD1368E5C24
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................rl2../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\js\index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Jpn0tTErbyyWKln:GgrWyWKl
                                                                                                                                                                                                      MD5:866329ACF7985D1275FDA42310D91C2A
                                                                                                                                                                                                      SHA1:3F489BF7049C9103AAD64F2637E651098E104766
                                                                                                                                                                                                      SHA-256:0478BF8F107283047687B6FF3EFFF46B1366E28F9C3F0C0DA394CCB6AC209F81
                                                                                                                                                                                                      SHA-512:E46E028E34AD51A5F8269C0F6F33487684350991C5A494511A5F88B5D9A5CF25E991ECF00CDFE644A14119A446628778EF37CB63D5D3D0E52C7267D86B618E73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(.......oy retne........................w~.../.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Jpn0tTErbyyWKln:GgrWyWKl
                                                                                                                                                                                                      MD5:866329ACF7985D1275FDA42310D91C2A
                                                                                                                                                                                                      SHA1:3F489BF7049C9103AAD64F2637E651098E104766
                                                                                                                                                                                                      SHA-256:0478BF8F107283047687B6FF3EFFF46B1366E28F9C3F0C0DA394CCB6AC209F81
                                                                                                                                                                                                      SHA-512:E46E028E34AD51A5F8269C0F6F33487684350991C5A494511A5F88B5D9A5CF25E991ECF00CDFE644A14119A446628778EF37CB63D5D3D0E52C7267D86B618E73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(.......oy retne........................w~.../.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\wasm\index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Jpn0tTErbyyWKln:GgrWyWKl
                                                                                                                                                                                                      MD5:866329ACF7985D1275FDA42310D91C2A
                                                                                                                                                                                                      SHA1:3F489BF7049C9103AAD64F2637E651098E104766
                                                                                                                                                                                                      SHA-256:0478BF8F107283047687B6FF3EFFF46B1366E28F9C3F0C0DA394CCB6AC209F81
                                                                                                                                                                                                      SHA-512:E46E028E34AD51A5F8269C0F6F33487684350991C5A494511A5F88B5D9A5CF25E991ECF00CDFE644A14119A446628778EF37CB63D5D3D0E52C7267D86B618E73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(.......oy retne........................w~.../.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:Jpn0tTErbyyWKln:GgrWyWKl
                                                                                                                                                                                                      MD5:866329ACF7985D1275FDA42310D91C2A
                                                                                                                                                                                                      SHA1:3F489BF7049C9103AAD64F2637E651098E104766
                                                                                                                                                                                                      SHA-256:0478BF8F107283047687B6FF3EFFF46B1366E28F9C3F0C0DA394CCB6AC209F81
                                                                                                                                                                                                      SHA-512:E46E028E34AD51A5F8269C0F6F33487684350991C5A494511A5F88B5D9A5CF25E991ECF00CDFE644A14119A446628778EF37CB63D5D3D0E52C7267D86B618E73
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:(.......oy retne........................w~.../.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Cookies

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                      Entropy (8bit):0.5490452575616273
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:24:TL6ErbXaFpEO5bNmISHnCWm06UwcQ5n5fB:TOErLOpEO5J/Knvm7U1QpB
                                                                                                                                                                                                      MD5:7F20CE947282339C895303C49B3DFE93
                                                                                                                                                                                                      SHA1:6FFC90A15813599BD8A24366AE9305130C965E0D
                                                                                                                                                                                                      SHA-256:88EEA6964B1637FD157CE8E85A26DE0A96849F112809C0705F6CACE0F1B34706
                                                                                                                                                                                                      SHA-512:358CC24210BC4DB01C9A8E11264206943094B4AB2F79A851F97A4BC4BCB72C053BE727A54B20F58BE9E185DE35C5DDAA4CD02C079FD95716EE602CE0FB4FA183
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Crashpad\settings.dat

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                      Entropy (8bit):3.39546184423832
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:FkWXl47GU:92GU
                                                                                                                                                                                                      MD5:EE4D1ECD79BB59E0D701DEB371D4FE8D
                                                                                                                                                                                                      SHA1:AECACA2E76FE65862A671D0A4731B94910B1C72F
                                                                                                                                                                                                      SHA-256:D8262F162025B3CF68DA0FD9879456064FAB3DABE2B0369D5AF2359B216AA4B0
                                                                                                                                                                                                      SHA-512:4BD4C0FEED8D30F13C93E54BC042637B21272C87285ABE7E80D90FB4CFF5AF996A05B8581750281D49FF42DC53679EF430CA7CBC469B3C621C93142039221114
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:sdPC....................:.*.2Nc@...`.z_.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\GPUCache\data_0

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\GPUCache\data_1

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\GPUCache\data_2

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\GPUCache\data_3

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\GPUCache\index

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                      Entropy (8bit):9.629307656487099E-4
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:LsFl0lfyW:LsFKaW
                                                                                                                                                                                                      MD5:77EFFFC74866C200EB42A3FC2D710A48
                                                                                                                                                                                                      SHA1:A0F9B058F9D08F1DFDED07639491CD7174D7C142
                                                                                                                                                                                                      SHA-256:01456C32C2676E797A34960A1B9446D53041880028AB8FC9D72A5932F7B71375
                                                                                                                                                                                                      SHA-512:234504177E2D652C48BDF35B423810A652FDB67435853234252EA352EB78201ABC61A2449F3D89585D7F8D821257954ED68172B4E239F71A7D8A2D13D0A00ED4
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.........................................d.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb\000003.log

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):368
                                                                                                                                                                                                      Entropy (8bit):5.645604980076646
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:o54umioyXkEpEgieEzWOpWDKaJI5LM6oM1ybm/dF4f/d6yBUVBJHzJKDkFTcMEPO:orLXNpLyoWaOLM6R8bEF4liEDpME2B
                                                                                                                                                                                                      MD5:E7A3F1FF100A72645D09EC6B2BEC3602
                                                                                                                                                                                                      SHA1:72E093505E52D459FB9BB7A66917F3163A729C85
                                                                                                                                                                                                      SHA-256:CB87C7DCAB5C1546A25C496976C572E302C67BB6D6990F13848692DAA067F8AC
                                                                                                                                                                                                      SHA-512:4B80FFA7CEC27F3E1C0F6D09A501EA366EA9A9435E9DB0D0B6F09938A4186F5C46DFDB00250AE55052CC9FD7277E5136178AEFD2A2F5B5368ED944D4BF8BCB4B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:'...i................VERSION.1..META:file://............._file://..appData...{"deviceId":"7d35a5b3-2483-49b4-b7f8-8a28fc4adbef","bookDataDirPath":"C:\\Users\\user\\AppData\\Roaming\\NeatReader\\bookData\\","osType":"windows","osVersion":"10.0.19045","appVersion":"8.1.4","mainWindowHeight":885,"mainWindowWidth":1024,"zoomRatio":1}. _file://.._isLocalStorageEnabled

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb\LOG

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):251
                                                                                                                                                                                                      Entropy (8bit):5.229845484128327
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:PE7QTDQ81wknaZ5UQMk/2jM8B2KLllE7QXQ+q2PwknaZ5UQMk/2jMGIFUv:PAeEbrHUQMkgFLnAivYrHUQMkzFUv
                                                                                                                                                                                                      MD5:36F2AAE43439D93D23F8499E87EC432E
                                                                                                                                                                                                      SHA1:CAA8E1EBAD0800D5D4B0B93DF8468778834A9DA2
                                                                                                                                                                                                      SHA-256:7ECCBF67089B774A727C35F76DAFDDF4D1771E96E5C8F4ACEAF812FD3883481F
                                                                                                                                                                                                      SHA-512:3B457996556FF5D57283678A98891B5C09A86B362F92E81B12545A4FE7D6C808F2FFBD69A31551B31EAE3B22494539BB4A01E37BD85B41784B07EC4A658B212B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:2024/09/28-14:04:58.718 f48 Creating DB C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb since it was missing..2024/09/28-14:04:58.779 f48 Reusing MANIFEST C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Network Persistent State (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                      Entropy (8bit):4.619434150836742
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                      MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                      SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                      SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                      SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Network Persistent State~RF465ce0.TMP (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                      Entropy (8bit):4.619434150836742
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                      MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                      SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                      SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                      SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\Preferences (copy)

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                      Entropy (8bit):4.283088322451805
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                                      MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                                      SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                                      SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                                      SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\appData

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):256
                                                                                                                                                                                                      Entropy (8bit):5.111183648168012
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:6:YogieEzWOpWDKaJI5LM6oM1ybm/dF4f/d6yBUVBJHzJv:Y/yoWaOLM6R8bEF4lil
                                                                                                                                                                                                      MD5:B198E156D68CE1C43DE95240FD7AF9F1
                                                                                                                                                                                                      SHA1:7A29BB290B147B6D2AE3FD02AB146B395BD29B11
                                                                                                                                                                                                      SHA-256:1E20E3E000CCA841285A89FF35E78974F1D8105C17C93B997D69556F03255A35
                                                                                                                                                                                                      SHA-512:38FCAAA432B316E4353D5697D6832A103AF4C9EC6C7599C92F8358F69868229A17A2BCCA207AB7A6A49870131CDD4D9E2675AE782782EEDFFFDDB596A46BB82E
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"deviceId":"7d35a5b3-2483-49b4-b7f8-8a28fc4adbef","bookDataDirPath":"C:\\Users\\user\\AppData\\Roaming\\NeatReader\\bookData\\","osType":"windows","osVersion":"10.0.19045","appVersion":"8.1.4","mainWindowHeight":885,"mainWindowWidth":1024,"zoomRatio":1}.

                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\NeatReader\d268c016-d213-489e-89a7-0728295cf806.tmp

                                                                                                                                                                                                      Download File
                                                                                                                                                                                                      Process:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                      Entropy (8bit):4.619434150836742
                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                      SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                      MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                      SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                      SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                      SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                      Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                      Entropy (8bit):7.999814754145496
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      File size:62'455'064 bytes
                                                                                                                                                                                                      MD5:def17c832c3e8169a69d3e854193f59b
                                                                                                                                                                                                      SHA1:9c0a89ea5f757e411b04cd39cae2ee77f1ea3093
                                                                                                                                                                                                      SHA256:ccdc54fc8400b225b46216f3172a57433b99e78f3acb7df4ff7d4b7ab56327de
                                                                                                                                                                                                      SHA512:bae92fe973c76945a1d73f86c56ee5e832942fe640d786199d19111000520b12dc9f5dd2f531dfab62c809aecfee0d3b151d7e7c8674d463d4ad64dc7ea9f38d
                                                                                                                                                                                                      SSDEEP:786432:3y3CxVBpYrPQHNaeGPO7QVg+ARNHrC8NTiD8Bk09DeIyTqEO1nbFli8J+VFTfHG+:3zqs0X+Qu+eWU+gDea7iSYfmuwpH+/
                                                                                                                                                                                                      TLSH:A8D7338867F5F20AE481FF3D6862BBBA2C675D921C34D5778311B6B8C43FDC219A0694
                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:2182510f69693345

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x40338f
                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                                                      Signature Issuer:CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US
                                                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                      Error Number:0
                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                      • 08/03/2021 03:37:51 26/02/2023 02:27:40
                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                      • CN=\u5317\u4eac\u9ad8\u77e5\u56fe\u65b0\u6559\u80b2\u79d1\u6280\u6709\u9650\u516c\u53f8, O=\u5317\u4eac\u9ad8\u77e5\u56fe\u65b0\u6559\u80b2\u79d1\u6280\u6709\u9650\u516c\u53f8, L=\u6d77\u6dc0\u533a, S=\u5317\u4eac\u5e02, C=CN
                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                      Thumbprint MD5:71DAC99A263B379A9DB4F9F47358B25E
                                                                                                                                                                                                      Thumbprint SHA-1:8E25D6DBF7DCB12D5495092CC9CE2092C85AB9EA
                                                                                                                                                                                                      Thumbprint SHA-256:1A97A0973AA7473D8079C00120DE1B141CA9189EDB5A904BF229E8899CE41F2B
                                                                                                                                                                                                      Serial:7F8C2FEC20F605B9

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      push esi
                                                                                                                                                                                                      push edi
                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                      mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                      mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                      call dword ptr [004080A8h]
                                                                                                                                                                                                      call dword ptr [004080A4h]
                                                                                                                                                                                                      and eax, BFFFFFFFh
                                                                                                                                                                                                      cmp ax, 00000006h
                                                                                                                                                                                                      mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                      je 00007F9F0C4B32B3h
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      call 00007F9F0C4B6565h
                                                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                                                      je 00007F9F0C4B32A9h
                                                                                                                                                                                                      push 00000C00h
                                                                                                                                                                                                      call eax
                                                                                                                                                                                                      mov esi, 004082B0h
                                                                                                                                                                                                      push esi
                                                                                                                                                                                                      call 00007F9F0C4B64DFh
                                                                                                                                                                                                      push esi
                                                                                                                                                                                                      call dword ptr [00408150h]
                                                                                                                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                      cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                      jne 00007F9F0C4B328Ch
                                                                                                                                                                                                      push 0000000Ah
                                                                                                                                                                                                      call 00007F9F0C4B6538h
                                                                                                                                                                                                      push 00000008h
                                                                                                                                                                                                      call 00007F9F0C4B6531h
                                                                                                                                                                                                      push 00000006h
                                                                                                                                                                                                      mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                      call 00007F9F0C4B6525h
                                                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                                                      je 00007F9F0C4B32B1h
                                                                                                                                                                                                      push 0000001Eh
                                                                                                                                                                                                      call eax
                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                      je 00007F9F0C4B32A9h
                                                                                                                                                                                                      or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                      call dword ptr [00408044h]
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      call dword ptr [004082A0h]
                                                                                                                                                                                                      mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                      push 000002B4h
                                                                                                                                                                                                      push eax
                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                      push 00440208h
                                                                                                                                                                                                      call dword ptr [00408188h]
                                                                                                                                                                                                      push 0040A2C8h

                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1970000x1fef8.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x3b8b3680x49b0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                      .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .ndata0x7b0000x11c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .rsrc0x1970000x1fef80x20000daa3991a8e6c8615435be12a95cd045aFalse0.08336639404296875data3.9747389589730684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_ICON0x1975980x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2795 x 2795 px/mEnglishUnited States0.028673252099846207
                                                                                                                                                                                                      RT_ICON0x1a7dc00x5660Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2795 x 2795 px/mEnglishUnited States0.04065665701881331
                                                                                                                                                                                                      RT_ICON0x1ad4200x4228Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2795 x 2795 px/mEnglishUnited States0.04517005196032121
                                                                                                                                                                                                      RT_ICON0x1b16480x25a8PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.4579875518672199
                                                                                                                                                                                                      RT_ICON0x1b3bf00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2795 x 2795 px/mEnglishUnited States0.11186679174484053
                                                                                                                                                                                                      RT_ICON0x1b4c980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2795 x 2795 px/mEnglishUnited States0.24556737588652483
                                                                                                                                                                                                      RT_DIALOG0x1b51000x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                      RT_DIALOG0x1b53080xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                      RT_DIALOG0x1b54000xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                      RT_DIALOG0x1b54f00x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                      RT_DIALOG0x1b56f00xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                      RT_DIALOG0x1b57e00xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                      RT_DIALOG0x1b58c80x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                      RT_DIALOG0x1b5ab80xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                      RT_DIALOG0x1b5ba00xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                      RT_DIALOG0x1b5c800x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                      RT_DIALOG0x1b5e700xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                      RT_DIALOG0x1b5f580xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                      RT_DIALOG0x1b60380x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                      RT_DIALOG0x1b62300xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                      RT_DIALOG0x1b63180xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                      RT_DIALOG0x1b63f80x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                      RT_DIALOG0x1b66000xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                      RT_DIALOG0x1b66f80xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                      RT_GROUP_ICON0x1b67e80x5adataEnglishUnited States0.7777777777777778
                                                                                                                                                                                                      RT_VERSION0x1b68480x27cdataEnglishUnited States0.5
                                                                                                                                                                                                      RT_MANIFEST0x1b6ac80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      No network behavior found

                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                      Start time:14:04:37
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\NeatReader Setup 8.1.4.exe"
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      File size:62'455'064 bytes
                                                                                                                                                                                                      MD5 hash:DEF17C832C3E8169A69D3E854193F59B
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                      Start time:14:04:53
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe"
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                      Start time:14:04:56
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\NeatReader /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\NeatReader\Crashpad --url=http://localhost:9000 "--annotation=_companyName=Gauzy Tech" "--annotation=_productName=NeatReader Desk App" --annotation=_version=8.1.4 --annotation=prod=Electron --annotation=ver=13.0.1 --initial-client-data=0x47c,0x480,0x484,0x474,0x488,0x6df17c0,0x6df17d0,0x6df17dc
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                      Start time:14:04:59
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=gpu-process --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                      Start time:14:05:01
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                      Start time:14:05:02
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                      Start time:14:05:06
                                                                                                                                                                                                      Start date:28/09/2024
                                                                                                                                                                                                      Path:C:\Program Files (x86)\NeatReader\NeatReader.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\NeatReader\NeatReader.exe" --type=renderer --field-trial-handle=1552,1988588544556221443,12342627507894332772,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-GB --app-path="C:\Program Files (x86)\NeatReader\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 /prefetch:1
                                                                                                                                                                                                      Imagebase:0x70000
                                                                                                                                                                                                      File size:117'631'920 bytes
                                                                                                                                                                                                      MD5 hash:C64AD6EB36F7AF719A1DA46A9DAEEC8A
                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:27.7%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                        Signature Coverage:21.3%
                                                                                                                                                                                                        Total number of Nodes:1388
                                                                                                                                                                                                        Total number of Limit Nodes:40
                                                                                                                                                                                                        execution_graph 3023 4015c1 3042 402c41 3023->3042 3027 401631 3029 401663 3027->3029 3030 401636 3027->3030 3032 401423 24 API calls 3029->3032 3066 401423 3030->3066 3039 40165b 3032->3039 3037 40164a SetCurrentDirectoryW 3037->3039 3038 4015d1 3038->3027 3040 401617 GetFileAttributesW 3038->3040 3054 405bbc 3038->3054 3058 40588b 3038->3058 3061 4057f1 CreateDirectoryW 3038->3061 3070 40586e CreateDirectoryW 3038->3070 3040->3038 3043 402c4d 3042->3043 3073 4062dc 3043->3073 3046 4015c8 3048 405c3a CharNextW CharNextW 3046->3048 3049 405c57 3048->3049 3052 405c69 3048->3052 3051 405c64 CharNextW 3049->3051 3049->3052 3050 405c8d 3050->3038 3051->3050 3052->3050 3053 405bbc CharNextW 3052->3053 3053->3052 3055 405bc2 3054->3055 3056 405bd8 3055->3056 3057 405bc9 CharNextW 3055->3057 3056->3038 3057->3055 3111 406694 GetModuleHandleA 3058->3111 3062 405842 GetLastError 3061->3062 3063 40583e 3061->3063 3062->3063 3064 405851 SetFileSecurityW 3062->3064 3063->3038 3064->3063 3065 405867 GetLastError 3064->3065 3065->3063 3120 405322 3066->3120 3069 4062ba lstrcpynW 3069->3037 3071 405882 GetLastError 3070->3071 3072 40587e 3070->3072 3071->3072 3072->3038 3076 4062e9 3073->3076 3074 406534 3075 402c6e 3074->3075 3106 4062ba lstrcpynW 3074->3106 3075->3046 3090 40654e 3075->3090 3076->3074 3078 406502 lstrlenW 3076->3078 3079 4062dc 10 API calls 3076->3079 3082 406417 GetSystemDirectoryW 3076->3082 3084 40642a GetWindowsDirectoryW 3076->3084 3085 40654e 5 API calls 3076->3085 3086 4062dc 10 API calls 3076->3086 3087 4064a5 lstrcatW 3076->3087 3088 40645e SHGetSpecialFolderLocation 3076->3088 3099 406188 3076->3099 3104 406201 wsprintfW 3076->3104 3105 4062ba lstrcpynW 3076->3105 3078->3076 3079->3078 3082->3076 3084->3076 3085->3076 3086->3076 3087->3076 3088->3076 3089 406476 SHGetPathFromIDListW CoTaskMemFree 3088->3089 3089->3076 3096 40655b 3090->3096 3091 4065d6 CharPrevW 3093 4065d1 3091->3093 3092 4065c4 CharNextW 3092->3093 3092->3096 3093->3091 3094 4065f7 3093->3094 3094->3046 3095 405bbc CharNextW 3095->3096 3096->3092 3096->3093 3096->3095 3097 4065b0 CharNextW 3096->3097 3098 4065bf CharNextW 3096->3098 3097->3096 3098->3092 3107 406127 3099->3107 3102 4061ec 3102->3076 3103 4061bc RegQueryValueExW RegCloseKey 3103->3102 3104->3076 3105->3076 3106->3075 3108 406136 3107->3108 3109 40613a 3108->3109 3110 40613f RegOpenKeyExW 3108->3110 3109->3102 3109->3103 3110->3109 3112 4066b0 3111->3112 3113 4066ba GetProcAddress 3111->3113 3117 406624 GetSystemDirectoryW 3112->3117 3116 405892 3113->3116 3115 4066b6 3115->3113 3115->3116 3116->3038 3118 406646 wsprintfW LoadLibraryExW 3117->3118 3118->3115 3121 40533d 3120->3121 3122 401431 3120->3122 3123 405359 lstrlenW 3121->3123 3126 4062dc 17 API calls 3121->3126 3122->3069 3124 405382 3123->3124 3125 405367 lstrlenW 3123->3125 3128 405395 3124->3128 3129 405388 SetWindowTextW 3124->3129 3125->3122 3127 405379 lstrcatW 3125->3127 3126->3123 3127->3124 3128->3122 3130 40539b SendMessageW SendMessageW SendMessageW 3128->3130 3129->3128 3130->3122 3131 401941 3132 401943 3131->3132 3133 402c41 17 API calls 3132->3133 3134 401948 3133->3134 3137 4059cc 3134->3137 3173 405c97 3137->3173 3140 4059f4 DeleteFileW 3170 401951 3140->3170 3141 405a0b 3146 405b2b 3141->3146 3187 4062ba lstrcpynW 3141->3187 3143 405a31 3144 405a44 3143->3144 3145 405a37 lstrcatW 3143->3145 3188 405bdb lstrlenW 3144->3188 3147 405a4a 3145->3147 3146->3170 3206 4065fd FindFirstFileW 3146->3206 3150 405a5a lstrcatW 3147->3150 3152 405a65 lstrlenW FindFirstFileW 3147->3152 3150->3152 3152->3146 3171 405a87 3152->3171 3155 405b0e FindNextFileW 3159 405b24 FindClose 3155->3159 3155->3171 3156 405984 5 API calls 3158 405b66 3156->3158 3160 405b80 3158->3160 3161 405b6a 3158->3161 3159->3146 3163 405322 24 API calls 3160->3163 3164 405322 24 API calls 3161->3164 3161->3170 3163->3170 3166 405b77 3164->3166 3165 4059cc 60 API calls 3165->3171 3168 406080 36 API calls 3166->3168 3167 405322 24 API calls 3167->3155 3168->3170 3169 405322 24 API calls 3169->3171 3171->3155 3171->3165 3171->3167 3171->3169 3192 4062ba lstrcpynW 3171->3192 3193 405984 3171->3193 3201 406080 MoveFileExW 3171->3201 3212 4062ba lstrcpynW 3173->3212 3175 405ca8 3176 405c3a 4 API calls 3175->3176 3177 405cae 3176->3177 3178 4059ec 3177->3178 3179 40654e 5 API calls 3177->3179 3178->3140 3178->3141 3185 405cbe 3179->3185 3180 405cef lstrlenW 3181 405cfa 3180->3181 3180->3185 3183 405b8f 3 API calls 3181->3183 3182 4065fd 2 API calls 3182->3185 3184 405cff GetFileAttributesW 3183->3184 3184->3178 3185->3178 3185->3180 3185->3182 3186 405bdb 2 API calls 3185->3186 3186->3180 3187->3143 3189 405be9 3188->3189 3190 405bfb 3189->3190 3191 405bef CharPrevW 3189->3191 3190->3147 3191->3189 3191->3190 3192->3171 3213 405d8b GetFileAttributesW 3193->3213 3196 4059b1 3196->3171 3197 4059a7 DeleteFileW 3199 4059ad 3197->3199 3198 40599f RemoveDirectoryW 3198->3199 3199->3196 3200 4059bd SetFileAttributesW 3199->3200 3200->3196 3202 4060a3 3201->3202 3203 406094 3201->3203 3202->3171 3216 405f06 3203->3216 3207 406613 FindClose 3206->3207 3208 405b50 3206->3208 3207->3208 3208->3170 3209 405b8f lstrlenW CharPrevW 3208->3209 3210 405b5a 3209->3210 3211 405bab lstrcatW 3209->3211 3210->3156 3211->3210 3212->3175 3214 405990 3213->3214 3215 405d9d SetFileAttributesW 3213->3215 3214->3196 3214->3197 3214->3198 3215->3214 3217 405f36 3216->3217 3218 405f5c GetShortPathNameW 3216->3218 3243 405db0 GetFileAttributesW CreateFileW 3217->3243 3220 405f71 3218->3220 3221 40607b 3218->3221 3220->3221 3223 405f79 wsprintfA 3220->3223 3221->3202 3222 405f40 CloseHandle GetShortPathNameW 3222->3221 3224 405f54 3222->3224 3225 4062dc 17 API calls 3223->3225 3224->3218 3224->3221 3226 405fa1 3225->3226 3244 405db0 GetFileAttributesW CreateFileW 3226->3244 3228 405fae 3228->3221 3229 405fbd GetFileSize GlobalAlloc 3228->3229 3230 406074 CloseHandle 3229->3230 3231 405fdf 3229->3231 3230->3221 3245 405e33 ReadFile 3231->3245 3236 406012 3238 405d15 4 API calls 3236->3238 3237 405ffe lstrcpyA 3239 406020 3237->3239 3238->3239 3240 406057 SetFilePointer 3239->3240 3252 405e62 WriteFile 3240->3252 3243->3222 3244->3228 3246 405e51 3245->3246 3246->3230 3247 405d15 lstrlenA 3246->3247 3248 405d56 lstrlenA 3247->3248 3249 405d5e 3248->3249 3250 405d2f lstrcmpiA 3248->3250 3249->3236 3249->3237 3250->3249 3251 405d4d CharNextA 3250->3251 3251->3248 3253 405e80 GlobalFree 3252->3253 3253->3230 3422 401e49 3423 402c1f 17 API calls 3422->3423 3424 401e4f 3423->3424 3425 402c1f 17 API calls 3424->3425 3426 401e5b 3425->3426 3427 401e72 EnableWindow 3426->3427 3428 401e67 ShowWindow 3426->3428 3429 402ac5 3427->3429 3428->3429 3941 40264a 3942 402c1f 17 API calls 3941->3942 3950 402659 3942->3950 3943 402796 3944 4026a3 ReadFile 3944->3943 3944->3950 3945 405e33 ReadFile 3945->3950 3947 4026e3 MultiByteToWideChar 3947->3950 3948 402798 3963 406201 wsprintfW 3948->3963 3950->3943 3950->3944 3950->3945 3950->3947 3950->3948 3951 402709 SetFilePointer MultiByteToWideChar 3950->3951 3952 4027a9 3950->3952 3954 405e91 SetFilePointer 3950->3954 3951->3950 3952->3943 3953 4027ca SetFilePointer 3952->3953 3953->3943 3955 405ead 3954->3955 3962 405ec5 3954->3962 3956 405e33 ReadFile 3955->3956 3957 405eb9 3956->3957 3958 405ef6 SetFilePointer 3957->3958 3959 405ece SetFilePointer 3957->3959 3957->3962 3958->3962 3959->3958 3960 405ed9 3959->3960 3961 405e62 WriteFile 3960->3961 3961->3962 3962->3950 3963->3943 3967 4016cc 3968 402c41 17 API calls 3967->3968 3969 4016d2 GetFullPathNameW 3968->3969 3970 40170e 3969->3970 3971 4016ec 3969->3971 3972 401723 GetShortPathNameW 3970->3972 3973 402ac5 3970->3973 3971->3970 3974 4065fd 2 API calls 3971->3974 3972->3973 3975 4016fe 3974->3975 3975->3970 3977 4062ba lstrcpynW 3975->3977 3977->3970 3978 40234e 3979 402c41 17 API calls 3978->3979 3980 40235d 3979->3980 3981 402c41 17 API calls 3980->3981 3982 402366 3981->3982 3983 402c41 17 API calls 3982->3983 3984 402370 GetPrivateProfileStringW 3983->3984 3710 4038d0 3711 4038e8 3710->3711 3712 4038da CloseHandle 3710->3712 3717 403915 3711->3717 3712->3711 3715 4059cc 67 API calls 3716 4038f9 3715->3716 3719 403923 3717->3719 3718 4038ed 3718->3715 3719->3718 3720 403928 FreeLibrary GlobalFree 3719->3720 3720->3718 3720->3720 3985 401b53 3986 402c41 17 API calls 3985->3986 3987 401b5a 3986->3987 3988 402c1f 17 API calls 3987->3988 3989 401b63 wsprintfW 3988->3989 3990 402ac5 3989->3990 3991 401956 3992 402c41 17 API calls 3991->3992 3993 40195d lstrlenW 3992->3993 3994 402592 3993->3994 3995 4014d7 3996 402c1f 17 API calls 3995->3996 3997 4014dd Sleep 3996->3997 3999 402ac5 3997->3999 3824 403d58 3825 403d70 3824->3825 3826 403eab 3824->3826 3825->3826 3827 403d7c 3825->3827 3828 403efc 3826->3828 3829 403ebc GetDlgItem GetDlgItem 3826->3829 3832 403d87 SetWindowPos 3827->3832 3833 403d9a 3827->3833 3831 403f56 3828->3831 3841 401389 2 API calls 3828->3841 3830 404231 18 API calls 3829->3830 3836 403ee6 SetClassLongW 3830->3836 3837 40427d SendMessageW 3831->3837 3857 403ea6 3831->3857 3832->3833 3834 403db7 3833->3834 3835 403d9f ShowWindow 3833->3835 3838 403dd9 3834->3838 3839 403dbf DestroyWindow 3834->3839 3835->3834 3840 40140b 2 API calls 3836->3840 3851 403f68 3837->3851 3842 403dde SetWindowLongW 3838->3842 3843 403def 3838->3843 3894 4041ba 3839->3894 3840->3828 3844 403f2e 3841->3844 3842->3857 3846 403e98 3843->3846 3847 403dfb GetDlgItem 3843->3847 3844->3831 3848 403f32 SendMessageW 3844->3848 3845 4041bc DestroyWindow EndDialog 3845->3894 3854 404298 8 API calls 3846->3854 3852 403e2b 3847->3852 3853 403e0e SendMessageW IsWindowEnabled 3847->3853 3848->3857 3849 40140b 2 API calls 3849->3851 3850 4041eb ShowWindow 3850->3857 3851->3845 3851->3849 3855 4062dc 17 API calls 3851->3855 3851->3857 3866 404231 18 API calls 3851->3866 3869 404231 18 API calls 3851->3869 3885 4040fc DestroyWindow 3851->3885 3856 403e30 3852->3856 3858 403e38 3852->3858 3860 403e7f SendMessageW 3852->3860 3861 403e4b 3852->3861 3853->3852 3853->3857 3854->3857 3855->3851 3859 40420a SendMessageW 3856->3859 3858->3856 3858->3860 3862 403e66 3859->3862 3860->3846 3863 403e53 3861->3863 3864 403e68 3861->3864 3862->3846 3865 40140b 2 API calls 3863->3865 3867 40140b 2 API calls 3864->3867 3865->3856 3866->3851 3868 403e6f 3867->3868 3868->3846 3868->3856 3870 403fe3 GetDlgItem 3869->3870 3871 404000 ShowWindow KiUserCallbackDispatcher 3870->3871 3872 403ff8 3870->3872 3895 404253 KiUserCallbackDispatcher 3871->3895 3872->3871 3874 40402a EnableWindow 3879 40403e 3874->3879 3875 404043 GetSystemMenu EnableMenuItem SendMessageW 3876 404073 SendMessageW 3875->3876 3875->3879 3876->3879 3878 403d39 18 API calls 3878->3879 3879->3875 3879->3878 3896 404266 SendMessageW 3879->3896 3897 4062ba lstrcpynW 3879->3897 3881 4040a2 lstrlenW 3882 4062dc 17 API calls 3881->3882 3883 4040b8 SetWindowTextW 3882->3883 3884 401389 2 API calls 3883->3884 3884->3851 3886 404116 CreateDialogParamW 3885->3886 3885->3894 3887 404149 3886->3887 3886->3894 3888 404231 18 API calls 3887->3888 3889 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3888->3889 3890 401389 2 API calls 3889->3890 3891 40419a 3890->3891 3891->3857 3892 4041a2 ShowWindow 3891->3892 3893 40427d SendMessageW 3892->3893 3893->3894 3894->3850 3894->3857 3895->3874 3896->3879 3897->3881 4000 401f58 4001 402c41 17 API calls 4000->4001 4002 401f5f 4001->4002 4003 4065fd 2 API calls 4002->4003 4004 401f65 4003->4004 4006 401f76 4004->4006 4007 406201 wsprintfW 4004->4007 4007->4006 3898 402259 3899 402c41 17 API calls 3898->3899 3900 40225f 3899->3900 3901 402c41 17 API calls 3900->3901 3902 402268 3901->3902 3903 402c41 17 API calls 3902->3903 3904 402271 3903->3904 3905 4065fd 2 API calls 3904->3905 3906 40227a 3905->3906 3907 40228b lstrlenW lstrlenW 3906->3907 3908 40227e 3906->3908 3910 405322 24 API calls 3907->3910 3909 405322 24 API calls 3908->3909 3911 402286 3908->3911 3909->3911 3912 4022c9 SHFileOperationW 3910->3912 3912->3908 3912->3911 4008 4046db 4009 404711 4008->4009 4010 4046eb 4008->4010 4012 404298 8 API calls 4009->4012 4011 404231 18 API calls 4010->4011 4013 4046f8 SetDlgItemTextW 4011->4013 4014 40471d 4012->4014 4013->4009 3913 40175c 3914 402c41 17 API calls 3913->3914 3915 401763 3914->3915 3916 405ddf 2 API calls 3915->3916 3917 40176a 3916->3917 3918 405ddf 2 API calls 3917->3918 3918->3917 4015 401d5d GetDlgItem GetClientRect 4016 402c41 17 API calls 4015->4016 4017 401d8f LoadImageW SendMessageW 4016->4017 4018 402ac5 4017->4018 4019 401dad DeleteObject 4017->4019 4019->4018 4020 4022dd 4021 4022e4 4020->4021 4024 4022f7 4020->4024 4022 4062dc 17 API calls 4021->4022 4023 4022f1 4022->4023 4025 405920 MessageBoxIndirectW 4023->4025 4025->4024 3254 405461 3255 405482 GetDlgItem GetDlgItem GetDlgItem 3254->3255 3256 40560b 3254->3256 3300 404266 SendMessageW 3255->3300 3258 405614 GetDlgItem CreateThread CloseHandle 3256->3258 3259 40563c 3256->3259 3258->3259 3323 4053f5 OleInitialize 3258->3323 3261 405667 3259->3261 3264 405653 ShowWindow ShowWindow 3259->3264 3265 40568c 3259->3265 3260 4054f2 3269 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3260->3269 3262 405673 3261->3262 3263 4056c7 3261->3263 3266 4056a1 ShowWindow 3262->3266 3267 40567b 3262->3267 3263->3265 3277 4056d5 SendMessageW 3263->3277 3305 404266 SendMessageW 3264->3305 3309 404298 3265->3309 3273 4056c1 3266->3273 3274 4056b3 3266->3274 3306 40420a 3267->3306 3275 405567 3269->3275 3276 40554b SendMessageW SendMessageW 3269->3276 3272 40569a 3279 40420a SendMessageW 3273->3279 3278 405322 24 API calls 3274->3278 3280 40557a 3275->3280 3281 40556c SendMessageW 3275->3281 3276->3275 3277->3272 3282 4056ee CreatePopupMenu 3277->3282 3278->3273 3279->3263 3301 404231 3280->3301 3281->3280 3283 4062dc 17 API calls 3282->3283 3285 4056fe AppendMenuW 3283->3285 3287 40571b GetWindowRect 3285->3287 3288 40572e TrackPopupMenu 3285->3288 3286 40558a 3289 405593 ShowWindow 3286->3289 3290 4055c7 GetDlgItem SendMessageW 3286->3290 3287->3288 3288->3272 3291 405749 3288->3291 3292 4055b6 3289->3292 3293 4055a9 ShowWindow 3289->3293 3290->3272 3294 4055ee SendMessageW SendMessageW 3290->3294 3295 405765 SendMessageW 3291->3295 3304 404266 SendMessageW 3292->3304 3293->3292 3294->3272 3295->3295 3296 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3295->3296 3298 4057a7 SendMessageW 3296->3298 3298->3298 3299 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3298->3299 3299->3272 3300->3260 3302 4062dc 17 API calls 3301->3302 3303 40423c SetDlgItemTextW 3302->3303 3303->3286 3304->3290 3305->3261 3307 404211 3306->3307 3308 404217 SendMessageW 3306->3308 3307->3308 3308->3265 3310 40435b 3309->3310 3311 4042b0 GetWindowLongW 3309->3311 3310->3272 3311->3310 3312 4042c5 3311->3312 3312->3310 3313 4042f2 GetSysColor 3312->3313 3314 4042f5 3312->3314 3313->3314 3315 404305 SetBkMode 3314->3315 3316 4042fb SetTextColor 3314->3316 3317 404323 3315->3317 3318 40431d GetSysColor 3315->3318 3316->3315 3319 404334 3317->3319 3320 40432a SetBkColor 3317->3320 3318->3317 3319->3310 3321 404347 DeleteObject 3319->3321 3322 40434e CreateBrushIndirect 3319->3322 3320->3319 3321->3322 3322->3310 3330 40427d 3323->3330 3325 405418 3329 40543f 3325->3329 3333 401389 3325->3333 3326 40427d SendMessageW 3327 405451 CoUninitialize 3326->3327 3329->3326 3331 404295 3330->3331 3332 404286 SendMessageW 3330->3332 3331->3325 3332->3331 3334 401390 3333->3334 3335 4013fe 3334->3335 3336 4013cb MulDiv SendMessageW 3334->3336 3335->3325 3336->3334 4026 401563 4027 402a6b 4026->4027 4030 406201 wsprintfW 4027->4030 4029 402a70 4030->4029 3337 4023e4 3338 402c41 17 API calls 3337->3338 3339 4023f6 3338->3339 3340 402c41 17 API calls 3339->3340 3341 402400 3340->3341 3354 402cd1 3341->3354 3344 402ac5 3345 402438 3350 402444 3345->3350 3358 402c1f 3345->3358 3346 402c41 17 API calls 3347 40242e lstrlenW 3346->3347 3347->3345 3349 402463 RegSetValueExW 3352 402479 RegCloseKey 3349->3352 3350->3349 3361 403116 3350->3361 3352->3344 3355 402cec 3354->3355 3381 406155 3355->3381 3359 4062dc 17 API calls 3358->3359 3360 402c34 3359->3360 3360->3350 3362 40312f 3361->3362 3363 40315d 3362->3363 3388 403347 SetFilePointer 3362->3388 3385 403331 3363->3385 3367 4032ca 3369 40330c 3367->3369 3374 4032ce 3367->3374 3368 40317a GetTickCount 3370 4032b4 3368->3370 3377 4031c9 3368->3377 3371 403331 ReadFile 3369->3371 3370->3349 3371->3370 3372 403331 ReadFile 3372->3377 3373 403331 ReadFile 3373->3374 3374->3370 3374->3373 3375 405e62 WriteFile 3374->3375 3375->3374 3376 40321f GetTickCount 3376->3377 3377->3370 3377->3372 3377->3376 3378 403244 MulDiv wsprintfW 3377->3378 3380 405e62 WriteFile 3377->3380 3379 405322 24 API calls 3378->3379 3379->3377 3380->3377 3382 406164 3381->3382 3383 402410 3382->3383 3384 40616f RegCreateKeyExW 3382->3384 3383->3344 3383->3345 3383->3346 3384->3383 3386 405e33 ReadFile 3385->3386 3387 403168 3386->3387 3387->3367 3387->3368 3387->3370 3388->3363 4031 404367 lstrcpynW lstrlenW 4032 401968 4033 402c1f 17 API calls 4032->4033 4034 40196f 4033->4034 4035 402c1f 17 API calls 4034->4035 4036 40197c 4035->4036 4037 402c41 17 API calls 4036->4037 4038 401993 lstrlenW 4037->4038 4039 4019a4 4038->4039 4043 4019e5 4039->4043 4044 4062ba lstrcpynW 4039->4044 4041 4019d5 4042 4019da lstrlenW 4041->4042 4041->4043 4042->4043 4044->4041 4045 402868 4046 402c41 17 API calls 4045->4046 4047 40286f FindFirstFileW 4046->4047 4048 402897 4047->4048 4052 402882 4047->4052 4053 406201 wsprintfW 4048->4053 4050 4028a0 4054 4062ba lstrcpynW 4050->4054 4053->4050 4054->4052 4055 403968 4056 403973 4055->4056 4057 40397a GlobalAlloc 4056->4057 4058 403977 4056->4058 4057->4058 4059 40166a 4060 402c41 17 API calls 4059->4060 4061 401670 4060->4061 4062 4065fd 2 API calls 4061->4062 4063 401676 4062->4063 3430 40176f 3431 402c41 17 API calls 3430->3431 3432 401776 3431->3432 3433 401796 3432->3433 3434 40179e 3432->3434 3469 4062ba lstrcpynW 3433->3469 3470 4062ba lstrcpynW 3434->3470 3437 40179c 3441 40654e 5 API calls 3437->3441 3438 4017a9 3439 405b8f 3 API calls 3438->3439 3440 4017af lstrcatW 3439->3440 3440->3437 3458 4017bb 3441->3458 3442 4065fd 2 API calls 3442->3458 3443 405d8b 2 API calls 3443->3458 3445 4017cd CompareFileTime 3445->3458 3446 40188d 3448 405322 24 API calls 3446->3448 3447 401864 3449 405322 24 API calls 3447->3449 3453 401879 3447->3453 3451 401897 3448->3451 3449->3453 3450 4062ba lstrcpynW 3450->3458 3452 403116 31 API calls 3451->3452 3454 4018aa 3452->3454 3455 4018be SetFileTime 3454->3455 3456 4018d0 CloseHandle 3454->3456 3455->3456 3456->3453 3459 4018e1 3456->3459 3457 4062dc 17 API calls 3457->3458 3458->3442 3458->3443 3458->3445 3458->3446 3458->3447 3458->3450 3458->3457 3468 405db0 GetFileAttributesW CreateFileW 3458->3468 3471 405920 3458->3471 3460 4018e6 3459->3460 3461 4018f9 3459->3461 3462 4062dc 17 API calls 3460->3462 3463 4062dc 17 API calls 3461->3463 3465 4018ee lstrcatW 3462->3465 3466 401901 3463->3466 3465->3466 3467 405920 MessageBoxIndirectW 3466->3467 3467->3453 3468->3458 3469->3437 3470->3438 3472 405935 3471->3472 3473 405981 3472->3473 3474 405949 MessageBoxIndirectW 3472->3474 3473->3458 3474->3473 4064 4027ef 4065 4027f6 4064->4065 4067 402a70 4064->4067 4066 402c1f 17 API calls 4065->4066 4068 4027fd 4066->4068 4069 40280c SetFilePointer 4068->4069 4069->4067 4070 40281c 4069->4070 4072 406201 wsprintfW 4070->4072 4072->4067 4073 4043f0 4074 404408 4073->4074 4078 404522 4073->4078 4079 404231 18 API calls 4074->4079 4075 40458c 4076 404656 4075->4076 4077 404596 GetDlgItem 4075->4077 4084 404298 8 API calls 4076->4084 4080 4045b0 4077->4080 4081 404617 4077->4081 4078->4075 4078->4076 4082 40455d GetDlgItem SendMessageW 4078->4082 4083 40446f 4079->4083 4080->4081 4089 4045d6 SendMessageW LoadCursorW SetCursor 4080->4089 4081->4076 4085 404629 4081->4085 4106 404253 KiUserCallbackDispatcher 4082->4106 4087 404231 18 API calls 4083->4087 4088 404651 4084->4088 4090 40463f 4085->4090 4091 40462f SendMessageW 4085->4091 4093 40447c CheckDlgButton 4087->4093 4110 40469f 4089->4110 4090->4088 4095 404645 SendMessageW 4090->4095 4091->4090 4092 404587 4107 40467b 4092->4107 4104 404253 KiUserCallbackDispatcher 4093->4104 4095->4088 4099 40449a GetDlgItem 4105 404266 SendMessageW 4099->4105 4101 4044b0 SendMessageW 4102 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4101->4102 4103 4044cd GetSysColor 4101->4103 4102->4088 4103->4102 4104->4099 4105->4101 4106->4092 4108 404689 4107->4108 4109 40468e SendMessageW 4107->4109 4108->4109 4109->4075 4113 4058e6 ShellExecuteExW 4110->4113 4112 404605 LoadCursorW SetCursor 4112->4081 4113->4112 4114 401a72 4115 402c1f 17 API calls 4114->4115 4116 401a7b 4115->4116 4117 402c1f 17 API calls 4116->4117 4118 401a20 4117->4118 4119 401573 4120 401583 ShowWindow 4119->4120 4121 40158c 4119->4121 4120->4121 4122 402ac5 4121->4122 4123 40159a ShowWindow 4121->4123 4123->4122 4124 402df3 4125 402e05 SetTimer 4124->4125 4126 402e1e 4124->4126 4125->4126 4127 402e73 4126->4127 4128 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4126->4128 4128->4127 4129 401cf3 4130 402c1f 17 API calls 4129->4130 4131 401cf9 IsWindow 4130->4131 4132 401a20 4131->4132 4133 4014f5 SetForegroundWindow 4134 402ac5 4133->4134 4135 402576 4136 402c41 17 API calls 4135->4136 4137 40257d 4136->4137 4140 405db0 GetFileAttributesW CreateFileW 4137->4140 4139 402589 4140->4139 3744 401b77 3745 401b84 3744->3745 3746 401bc8 3744->3746 3749 4022e4 3745->3749 3754 401b9b 3745->3754 3747 401bf2 GlobalAlloc 3746->3747 3748 401bcd 3746->3748 3750 4062dc 17 API calls 3747->3750 3757 401c0d 3748->3757 3763 4062ba lstrcpynW 3748->3763 3751 4062dc 17 API calls 3749->3751 3750->3757 3753 4022f1 3751->3753 3758 405920 MessageBoxIndirectW 3753->3758 3764 4062ba lstrcpynW 3754->3764 3755 401bdf GlobalFree 3755->3757 3758->3757 3759 401baa 3765 4062ba lstrcpynW 3759->3765 3761 401bb9 3766 4062ba lstrcpynW 3761->3766 3763->3755 3764->3759 3765->3761 3766->3757 4141 404a78 4142 404aa4 4141->4142 4143 404a88 4141->4143 4144 404ad7 4142->4144 4145 404aaa SHGetPathFromIDListW 4142->4145 4152 405904 GetDlgItemTextW 4143->4152 4147 404ac1 SendMessageW 4145->4147 4148 404aba 4145->4148 4147->4144 4150 40140b 2 API calls 4148->4150 4149 404a95 SendMessageW 4149->4142 4150->4147 4152->4149 4153 4024f8 4154 402c81 17 API calls 4153->4154 4155 402502 4154->4155 4156 402c1f 17 API calls 4155->4156 4157 40250b 4156->4157 4158 402533 RegEnumValueW 4157->4158 4159 402527 RegEnumKeyW 4157->4159 4161 40288b 4157->4161 4160 402548 RegCloseKey 4158->4160 4159->4160 4160->4161 4163 100013b8 4164 1000143a 2 API calls 4163->4164 4165 100013e4 4164->4165 4166 100010d0 29 API calls 4165->4166 4167 100013ee 4166->4167 4168 100014cf 3 API calls 4167->4168 4169 100013f7 4168->4169 4170 40167b 4171 402c41 17 API calls 4170->4171 4172 401682 4171->4172 4173 402c41 17 API calls 4172->4173 4174 40168b 4173->4174 4175 402c41 17 API calls 4174->4175 4176 401694 MoveFileW 4175->4176 4177 4016a0 4176->4177 4178 4016a7 4176->4178 4179 401423 24 API calls 4177->4179 4180 4065fd 2 API calls 4178->4180 4182 402250 4178->4182 4179->4182 4181 4016b6 4180->4181 4181->4182 4183 406080 36 API calls 4181->4183 4183->4177 4184 401e7d 4185 402c41 17 API calls 4184->4185 4186 401e83 4185->4186 4187 402c41 17 API calls 4186->4187 4188 401e8c 4187->4188 4189 402c41 17 API calls 4188->4189 4190 401e95 4189->4190 4191 402c41 17 API calls 4190->4191 4192 401e9e 4191->4192 4193 401423 24 API calls 4192->4193 4194 401ea5 4193->4194 4201 4058e6 ShellExecuteExW 4194->4201 4196 401ee7 4198 40288b 4196->4198 4202 406745 WaitForSingleObject 4196->4202 4199 401f01 CloseHandle 4199->4198 4201->4196 4203 40675f 4202->4203 4204 406771 GetExitCodeProcess 4203->4204 4205 4066d0 2 API calls 4203->4205 4204->4199 4206 406766 WaitForSingleObject 4205->4206 4206->4203 4207 4019ff 4208 402c41 17 API calls 4207->4208 4209 401a06 4208->4209 4210 402c41 17 API calls 4209->4210 4211 401a0f 4210->4211 4212 401a16 lstrcmpiW 4211->4212 4213 401a28 lstrcmpW 4211->4213 4214 401a1c 4212->4214 4213->4214 4215 401000 4216 401037 BeginPaint GetClientRect 4215->4216 4217 40100c DefWindowProcW 4215->4217 4219 4010f3 4216->4219 4220 401179 4217->4220 4221 401073 CreateBrushIndirect FillRect DeleteObject 4219->4221 4222 4010fc 4219->4222 4221->4219 4223 401102 CreateFontIndirectW 4222->4223 4224 401167 EndPaint 4222->4224 4223->4224 4225 401112 6 API calls 4223->4225 4224->4220 4225->4224 4226 401503 4227 40150b 4226->4227 4229 40151e 4226->4229 4228 402c1f 17 API calls 4227->4228 4228->4229 3389 402104 3390 402c41 17 API calls 3389->3390 3391 40210b 3390->3391 3392 402c41 17 API calls 3391->3392 3393 402115 3392->3393 3394 402c41 17 API calls 3393->3394 3395 40211f 3394->3395 3396 402c41 17 API calls 3395->3396 3397 402129 3396->3397 3398 402c41 17 API calls 3397->3398 3400 402133 3398->3400 3399 402172 CoCreateInstance 3404 402191 3399->3404 3400->3399 3401 402c41 17 API calls 3400->3401 3401->3399 3402 401423 24 API calls 3403 402250 3402->3403 3404->3402 3404->3403 3405 402484 3416 402c81 3405->3416 3408 402c41 17 API calls 3409 402497 3408->3409 3410 4024a2 RegQueryValueExW 3409->3410 3413 40288b 3409->3413 3411 4024c8 RegCloseKey 3410->3411 3412 4024c2 3410->3412 3411->3413 3412->3411 3421 406201 wsprintfW 3412->3421 3417 402c41 17 API calls 3416->3417 3418 402c98 3417->3418 3419 406127 RegOpenKeyExW 3418->3419 3420 40248e 3419->3420 3420->3408 3421->3411 4230 401f06 4231 402c41 17 API calls 4230->4231 4232 401f0c 4231->4232 4233 405322 24 API calls 4232->4233 4234 401f16 4233->4234 4235 4058a3 2 API calls 4234->4235 4236 401f1c 4235->4236 4237 40288b 4236->4237 4239 406745 5 API calls 4236->4239 4240 401f3f CloseHandle 4236->4240 4241 401f31 4239->4241 4240->4237 4241->4240 4243 406201 wsprintfW 4241->4243 4243->4240 4244 40190c 4245 401943 4244->4245 4246 402c41 17 API calls 4245->4246 4247 401948 4246->4247 4248 4059cc 67 API calls 4247->4248 4249 401951 4248->4249 4250 40230c 4251 402314 4250->4251 4252 40231a 4250->4252 4253 402c41 17 API calls 4251->4253 4254 402328 4252->4254 4255 402c41 17 API calls 4252->4255 4253->4252 4256 402c41 17 API calls 4254->4256 4258 402336 4254->4258 4255->4254 4256->4258 4257 402c41 17 API calls 4259 40233f WritePrivateProfileStringW 4257->4259 4258->4257 4260 401f8c 4261 402c41 17 API calls 4260->4261 4262 401f93 4261->4262 4263 406694 5 API calls 4262->4263 4264 401fa2 4263->4264 4265 401fbe GlobalAlloc 4264->4265 4267 402026 4264->4267 4266 401fd2 4265->4266 4265->4267 4268 406694 5 API calls 4266->4268 4269 401fd9 4268->4269 4270 406694 5 API calls 4269->4270 4271 401fe3 4270->4271 4271->4267 4275 406201 wsprintfW 4271->4275 4273 402018 4276 406201 wsprintfW 4273->4276 4275->4273 4276->4267 4277 40238e 4278 4023c1 4277->4278 4279 402396 4277->4279 4281 402c41 17 API calls 4278->4281 4280 402c81 17 API calls 4279->4280 4283 40239d 4280->4283 4282 4023c8 4281->4282 4288 402cff 4282->4288 4285 402c41 17 API calls 4283->4285 4286 4023d5 4283->4286 4287 4023ae RegDeleteValueW RegCloseKey 4285->4287 4287->4286 4289 402d0c 4288->4289 4290 402d13 4288->4290 4289->4286 4290->4289 4292 402d44 4290->4292 4293 406127 RegOpenKeyExW 4292->4293 4294 402d72 4293->4294 4295 402d98 RegEnumKeyW 4294->4295 4296 402daf RegCloseKey 4294->4296 4297 402dd0 RegCloseKey 4294->4297 4299 402d44 6 API calls 4294->4299 4302 402dc3 4294->4302 4295->4294 4295->4296 4298 406694 5 API calls 4296->4298 4297->4302 4300 402dbf 4298->4300 4299->4294 4301 402de0 RegDeleteKeyW 4300->4301 4300->4302 4301->4302 4302->4289 3475 40338f SetErrorMode GetVersion 3476 4033ce 3475->3476 3477 4033d4 3475->3477 3478 406694 5 API calls 3476->3478 3479 406624 3 API calls 3477->3479 3478->3477 3480 4033ea lstrlenA 3479->3480 3480->3477 3481 4033fa 3480->3481 3482 406694 5 API calls 3481->3482 3483 403401 3482->3483 3484 406694 5 API calls 3483->3484 3485 403408 3484->3485 3486 406694 5 API calls 3485->3486 3487 403414 #17 OleInitialize SHGetFileInfoW 3486->3487 3565 4062ba lstrcpynW 3487->3565 3490 403460 GetCommandLineW 3566 4062ba lstrcpynW 3490->3566 3492 403472 3493 405bbc CharNextW 3492->3493 3494 403497 CharNextW 3493->3494 3495 4035c1 GetTempPathW 3494->3495 3501 4034b0 3494->3501 3567 40335e 3495->3567 3497 4035d9 3498 403633 DeleteFileW 3497->3498 3499 4035dd GetWindowsDirectoryW lstrcatW 3497->3499 3577 402edd GetTickCount GetModuleFileNameW 3498->3577 3502 40335e 12 API calls 3499->3502 3503 405bbc CharNextW 3501->3503 3508 4035aa 3501->3508 3512 4035ac 3501->3512 3505 4035f9 3502->3505 3503->3501 3504 403647 3506 4036fe ExitProcess CoUninitialize 3504->3506 3509 4036ea 3504->3509 3514 405bbc CharNextW 3504->3514 3505->3498 3507 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3505->3507 3510 403834 3506->3510 3511 403714 3506->3511 3513 40335e 12 API calls 3507->3513 3508->3495 3605 4039aa 3509->3605 3518 4038b8 ExitProcess 3510->3518 3519 40383c GetCurrentProcess OpenProcessToken 3510->3519 3517 405920 MessageBoxIndirectW 3511->3517 3661 4062ba lstrcpynW 3512->3661 3520 40362b 3513->3520 3531 403666 3514->3531 3523 403722 ExitProcess 3517->3523 3524 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3519->3524 3525 403888 3519->3525 3520->3498 3520->3506 3521 4036fa 3521->3506 3524->3525 3526 406694 5 API calls 3525->3526 3527 40388f 3526->3527 3530 4038a4 ExitWindowsEx 3527->3530 3534 4038b1 3527->3534 3528 4036c4 3533 405c97 18 API calls 3528->3533 3529 40372a 3532 40588b 5 API calls 3529->3532 3530->3518 3530->3534 3531->3528 3531->3529 3535 40372f lstrcatW 3532->3535 3536 4036d0 3533->3536 3669 40140b 3534->3669 3538 403740 lstrcatW 3535->3538 3539 40374b lstrcatW lstrcmpiW 3535->3539 3536->3506 3662 4062ba lstrcpynW 3536->3662 3538->3539 3539->3506 3540 403767 3539->3540 3542 403773 3540->3542 3543 40376c 3540->3543 3547 40586e 2 API calls 3542->3547 3545 4057f1 4 API calls 3543->3545 3544 4036df 3663 4062ba lstrcpynW 3544->3663 3548 403771 3545->3548 3549 403778 SetCurrentDirectoryW 3547->3549 3548->3549 3550 403793 3549->3550 3551 403788 3549->3551 3665 4062ba lstrcpynW 3550->3665 3664 4062ba lstrcpynW 3551->3664 3554 4062dc 17 API calls 3555 4037d2 DeleteFileW 3554->3555 3556 4037df CopyFileW 3555->3556 3562 4037a1 3555->3562 3556->3562 3557 403828 3559 406080 36 API calls 3557->3559 3558 406080 36 API calls 3558->3562 3560 40382f 3559->3560 3560->3506 3561 4062dc 17 API calls 3561->3562 3562->3554 3562->3557 3562->3558 3562->3561 3564 403813 CloseHandle 3562->3564 3666 4058a3 CreateProcessW 3562->3666 3564->3562 3565->3490 3566->3492 3568 40654e 5 API calls 3567->3568 3570 40336a 3568->3570 3569 403374 3569->3497 3570->3569 3571 405b8f 3 API calls 3570->3571 3572 40337c 3571->3572 3573 40586e 2 API calls 3572->3573 3574 403382 3573->3574 3672 405ddf 3574->3672 3676 405db0 GetFileAttributesW CreateFileW 3577->3676 3579 402f1d 3598 402f2d 3579->3598 3677 4062ba lstrcpynW 3579->3677 3581 402f43 3582 405bdb 2 API calls 3581->3582 3583 402f49 3582->3583 3678 4062ba lstrcpynW 3583->3678 3585 402f54 GetFileSize 3586 403050 3585->3586 3604 402f6b 3585->3604 3679 402e79 3586->3679 3588 403059 3590 403089 GlobalAlloc 3588->3590 3588->3598 3691 403347 SetFilePointer 3588->3691 3589 403331 ReadFile 3589->3604 3690 403347 SetFilePointer 3590->3690 3593 4030bc 3595 402e79 6 API calls 3593->3595 3594 4030a4 3597 403116 31 API calls 3594->3597 3595->3598 3596 403072 3599 403331 ReadFile 3596->3599 3602 4030b0 3597->3602 3598->3504 3600 40307d 3599->3600 3600->3590 3600->3598 3601 402e79 6 API calls 3601->3604 3602->3598 3602->3602 3603 4030ed SetFilePointer 3602->3603 3603->3598 3604->3586 3604->3589 3604->3593 3604->3598 3604->3601 3606 406694 5 API calls 3605->3606 3607 4039be 3606->3607 3608 4039c4 3607->3608 3609 4039d6 3607->3609 3704 406201 wsprintfW 3608->3704 3610 406188 3 API calls 3609->3610 3611 403a06 3610->3611 3612 403a25 lstrcatW 3611->3612 3614 406188 3 API calls 3611->3614 3615 4039d4 3612->3615 3614->3612 3696 403c80 3615->3696 3618 405c97 18 API calls 3619 403a57 3618->3619 3620 403aeb 3619->3620 3622 406188 3 API calls 3619->3622 3621 405c97 18 API calls 3620->3621 3623 403af1 3621->3623 3624 403a89 3622->3624 3625 403b01 LoadImageW 3623->3625 3626 4062dc 17 API calls 3623->3626 3624->3620 3631 403aaa lstrlenW 3624->3631 3632 405bbc CharNextW 3624->3632 3627 403ba7 3625->3627 3628 403b28 RegisterClassW 3625->3628 3626->3625 3630 40140b 2 API calls 3627->3630 3629 403b5e SystemParametersInfoW CreateWindowExW 3628->3629 3660 403bb1 3628->3660 3629->3627 3635 403bad 3630->3635 3633 403ab8 lstrcmpiW 3631->3633 3634 403ade 3631->3634 3636 403aa7 3632->3636 3633->3634 3637 403ac8 GetFileAttributesW 3633->3637 3638 405b8f 3 API calls 3634->3638 3640 403c80 18 API calls 3635->3640 3635->3660 3636->3631 3639 403ad4 3637->3639 3641 403ae4 3638->3641 3639->3634 3642 405bdb 2 API calls 3639->3642 3643 403bbe 3640->3643 3705 4062ba lstrcpynW 3641->3705 3642->3634 3645 403bca ShowWindow 3643->3645 3646 403c4d 3643->3646 3648 406624 3 API calls 3645->3648 3647 4053f5 5 API calls 3646->3647 3649 403c53 3647->3649 3650 403be2 3648->3650 3651 403c57 3649->3651 3652 403c6f 3649->3652 3653 403bf0 GetClassInfoW 3650->3653 3657 406624 3 API calls 3650->3657 3659 40140b 2 API calls 3651->3659 3651->3660 3656 40140b 2 API calls 3652->3656 3654 403c04 GetClassInfoW RegisterClassW 3653->3654 3655 403c1a DialogBoxParamW 3653->3655 3654->3655 3658 40140b 2 API calls 3655->3658 3656->3660 3657->3653 3658->3660 3659->3660 3660->3521 3661->3508 3662->3544 3663->3509 3664->3550 3665->3562 3667 4058e2 3666->3667 3668 4058d6 CloseHandle 3666->3668 3667->3562 3668->3667 3670 401389 2 API calls 3669->3670 3671 401420 3670->3671 3671->3518 3673 405dec GetTickCount GetTempFileNameW 3672->3673 3674 405e22 3673->3674 3675 40338d 3673->3675 3674->3673 3674->3675 3675->3497 3676->3579 3677->3581 3678->3585 3680 402e82 3679->3680 3681 402e9a 3679->3681 3682 402e92 3680->3682 3683 402e8b DestroyWindow 3680->3683 3684 402ea2 3681->3684 3685 402eaa GetTickCount 3681->3685 3682->3588 3683->3682 3692 4066d0 3684->3692 3686 402eb8 CreateDialogParamW ShowWindow 3685->3686 3687 402edb 3685->3687 3686->3687 3687->3588 3690->3594 3691->3596 3693 4066ed PeekMessageW 3692->3693 3694 4066e3 DispatchMessageW 3693->3694 3695 402ea8 3693->3695 3694->3693 3695->3588 3697 403c94 3696->3697 3706 406201 wsprintfW 3697->3706 3699 403d05 3707 403d39 3699->3707 3701 403a35 3701->3618 3702 403d0a 3702->3701 3703 4062dc 17 API calls 3702->3703 3703->3702 3704->3615 3705->3620 3706->3699 3708 4062dc 17 API calls 3707->3708 3709 403d47 SetWindowTextW 3708->3709 3709->3702 4303 40190f 4304 402c41 17 API calls 4303->4304 4305 401916 4304->4305 4306 405920 MessageBoxIndirectW 4305->4306 4307 40191f 4306->4307 4308 401491 4309 405322 24 API calls 4308->4309 4310 401498 4309->4310 4311 401d14 4312 402c1f 17 API calls 4311->4312 4313 401d1b 4312->4313 4314 402c1f 17 API calls 4313->4314 4315 401d27 GetDlgItem 4314->4315 4316 402592 4315->4316 4317 405296 4318 4052a6 4317->4318 4319 4052ba 4317->4319 4320 405303 4318->4320 4321 4052ac 4318->4321 4322 4052c2 IsWindowVisible 4319->4322 4328 4052d9 4319->4328 4323 405308 CallWindowProcW 4320->4323 4324 40427d SendMessageW 4321->4324 4322->4320 4325 4052cf 4322->4325 4326 4052b6 4323->4326 4324->4326 4330 404bec SendMessageW 4325->4330 4328->4323 4335 404c6c 4328->4335 4331 404c4b SendMessageW 4330->4331 4332 404c0f GetMessagePos ScreenToClient SendMessageW 4330->4332 4333 404c43 4331->4333 4332->4333 4334 404c48 4332->4334 4333->4328 4334->4331 4344 4062ba lstrcpynW 4335->4344 4337 404c7f 4345 406201 wsprintfW 4337->4345 4339 404c89 4340 40140b 2 API calls 4339->4340 4341 404c92 4340->4341 4346 4062ba lstrcpynW 4341->4346 4343 404c99 4343->4320 4344->4337 4345->4339 4346->4343 4347 402598 4348 4025c7 4347->4348 4349 4025ac 4347->4349 4351 4025fb 4348->4351 4352 4025cc 4348->4352 4350 402c1f 17 API calls 4349->4350 4359 4025b3 4350->4359 4354 402c41 17 API calls 4351->4354 4353 402c41 17 API calls 4352->4353 4355 4025d3 WideCharToMultiByte lstrlenA 4353->4355 4356 402602 lstrlenW 4354->4356 4355->4359 4356->4359 4357 402645 4358 40262f 4358->4357 4360 405e62 WriteFile 4358->4360 4359->4357 4359->4358 4361 405e91 5 API calls 4359->4361 4360->4357 4361->4358 4362 404c9e GetDlgItem GetDlgItem 4363 404cf0 7 API calls 4362->4363 4369 404f09 4362->4369 4364 404d93 DeleteObject 4363->4364 4365 404d86 SendMessageW 4363->4365 4366 404d9c 4364->4366 4365->4364 4367 404dd3 4366->4367 4372 4062dc 17 API calls 4366->4372 4370 404231 18 API calls 4367->4370 4368 404fed 4371 405099 4368->4371 4381 405046 SendMessageW 4368->4381 4405 404efc 4368->4405 4369->4368 4377 404f7a 4369->4377 4379 404bec 5 API calls 4369->4379 4376 404de7 4370->4376 4373 4050a3 SendMessageW 4371->4373 4374 4050ab 4371->4374 4375 404db5 SendMessageW SendMessageW 4372->4375 4373->4374 4384 4050c4 4374->4384 4385 4050bd ImageList_Destroy 4374->4385 4392 4050d4 4374->4392 4375->4366 4380 404231 18 API calls 4376->4380 4377->4368 4378 404fdf SendMessageW 4377->4378 4378->4368 4379->4377 4396 404df5 4380->4396 4387 40505b SendMessageW 4381->4387 4381->4405 4382 404298 8 API calls 4383 40528f 4382->4383 4388 4050cd GlobalFree 4384->4388 4384->4392 4385->4384 4386 405243 4393 405255 ShowWindow GetDlgItem ShowWindow 4386->4393 4386->4405 4390 40506e 4387->4390 4388->4392 4389 404eca GetWindowLongW SetWindowLongW 4391 404ee3 4389->4391 4400 40507f SendMessageW 4390->4400 4394 404f01 4391->4394 4395 404ee9 ShowWindow 4391->4395 4392->4386 4404 404c6c 4 API calls 4392->4404 4407 40510f 4392->4407 4393->4405 4414 404266 SendMessageW 4394->4414 4413 404266 SendMessageW 4395->4413 4396->4389 4399 404e45 SendMessageW 4396->4399 4401 404ec4 4396->4401 4402 404e81 SendMessageW 4396->4402 4403 404e92 SendMessageW 4396->4403 4399->4396 4400->4371 4401->4389 4401->4391 4402->4396 4403->4396 4404->4407 4405->4382 4406 405219 InvalidateRect 4406->4386 4408 40522f 4406->4408 4409 40513d SendMessageW 4407->4409 4410 405153 4407->4410 4415 404ba7 4408->4415 4409->4410 4410->4406 4412 4051c7 SendMessageW SendMessageW 4410->4412 4412->4410 4413->4405 4414->4369 4418 404ade 4415->4418 4417 404bbc 4417->4386 4420 404af7 4418->4420 4419 4062dc 17 API calls 4421 404b5b 4419->4421 4420->4419 4422 4062dc 17 API calls 4421->4422 4423 404b66 4422->4423 4424 4062dc 17 API calls 4423->4424 4425 404b7c lstrlenW wsprintfW SetDlgItemTextW 4424->4425 4425->4417 4426 40149e 4427 4014ac PostQuitMessage 4426->4427 4428 4022f7 4426->4428 4427->4428 3919 401c1f 3920 402c1f 17 API calls 3919->3920 3921 401c26 3920->3921 3922 402c1f 17 API calls 3921->3922 3923 401c33 3922->3923 3924 401c48 3923->3924 3925 402c41 17 API calls 3923->3925 3926 401c58 3924->3926 3927 402c41 17 API calls 3924->3927 3925->3924 3928 401c63 3926->3928 3929 401caf 3926->3929 3927->3926 3931 402c1f 17 API calls 3928->3931 3930 402c41 17 API calls 3929->3930 3932 401cb4 3930->3932 3933 401c68 3931->3933 3935 402c41 17 API calls 3932->3935 3934 402c1f 17 API calls 3933->3934 3936 401c74 3934->3936 3937 401cbd FindWindowExW 3935->3937 3938 401c81 SendMessageTimeoutW 3936->3938 3939 401c9f SendMessageW 3936->3939 3940 401cdf 3937->3940 3938->3940 3939->3940 4429 402aa0 SendMessageW 4430 402ac5 4429->4430 4431 402aba InvalidateRect 4429->4431 4431->4430 4432 402821 4433 402827 4432->4433 4434 40282f FindClose 4433->4434 4435 402ac5 4433->4435 4434->4435 4436 4043a1 lstrlenW 4437 4043c0 4436->4437 4438 4043c2 WideCharToMultiByte 4436->4438 4437->4438 4439 404722 4440 40474e 4439->4440 4441 40475f 4439->4441 4500 405904 GetDlgItemTextW 4440->4500 4442 40476b GetDlgItem 4441->4442 4449 4047ca 4441->4449 4444 40477f 4442->4444 4448 404793 SetWindowTextW 4444->4448 4452 405c3a 4 API calls 4444->4452 4445 4048ae 4498 404a5d 4445->4498 4502 405904 GetDlgItemTextW 4445->4502 4446 404759 4447 40654e 5 API calls 4446->4447 4447->4441 4453 404231 18 API calls 4448->4453 4449->4445 4454 4062dc 17 API calls 4449->4454 4449->4498 4451 404298 8 API calls 4456 404a71 4451->4456 4457 404789 4452->4457 4458 4047af 4453->4458 4459 40483e SHBrowseForFolderW 4454->4459 4455 4048de 4460 405c97 18 API calls 4455->4460 4457->4448 4464 405b8f 3 API calls 4457->4464 4461 404231 18 API calls 4458->4461 4459->4445 4462 404856 CoTaskMemFree 4459->4462 4463 4048e4 4460->4463 4465 4047bd 4461->4465 4466 405b8f 3 API calls 4462->4466 4503 4062ba lstrcpynW 4463->4503 4464->4448 4501 404266 SendMessageW 4465->4501 4468 404863 4466->4468 4471 40489a SetDlgItemTextW 4468->4471 4475 4062dc 17 API calls 4468->4475 4470 4047c3 4474 406694 5 API calls 4470->4474 4471->4445 4472 4048fb 4473 406694 5 API calls 4472->4473 4481 404902 4473->4481 4474->4449 4476 404882 lstrcmpiW 4475->4476 4476->4471 4478 404893 lstrcatW 4476->4478 4477 404943 4504 4062ba lstrcpynW 4477->4504 4478->4471 4480 40494a 4482 405c3a 4 API calls 4480->4482 4481->4477 4486 405bdb 2 API calls 4481->4486 4487 40499b 4481->4487 4483 404950 GetDiskFreeSpaceW 4482->4483 4485 404974 MulDiv 4483->4485 4483->4487 4485->4487 4486->4481 4489 404ba7 20 API calls 4487->4489 4497 404a0c 4487->4497 4488 404a2f 4505 404253 KiUserCallbackDispatcher 4488->4505 4491 4049f9 4489->4491 4490 40140b 2 API calls 4490->4488 4492 404a0e SetDlgItemTextW 4491->4492 4493 4049fe 4491->4493 4492->4497 4495 404ade 20 API calls 4493->4495 4495->4497 4496 404a4b 4496->4498 4499 40467b SendMessageW 4496->4499 4497->4488 4497->4490 4498->4451 4499->4498 4500->4446 4501->4470 4502->4455 4503->4472 4504->4480 4505->4496 4506 4015a3 4507 402c41 17 API calls 4506->4507 4508 4015aa SetFileAttributesW 4507->4508 4509 4015bc 4508->4509 4510 4029a8 4511 402c1f 17 API calls 4510->4511 4512 4029ae 4511->4512 4513 4029d5 4512->4513 4514 4029ee 4512->4514 4518 40288b 4512->4518 4515 4029da 4513->4515 4523 4029eb 4513->4523 4516 402a08 4514->4516 4517 4029f8 4514->4517 4524 4062ba lstrcpynW 4515->4524 4519 4062dc 17 API calls 4516->4519 4520 402c1f 17 API calls 4517->4520 4519->4523 4520->4523 4523->4518 4525 406201 wsprintfW 4523->4525 4524->4518 4525->4518 4526 4028ad 4527 402c41 17 API calls 4526->4527 4529 4028bb 4527->4529 4528 4028d1 4531 405d8b 2 API calls 4528->4531 4529->4528 4530 402c41 17 API calls 4529->4530 4530->4528 4532 4028d7 4531->4532 4554 405db0 GetFileAttributesW CreateFileW 4532->4554 4534 4028e4 4535 4028f0 GlobalAlloc 4534->4535 4536 402987 4534->4536 4537 402909 4535->4537 4538 40297e CloseHandle 4535->4538 4539 4029a2 4536->4539 4540 40298f DeleteFileW 4536->4540 4555 403347 SetFilePointer 4537->4555 4538->4536 4540->4539 4542 40290f 4543 403331 ReadFile 4542->4543 4544 402918 GlobalAlloc 4543->4544 4545 402928 4544->4545 4546 40295c 4544->4546 4548 403116 31 API calls 4545->4548 4547 405e62 WriteFile 4546->4547 4549 402968 GlobalFree 4547->4549 4553 402935 4548->4553 4550 403116 31 API calls 4549->4550 4552 40297b 4550->4552 4551 402953 GlobalFree 4551->4546 4552->4538 4553->4551 4554->4534 4555->4542 4556 401a30 4557 402c41 17 API calls 4556->4557 4558 401a39 ExpandEnvironmentStringsW 4557->4558 4559 401a4d 4558->4559 4561 401a60 4558->4561 4560 401a52 lstrcmpW 4559->4560 4559->4561 4560->4561 3721 402032 3722 402044 3721->3722 3723 4020f6 3721->3723 3724 402c41 17 API calls 3722->3724 3725 401423 24 API calls 3723->3725 3726 40204b 3724->3726 3731 402250 3725->3731 3727 402c41 17 API calls 3726->3727 3728 402054 3727->3728 3729 40206a LoadLibraryExW 3728->3729 3730 40205c GetModuleHandleW 3728->3730 3729->3723 3732 40207b 3729->3732 3730->3729 3730->3732 3741 406703 WideCharToMultiByte 3732->3741 3735 4020c5 3737 405322 24 API calls 3735->3737 3736 40208c 3738 401423 24 API calls 3736->3738 3739 40209c 3736->3739 3737->3739 3738->3739 3739->3731 3740 4020e8 FreeLibrary 3739->3740 3740->3731 3742 40672d GetProcAddress 3741->3742 3743 402086 3741->3743 3742->3743 3743->3735 3743->3736 4567 401735 4568 402c41 17 API calls 4567->4568 4569 40173c SearchPathW 4568->4569 4570 401757 4569->4570 4571 402a35 4572 402c1f 17 API calls 4571->4572 4573 402a3b 4572->4573 4574 402a72 4573->4574 4575 40288b 4573->4575 4577 402a4d 4573->4577 4574->4575 4576 4062dc 17 API calls 4574->4576 4576->4575 4577->4575 4579 406201 wsprintfW 4577->4579 4579->4575 3767 10001377 3774 1000143a 3767->3774 3775 100013a3 3774->3775 3777 10001443 3774->3777 3779 100010d0 GetVersionExW 3775->3779 3776 10001473 GlobalFree 3776->3775 3777->3775 3777->3776 3778 1000145f lstrcpynW 3777->3778 3778->3776 3780 10001100 3779->3780 3781 1000110a 3779->3781 3805 100014cf wsprintfW 3780->3805 3782 10001115 3781->3782 3783 1000112c LoadLibraryW 3781->3783 3782->3780 3784 10001227 LoadLibraryA 3782->3784 3785 10001145 GetProcAddress 3783->3785 3786 100011af 3783->3786 3784->3780 3788 1000123f GetProcAddress GetProcAddress GetProcAddress 3784->3788 3787 10001158 LocalAlloc 3785->3787 3793 10001198 3785->3793 3786->3780 3794 100011c9 lstrcpynW lstrcmpiW 3786->3794 3796 10001219 LocalFree 3786->3796 3798 100011f9 3786->3798 3789 10001193 3787->3789 3791 1000133a FreeLibrary 3788->3791 3803 1000126e 3788->3803 3792 10001166 NtQuerySystemInformation 3789->3792 3789->3793 3790 100011a4 FreeLibrary 3790->3786 3791->3780 3792->3790 3795 10001179 LocalFree 3792->3795 3793->3790 3794->3786 3795->3793 3797 1000118a LocalAlloc 3795->3797 3796->3780 3797->3789 3798->3786 3808 1000103f OpenProcess 3798->3808 3800 10001333 CloseHandle 3800->3791 3801 100012a8 lstrlenW 3801->3803 3802 100012c9 lstrlenA MultiByteToWideChar lstrcmpiW 3802->3803 3803->3791 3803->3800 3803->3801 3803->3802 3804 1000103f 8 API calls 3803->3804 3804->3803 3821 10001489 3805->3821 3809 10001060 3808->3809 3810 100010cb 3808->3810 3811 1000106b EnumWindows 3809->3811 3812 100010ac TerminateProcess 3809->3812 3810->3798 3811->3812 3813 1000107f GetExitCodeProcess 3811->3813 3818 10001007 GetWindowThreadProcessId 3811->3818 3814 100010a7 3812->3814 3815 100010be CloseHandle 3812->3815 3813->3814 3816 1000108e 3813->3816 3814->3815 3815->3810 3816->3814 3817 10001097 WaitForSingleObject 3816->3817 3817->3812 3817->3814 3819 10001024 PostMessageW 3818->3819 3820 10001036 3818->3820 3819->3820 3822 10001492 GlobalAlloc lstrcpynW 3821->3822 3823 100013b6 3821->3823 3822->3823 4580 4014b8 4581 4014be 4580->4581 4582 401389 2 API calls 4581->4582 4583 4014c6 4582->4583 4584 401db9 GetDC 4585 402c1f 17 API calls 4584->4585 4586 401dcb GetDeviceCaps MulDiv ReleaseDC 4585->4586 4587 402c1f 17 API calls 4586->4587 4588 401dfc 4587->4588 4589 4062dc 17 API calls 4588->4589 4590 401e39 CreateFontIndirectW 4589->4590 4591 402592 4590->4591 4599 40283b 4600 402843 4599->4600 4601 402847 FindNextFileW 4600->4601 4603 402859 4600->4603 4602 4028a0 4601->4602 4601->4603 4605 4062ba lstrcpynW 4602->4605 4605->4603

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 31 4034b8-4034bd 28->31 32 4034bf-4034c3 28->32 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 31->31 31->32 33 4034c5-4034c9 32->33 34 4034ca-4034ce 32->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 41 4034f5-40352e 36->41 42 4034dc-4034e4 36->42 52 40359c-40359d 37->52 53 40359e-4035a4 37->53 54 403653-403659 38->54 55 4036fe-40370e ExitProcess CoUninitialize 38->55 39->38 58 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->58 48 403530-403535 41->48 49 40354b-403585 41->49 46 4034e6-4034e9 42->46 47 4034eb 42->47 46->41 46->47 47->41 48->49 56 403537-40353f 48->56 49->37 57 403587-40358b 49->57 52->53 53->28 59 4035aa 53->59 60 4036ee-4036f5 call 4039aa 54->60 61 40365f-40366a call 405bbc 54->61 62 403834-40383a 55->62 63 403714-403724 call 405920 ExitProcess 55->63 64 403541-403544 56->64 65 403546 56->65 57->37 66 4035ac-4035ba call 4062ba 57->66 58->38 58->55 68 4035bf 59->68 77 4036fa 60->77 84 4036b8-4036c2 61->84 85 40366c-4036a1 61->85 73 4038b8-4038c0 62->73 74 40383c-403852 GetCurrentProcess OpenProcessToken 62->74 64->49 64->65 65->49 66->68 68->29 78 4038c2 73->78 79 4038c6-4038ca ExitProcess 73->79 81 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 74->81 82 403888-403896 call 406694 74->82 77->55 78->79 81->82 90 4038a4-4038af ExitWindowsEx 82->90 91 403898-4038a2 82->91 88 4036c4-4036d2 call 405c97 84->88 89 40372a-40373e call 40588b lstrcatW 84->89 87 4036a3-4036a7 85->87 92 4036b0-4036b4 87->92 93 4036a9-4036ae 87->93 88->55 104 4036d4-4036ea call 4062ba * 2 88->104 102 403740-403746 lstrcatW 89->102 103 40374b-403765 lstrcatW lstrcmpiW 89->103 90->73 96 4038b1-4038b3 call 40140b 90->96 91->90 91->96 92->87 97 4036b6 92->97 93->92 93->97 96->73 97->84 102->103 103->55 105 403767-40376a 103->105 104->60 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 127 403828-40382f call 406080 124->127 125->124 126 4037f1-403811 call 406080 call 4062dc call 4058a3 125->126 126->124 136 403813-40381a CloseHandle 126->136 127->55 136->124
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetErrorMode.KERNEL32 ref: 004033B2
                                                                                                                                                                                                        • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                        • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                        • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                        • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                        • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                          • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                          • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF000,\Temp,?,00000006,00000008,0000000A), ref: 004035EF
                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF000,Low,?,00000006,00000008,0000000A), ref: 0040360B
                                                                                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                          • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                        • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                        • CoUninitialize.COMBASE(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403737
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF000,0040A26C,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403746
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403751
                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                        • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                        • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                        • API String ID: 424501083-3195845224
                                                                                                                                                                                                        • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                        • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                                        Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 161 405567-40556a 138->161 162 40554b-405565 SendMessageW * 2 138->162 141 405614-405636 GetDlgItem CreateThread CloseHandle 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 146 405673-405679 144->146 147 4056c7-4056cb 144->147 149 405653-405662 ShowWindow * 2 call 404266 145->149 150 40568c-405695 call 404298 145->150 151 4056a1-4056b1 ShowWindow 146->151 152 40567b-405687 call 40420a 146->152 147->150 155 4056cd-4056d3 147->155 149->144 158 40569a-40569e 150->158 159 4056c1-4056c2 call 40420a 151->159 160 4056b3-4056bc call 405322 151->160 152->150 155->150 163 4056d5-4056e8 SendMessageW 155->163 159->147 160->159 166 40557a-405591 call 404231 161->166 167 40556c-405578 SendMessageW 161->167 162->161 168 4057ea-4057ec 163->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 163->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->158 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 178 405749-405760 175->178 179 4055b6 176->179 180 4055a9-4055b4 ShowWindow 176->180 177->168 181 4055ee-405606 SendMessageW * 2 177->181 182 405765-405780 SendMessageW 178->182 183 4055bc-4055c2 call 404266 179->183 180->183 181->168 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                          • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405636
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                        • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                        • String ID: {
                                                                                                                                                                                                        • API String ID: 590372296-366298937
                                                                                                                                                                                                        • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                        • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                                        Function 100010D0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 293 100010d0-100010fe GetVersionExW 294 10001100-10001105 293->294 295 1000110a-10001113 293->295 296 10001374-10001376 294->296 297 10001115-1000111c 295->297 298 1000112c-10001143 LoadLibraryW 295->298 299 10001122-10001127 297->299 300 10001227-10001239 LoadLibraryA 297->300 301 10001145-10001156 GetProcAddress 298->301 302 100011af 298->302 304 10001372-10001373 299->304 307 10001349-1000134e 300->307 308 1000123f-10001268 GetProcAddress * 3 300->308 305 10001158-10001164 LocalAlloc 301->305 306 1000119f 301->306 303 100011b4-100011b6 302->303 309 100011b8-100011ba 303->309 310 100011bf 303->310 304->296 311 10001193-10001196 305->311 312 100011a4-100011ad FreeLibrary 306->312 307->304 313 1000133a-1000133d FreeLibrary 308->313 314 1000126e-10001270 308->314 309->304 316 100011c2-100011c7 310->316 318 10001166-10001177 NtQuerySystemInformation 311->318 319 10001198-1000119d 311->319 312->303 317 10001343-10001347 313->317 314->313 315 10001276-10001278 314->315 315->313 320 1000127e-10001289 315->320 321 100011c9-100011ee lstrcpynW lstrcmpiW 316->321 322 1000120f-10001213 316->322 317->307 323 10001350-10001354 317->323 318->312 324 10001179-10001188 LocalFree 318->324 319->312 320->313 335 1000128f-100012a3 320->335 321->322 325 100011f0-100011f7 321->325 328 10001215-10001217 322->328 329 10001219-10001222 LocalFree 322->329 326 10001370 323->326 327 10001356-1000135a 323->327 324->319 330 1000118a-10001191 LocalAlloc 324->330 325->329 332 100011f9-1000120c call 1000103f 325->332 326->304 333 10001363-10001367 327->333 334 1000135c-10001361 327->334 328->316 329->317 330->311 332->322 333->326 337 10001369-1000136e 333->337 334->304 340 1000132b-1000132d 335->340 337->304 341 10001333-10001334 CloseHandle 340->341 342 100012a8-100012bc lstrlenW 340->342 341->313 343 100012c3-100012c7 342->343 344 100012c9-100012fc lstrlenA MultiByteToWideChar lstrcmpiW 343->344 345 100012be-100012c0 343->345 347 10001320-10001327 344->347 348 100012fe-10001305 344->348 345->344 346 100012c2 345->346 346->343 347->340 348->341 349 10001307-1000131d call 1000103f 348->349 349->347
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 100010F6
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1862074481.0000000010001000.00000020.00000001.01000000.00000009.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862035517.0000000010000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862103950.0000000010002000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862135107.0000000010004000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_10000000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                        • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$NTDLL.DLL$NtQuerySystemInformation$Process32First$Process32Next
                                                                                                                                                                                                        • API String ID: 1889659487-877962304
                                                                                                                                                                                                        • Opcode ID: 7d7e9519b5160fc9c378ed57362ed99c5f4eb730c932ba2a1b4742be338fdd70
                                                                                                                                                                                                        • Instruction ID: 7912c964d9e25ca6fd3cf3701ff0e873bdc70cccdad54a87c94dbd913505c8d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d7e9519b5160fc9c378ed57362ed99c5f4eb730c932ba2a1b4742be338fdd70
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F714671900229EFFB21DBA4CC88AEE7BF9EB483C5F114166EA15E2159E7708B44CF51
                                                                                                                                                                                                        Function 004059CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 556 4059cc-4059f2 call 405c97 559 4059f4-405a06 DeleteFileW 556->559 560 405a0b-405a12 556->560 561 405b88-405b8c 559->561 562 405a14-405a16 560->562 563 405a25-405a35 call 4062ba 560->563 564 405b36-405b3b 562->564 565 405a1c-405a1f 562->565 569 405a44-405a45 call 405bdb 563->569 570 405a37-405a42 lstrcatW 563->570 564->561 568 405b3d-405b40 564->568 565->563 565->564 571 405b42-405b48 568->571 572 405b4a-405b52 call 4065fd 568->572 573 405a4a-405a4e 569->573 570->573 571->561 572->561 579 405b54-405b68 call 405b8f call 405984 572->579 577 405a50-405a58 573->577 578 405a5a-405a60 lstrcatW 573->578 577->578 580 405a65-405a81 lstrlenW FindFirstFileW 577->580 578->580 596 405b80-405b83 call 405322 579->596 597 405b6a-405b6d 579->597 581 405a87-405a8f 580->581 582 405b2b-405b2f 580->582 584 405a91-405a99 581->584 585 405aaf-405ac3 call 4062ba 581->585 582->564 587 405b31 582->587 588 405a9b-405aa3 584->588 589 405b0e-405b1e FindNextFileW 584->589 598 405ac5-405acd 585->598 599 405ada-405ae5 call 405984 585->599 587->564 588->585 592 405aa5-405aad 588->592 589->581 595 405b24-405b25 FindClose 589->595 592->585 592->589 595->582 596->561 597->571 600 405b6f-405b7e call 405322 call 406080 597->600 598->589 601 405acf-405ad8 call 4059cc 598->601 609 405b06-405b09 call 405322 599->609 610 405ae7-405aea 599->610 600->561 601->589 609->589 613 405aec-405afc call 405322 call 406080 610->613 614 405afe-405b04 610->614 613->589 614->589
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,004DF000,74DF3420,00000000), ref: 004059F5
                                                                                                                                                                                                        • lstrcatW.KERNEL32(00460250,\*.*,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A3D
                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A60
                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A66
                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00460250,?,?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A76
                                                                                                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                        • API String ID: 2035342205-1173974218
                                                                                                                                                                                                        • Opcode ID: d24b36fde581ccc6802bb78d79f9b729ec530bf46928932bd36a11826cef9a2a
                                                                                                                                                                                                        • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d24b36fde581ccc6802bb78d79f9b729ec530bf46928932bd36a11826cef9a2a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                        Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                        • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                        • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                        Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 542301482-0
                                                                                                                                                                                                        • Opcode ID: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                        • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                                        Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 190->193 197 403d87-403d94 SetWindowPos 191->197 198 403d9a-403d9d 191->198 195 403f20-403f23 192->195 196 403f5e-403f63 call 40427d 192->196 193->192 202 403f25-403f30 call 401389 195->202 203 403f56-403f58 195->203 210 403f68-403f83 196->210 197->198 199 403db7-403dbd 198->199 200 403d9f-403db1 ShowWindow 198->200 205 403dd9-403ddc 199->205 206 403dbf-403dd4 DestroyWindow 199->206 200->199 202->203 224 403f32-403f51 SendMessageW 202->224 203->196 209 4041fe 203->209 214 403dde-403dea SetWindowLongW 205->214 215 403def-403df5 205->215 211 4041db-4041e1 206->211 213 404200-404207 209->213 217 403f85-403f87 call 40140b 210->217 218 403f8c-403f92 210->218 211->209 219 4041e3-4041e9 211->219 214->213 222 403e98-403ea6 call 404298 215->222 223 403dfb-403e0c GetDlgItem 215->223 217->218 220 403f98-403fa3 218->220 221 4041bc-4041d5 DestroyWindow EndDialog 218->221 219->209 226 4041eb-4041f4 ShowWindow 219->226 220->221 227 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 220->227 221->211 222->213 228 403e2b-403e2e 223->228 229 403e0e-403e25 SendMessageW IsWindowEnabled 223->229 224->213 226->209 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 227->258 259 403ff8-403ffd 227->259 232 403e30-403e31 228->232 233 403e33-403e36 228->233 229->209 229->228 236 403e61-403e66 call 40420a 232->236 237 403e44-403e49 233->237 238 403e38-403e3e 233->238 236->222 242 403e7f-403e92 SendMessageW 237->242 243 403e4b-403e51 237->243 241 403e40-403e42 238->241 238->242 241->236 242->222 246 403e53-403e59 call 40140b 243->246 247 403e68-403e71 call 40140b 243->247 254 403e5f 246->254 247->222 256 403e73-403e7d 247->256 254->236 256->254 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->210 278 4040d1-4040d3 267->278 278->210 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->211 283 404116-404143 CreateDialogParamW 280->283 281->209 282 4040eb-4040f1 281->282 282->210 284 4040f7 282->284 283->211 285 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 283->285 284->209 285->209 290 4041a2-4041b5 ShowWindow call 40427d 285->290 292 4041ba 290->292 292->211
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                        • EnableWindow.USER32(?,?), ref: 00404034
                                                                                                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                        • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3282139019-0
                                                                                                                                                                                                        • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                        • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                                        Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 352 4039aa-4039c2 call 406694 355 4039c4-4039d4 call 406201 352->355 356 4039d6-403a0d call 406188 352->356 364 403a30-403a59 call 403c80 call 405c97 355->364 360 403a25-403a2b lstrcatW 356->360 361 403a0f-403a20 call 406188 356->361 360->364 361->360 370 403aeb-403af3 call 405c97 364->370 371 403a5f-403a64 364->371 377 403b01-403b26 LoadImageW 370->377 378 403af5-403afc call 4062dc 370->378 371->370 372 403a6a-403a92 call 406188 371->372 372->370 382 403a94-403a98 372->382 380 403ba7-403baf call 40140b 377->380 381 403b28-403b58 RegisterClassW 377->381 378->377 395 403bb1-403bb4 380->395 396 403bb9-403bc4 call 403c80 380->396 383 403c76 381->383 384 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 381->384 386 403aaa-403ab6 lstrlenW 382->386 387 403a9a-403aa7 call 405bbc 382->387 389 403c78-403c7f 383->389 384->380 390 403ab8-403ac6 lstrcmpiW 386->390 391 403ade-403ae6 call 405b8f call 4062ba 386->391 387->386 390->391 394 403ac8-403ad2 GetFileAttributesW 390->394 391->370 398 403ad4-403ad6 394->398 399 403ad8-403ad9 call 405bdb 394->399 395->389 405 403bca-403be4 ShowWindow call 406624 396->405 406 403c4d-403c4e call 4053f5 396->406 398->391 398->399 399->391 413 403bf0-403c02 GetClassInfoW 405->413 414 403be6-403beb call 406624 405->414 409 403c53-403c55 406->409 411 403c57-403c5d 409->411 412 403c6f-403c71 call 40140b 409->412 411->395 417 403c63-403c6a call 40140b 411->417 412->383 415 403c04-403c14 GetClassInfoW RegisterClassW 413->415 416 403c1a-403c3d DialogBoxParamW call 40140b 413->416 414->413 415->416 422 403c42-403c4b call 4038fa 416->422 417->395 422->389
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                          • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000,74DF3420,004CB000,00000000), ref: 00403A2B
                                                                                                                                                                                                        • lstrlenW.KERNEL32(Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(Delete on reboot: ), ref: 00403AC9
                                                                                                                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                          • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                        • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                        • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                        • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                        • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Delete on reboot: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                        • API String ID: 1975747703-2967253400
                                                                                                                                                                                                        • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                        • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                                        Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 426 4062dc-4062e7 427 4062e9-4062f8 426->427 428 4062fa-406310 426->428 427->428 429 406316-406323 428->429 430 406528-40652e 428->430 429->430 431 406329-406330 429->431 432 406534-40653f 430->432 433 406335-406342 430->433 431->430 435 406541-406545 call 4062ba 432->435 436 40654a-40654b 432->436 433->432 434 406348-406354 433->434 437 406515 434->437 438 40635a-406398 434->438 435->436 442 406523-406526 437->442 443 406517-406521 437->443 440 4064b8-4064bc 438->440 441 40639e-4063a9 438->441 446 4064be-4064c4 440->446 447 4064ef-4064f3 440->447 444 4063c2 441->444 445 4063ab-4063b0 441->445 442->430 443->430 453 4063c9-4063d0 444->453 445->444 450 4063b2-4063b5 445->450 451 4064d4-4064e0 call 4062ba 446->451 452 4064c6-4064d2 call 406201 446->452 448 406502-406513 lstrlenW 447->448 449 4064f5-4064fd call 4062dc 447->449 448->430 449->448 450->444 455 4063b7-4063ba 450->455 464 4064e5-4064eb 451->464 452->464 457 4063d2-4063d4 453->457 458 4063d5-4063d7 453->458 455->444 460 4063bc-4063c0 455->460 457->458 462 406412-406415 458->462 463 4063d9-4063f7 call 406188 458->463 460->453 466 406425-406428 462->466 467 406417-406423 GetSystemDirectoryW 462->467 469 4063fc-406400 463->469 464->448 465 4064ed 464->465 470 4064b0-4064b6 call 40654e 465->470 472 406493-406495 466->472 473 40642a-406438 GetWindowsDirectoryW 466->473 471 406497-40649b 467->471 474 4064a0-4064a3 469->474 475 406406-40640d call 4062dc 469->475 470->448 471->470 477 40649d 471->477 472->471 476 40643a-406444 472->476 473->472 474->470 480 4064a5-4064ab lstrcatW 474->480 475->471 482 406446-406449 476->482 483 40645e-406474 SHGetSpecialFolderLocation 476->483 477->474 480->470 482->483 485 40644b-406452 482->485 486 406476-40648d SHGetPathFromIDListW CoTaskMemFree 483->486 487 40648f 483->487 488 40645a-40645c 485->488 486->471 486->487 487->472 488->471 488->483
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(Delete on reboot: ,00002000), ref: 0040641D
                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(Delete on reboot: ,00002000,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(0042CE00,Delete on reboot: ), ref: 0040647A
                                                                                                                                                                                                        • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                                        • lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                        • lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                        • String ID: Delete on reboot: $Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                        • API String ID: 717251189-3898821792
                                                                                                                                                                                                        • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                        • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                                        Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 489 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 492 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 489->492 493 402f2d-402f32 489->493 501 403052-403060 call 402e79 492->501 502 402f6b 492->502 494 40310f-403113 493->494 508 403062-403065 501->508 509 4030b5-4030ba 501->509 504 402f70-402f87 502->504 506 402f89 504->506 507 402f8b-402f94 call 403331 504->507 506->507 516 402f9a-402fa1 507->516 517 4030bc-4030c4 call 402e79 507->517 511 403067-40307f call 403347 call 403331 508->511 512 403089-4030b3 GlobalAlloc call 403347 call 403116 508->512 509->494 511->509 539 403081-403087 511->539 512->509 538 4030c6-4030d7 512->538 521 402fa3-402fb7 call 405d6b 516->521 522 40301d-403021 516->522 517->509 528 40302b-403031 521->528 536 402fb9-402fc0 521->536 527 403023-40302a call 402e79 522->527 522->528 527->528 529 403040-40304a 528->529 530 403033-40303d call 406787 528->530 529->504 537 403050 529->537 530->529 536->528 542 402fc2-402fc9 536->542 537->501 543 4030d9 538->543 544 4030df-4030e4 538->544 539->509 539->512 542->528 545 402fcb-402fd2 542->545 543->544 546 4030e5-4030eb 544->546 545->528 547 402fd4-402fdb 545->547 546->546 548 4030ed-403108 SetFilePointer call 405d6b 546->548 547->528 549 402fdd-402ffd 547->549 552 40310d 548->552 549->509 551 403003-403007 549->551 553 403009-40300d 551->553 554 40300f-403017 551->554 552->494 553->537 553->554 554->528 555 403019-40301b 554->555 555->528
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                          • Part of subcall function 00405DB0: GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                          • Part of subcall function 00405DB0: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Inst, xrefs: 00402FC2
                                                                                                                                                                                                        • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                        • soft, xrefs: 00402FCB
                                                                                                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                        • Null, xrefs: 00402FD4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                        • API String ID: 4283519449-527102705
                                                                                                                                                                                                        • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                        • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                                        Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 620 40176f-401794 call 402c41 call 405c06 625 401796-40179c call 4062ba 620->625 626 40179e-4017b0 call 4062ba call 405b8f lstrcatW 620->626 631 4017b5-4017b6 call 40654e 625->631 626->631 635 4017bb-4017bf 631->635 636 4017c1-4017cb call 4065fd 635->636 637 4017f2-4017f5 635->637 644 4017dd-4017ef 636->644 645 4017cd-4017db CompareFileTime 636->645 638 4017f7-4017f8 call 405d8b 637->638 639 4017fd-401819 call 405db0 637->639 638->639 647 40181b-40181e 639->647 648 40188d-4018b6 call 405322 call 403116 639->648 644->637 645->644 649 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 647->649 650 40186f-401879 call 405322 647->650 660 4018b8-4018bc 648->660 661 4018be-4018ca SetFileTime 648->661 649->635 682 401864-401865 649->682 662 401882-401888 650->662 660->661 664 4018d0-4018db CloseHandle 660->664 661->664 665 402ace 662->665 669 4018e1-4018e4 664->669 670 402ac5-402ac8 664->670 667 402ad0-402ad4 665->667 672 4018e6-4018f7 call 4062dc lstrcatW 669->672 673 4018f9-4018fc call 4062dc 669->673 670->665 679 401901-4022fc call 405920 672->679 673->679 679->667 679->670 682->662 684 401867-401868 682->684 684->650
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                          • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                          • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\), ref: 0040538F
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp$C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll$ExecShellAsUser
                                                                                                                                                                                                        • API String ID: 1941528284-1712772539
                                                                                                                                                                                                        • Opcode ID: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                        • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                                        Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 686 406624-406644 GetSystemDirectoryW 687 406646 686->687 688 406648-40664a 686->688 687->688 689 40665b-40665d 688->689 690 40664c-406655 688->690 692 40665e-406691 wsprintfW LoadLibraryExW 689->692 690->689 691 406657-406659 690->691 691->692
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                        • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                        • API String ID: 2200240437-1946221925
                                                                                                                                                                                                        • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                        • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                                        Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 693 403116-40312d 694 403136-40313f 693->694 695 40312f 693->695 696 403141 694->696 697 403148-40314d 694->697 695->694 696->697 698 40315d-40316a call 403331 697->698 699 40314f-403158 call 403347 697->699 703 403170-403174 698->703 704 40331f 698->704 699->698 705 4032ca-4032cc 703->705 706 40317a-4031c3 GetTickCount 703->706 707 403321-403322 704->707 708 40330c-40330f 705->708 709 4032ce-4032d1 705->709 710 403327 706->710 711 4031c9-4031d1 706->711 712 40332a-40332e 707->712 713 403311 708->713 714 403314-40331d call 403331 708->714 709->710 715 4032d3 709->715 710->712 716 4031d3 711->716 717 4031d6-4031e4 call 403331 711->717 713->714 714->704 726 403324 714->726 719 4032d6-4032dc 715->719 716->717 717->704 725 4031ea-4031f3 717->725 723 4032e0-4032ee call 403331 719->723 724 4032de 719->724 723->704 730 4032f0-4032f5 call 405e62 723->730 724->723 728 4031f9-403219 call 4067f5 725->728 726->710 735 4032c2-4032c4 728->735 736 40321f-403232 GetTickCount 728->736 734 4032fa-4032fc 730->734 737 4032c6-4032c8 734->737 738 4032fe-403308 734->738 735->707 739 403234-40323c 736->739 740 40327d-40327f 736->740 737->707 738->719 741 40330a 738->741 742 403244-40327a MulDiv wsprintfW call 405322 739->742 743 40323e-403242 739->743 744 403281-403285 740->744 745 4032b6-4032ba 740->745 741->710 742->740 743->740 743->742 748 403287-40328e call 405e62 744->748 749 40329c-4032a7 744->749 745->711 746 4032c0 745->746 746->710 754 403293-403295 748->754 750 4032aa-4032ae 749->750 750->728 753 4032b4 750->753 753->710 754->737 755 403297-40329a 754->755 755->750
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CountTick$wsprintf
                                                                                                                                                                                                        • String ID: ... %d%%
                                                                                                                                                                                                        • API String ID: 551687249-2449383134
                                                                                                                                                                                                        • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                        • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                                        Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 756 401c1f-401c3f call 402c1f * 2 761 401c41-401c48 call 402c41 756->761 762 401c4b-401c4f 756->762 761->762 764 401c51-401c58 call 402c41 762->764 765 401c5b-401c61 762->765 764->765 768 401c63-401c7f call 402c1f * 2 765->768 769 401caf-401cd9 call 402c41 * 2 FindWindowExW 765->769 779 401c81-401c9d SendMessageTimeoutW 768->779 780 401c9f-401cad SendMessageW 768->780 781 401cdf 769->781 782 401ce2-401ce5 779->782 780->781 781->782 783 402ac5-402ad4 782->783 784 401ceb 782->784 784->783
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                                                                                        • String ID: !
                                                                                                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                                                                                                        • Opcode ID: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                        • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                                        Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 787 4023e4-402415 call 402c41 * 2 call 402cd1 794 402ac5-402ad4 787->794 795 40241b-402425 787->795 797 402427-402434 call 402c41 lstrlenW 795->797 798 402438-40243b 795->798 797->798 801 40243d-40244e call 402c1f 798->801 802 40244f-402452 798->802 801->802 805 402463-402477 RegSetValueExW 802->805 806 402454-40245e call 403116 802->806 809 402479 805->809 810 40247c-40255d RegCloseKey 805->810 806->805 809->810 810->794
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                        • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseValuelstrlen
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp
                                                                                                                                                                                                        • API String ID: 2655323295-755897801
                                                                                                                                                                                                        • Opcode ID: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                        • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                                        Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 812 4057f1-40583c CreateDirectoryW 813 405842-40584f GetLastError 812->813 814 40583e-405840 812->814 815 405869-40586b 813->815 816 405851-405865 SetFileSecurityW 813->816 814->815 816->814 817 405867 GetLastError 816->817 817->815
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405834
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3449924974-0
                                                                                                                                                                                                        • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                        • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                        Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 818 405c97-405cb2 call 4062ba call 405c3a 823 405cb4-405cb6 818->823 824 405cb8-405cc5 call 40654e 818->824 825 405d10-405d12 823->825 828 405cd5-405cd9 824->828 829 405cc7-405ccd 824->829 831 405cef-405cf8 lstrlenW 828->831 829->823 830 405ccf-405cd3 829->830 830->823 830->828 832 405cfa-405d0e call 405b8f GetFileAttributesW 831->832 833 405cdb-405ce2 call 4065fd 831->833 832->825 838 405ce4-405ce7 833->838 839 405ce9-405cea call 405bdb 833->839 838->823 838->839 839->831
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                        • lstrlenW.KERNEL32(00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405CF0
                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00464250,00464250,00464250,00464250,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00405D00
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                        • String ID: PBF
                                                                                                                                                                                                        • API String ID: 3248276644-3456974464
                                                                                                                                                                                                        • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                        • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                        Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Delete on reboot: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                        • RegCloseKey.KERNEL32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Delete on reboot: ,Delete on reboot: ,Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\), ref: 004061D9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseQueryValue
                                                                                                                                                                                                        • String ID: Delete on reboot:
                                                                                                                                                                                                        • API String ID: 3356406503-2410499825
                                                                                                                                                                                                        • Opcode ID: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                        • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                        Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9), ref: 00405E18
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                                                                                                        • String ID: nsa
                                                                                                                                                                                                        • API String ID: 1716503409-2209301699
                                                                                                                                                                                                        • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                        • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                        Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                          • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                          • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\), ref: 0040538F
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                          • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 334405425-0
                                                                                                                                                                                                        • Opcode ID: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                        • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                                        Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalFree.KERNEL32(0096C018), ref: 00401BE7
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$AllocFree
                                                                                                                                                                                                        • String ID: ExecShellAsUser
                                                                                                                                                                                                        • API String ID: 3394109436-869331269
                                                                                                                                                                                                        • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                        • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                                        Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 004065FD: FindFirstFileW.KERNEL32(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                          • Part of subcall function 004065FD: FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1486964399-0
                                                                                                                                                                                                        • Opcode ID: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                        • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                        Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00405D8B: GetFileAttributesW.KERNEL32(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                          • Part of subcall function 00405D8B: SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DA4
                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1655745494-0
                                                                                                                                                                                                        • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                        • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                        Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                          • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                          • Part of subcall function 004057F1: CreateDirectoryW.KERNEL32(?,?,00000000), ref: 00405834
                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1892508949-0
                                                                                                                                                                                                        • Opcode ID: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                        • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                        Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseQueryValue
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3356406503-0
                                                                                                                                                                                                        • Opcode ID: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                        • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                        • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                        • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                        Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                          • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                        • CoUninitialize.COMBASE(00000404,00000000), ref: 00405451
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2896919175-0
                                                                                                                                                                                                        • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                        • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                        Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$EnableShow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1136574915-0
                                                                                                                                                                                                        • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                        • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                        Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                          • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                          • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                          • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2547128583-0
                                                                                                                                                                                                        • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                        • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                        Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,004DF000,00000000,74DF3420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1100898210-0
                                                                                                                                                                                                        • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                        • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                        Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                                                        • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                        • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                        Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405DA4
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                        • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                        • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                        Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1375471231-0
                                                                                                                                                                                                        • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                        • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                        Function 10001489 Relevance: 2.5, APIs: 2, Instructions: 21memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,10003020,100014FC,?), ref: 1000149F
                                                                                                                                                                                                        • lstrcpynW.KERNEL32(00000004,?), ref: 100014B5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1862074481.0000000010001000.00000020.00000001.01000000.00000009.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862035517.0000000010000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862103950.0000000010002000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862135107.0000000010004000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_10000000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocGloballstrcpyn
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3204721840-0
                                                                                                                                                                                                        • Opcode ID: 7e9eef845177ba5245eb2735bb041f0ff385b9271c8ddd767e70dc5f012df0a1
                                                                                                                                                                                                        • Instruction ID: 361e62e2015642942e1ebb294ae414484f63df745629393bb2a734a4123f9584
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e9eef845177ba5245eb2735bb041f0ff385b9271c8ddd767e70dc5f012df0a1
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82F0AEBA1012209FE346CF54C898F92BBE8FB08390F008415EA4987239C3309844CF54
                                                                                                                                                                                                        Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                        • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                        • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                        Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileWrite
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3934441357-0
                                                                                                                                                                                                        • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                        • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                        Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                        • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                        • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                        Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Delete on reboot: ,?), ref: 0040614B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Open
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 71445658-0
                                                                                                                                                                                                        • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                        • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                        Function 00406080 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • MoveFileExW.KERNEL32(?,?,00000005,00405B7E,?,00000000,000000F1,?,?,?,?,?), ref: 0040608A
                                                                                                                                                                                                          • Part of subcall function 00405F06: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                          • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                          • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                          • Part of subcall function 00405F06: wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                          • Part of subcall function 00405F06: GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                          • Part of subcall function 00405F06: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                          • Part of subcall function 00405F06: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                          • Part of subcall function 00405F06: SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1930046112-0
                                                                                                                                                                                                        • Opcode ID: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                                        • Instruction ID: 90c27e8b518d79db7b79f3353fecf9451eb8ea8c7f58bc67283902775dd808e1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FD0C932148201BEDB165B10ED05A1FBBA1FB90355F11D43EF28DA00B0EB3684B4EF0A
                                                                                                                                                                                                        Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ItemText
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3367045223-0
                                                                                                                                                                                                        • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                        • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                        Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                        • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                        • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                        Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                                                                        • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                        • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                        Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                        • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                        • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                        Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                        • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                        • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19
                                                                                                                                                                                                        Function 004038D0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                        • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                        • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                        • String ID: $M$N
                                                                                                                                                                                                        • API String ID: 1638840714-813528018
                                                                                                                                                                                                        • Opcode ID: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                        • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                        Function 00404722 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(Delete on reboot: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,Delete on reboot: ), ref: 00404895
                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                          • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                          • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                          • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                          • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                          • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                          • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                          • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                          • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                        • String ID: A$Delete on reboot:
                                                                                                                                                                                                        • API String ID: 2624150263-2014378647
                                                                                                                                                                                                        • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                        • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                        Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                                                        • Opcode ID: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                        • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                        Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                        • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                        Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                        • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                        Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                        • String ID: Delete on reboot: $N$gC@
                                                                                                                                                                                                        • API String ID: 3103080414-1763248576
                                                                                                                                                                                                        • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                        • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                        • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                        • String ID: F
                                                                                                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                                                                                                        • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                        • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                        Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                          • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                          • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                        • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                          • Part of subcall function 00405DB0: GetFileAttributesW.KERNEL32(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                          • Part of subcall function 00405DB0: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                        • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                        • API String ID: 2171350718-461813615
                                                                                                                                                                                                        • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                        • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                        Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                        • lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                        • lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,0040327A,0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                        • SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\), ref: 0040538F
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                        • String ID: Delete on reboot: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\
                                                                                                                                                                                                        • API String ID: 2531174081-809207536
                                                                                                                                                                                                        • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                        • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                        Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                        • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                        • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2320649405-0
                                                                                                                                                                                                        • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                        • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                        • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                        Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                          • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                        • String ID: 9
                                                                                                                                                                                                        • API String ID: 163830602-2366072709
                                                                                                                                                                                                        • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                        • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                        Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                        • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                                                                                                        • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                        • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                        Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                        • String ID: MS Shell Dlg
                                                                                                                                                                                                        • API String ID: 3808545654-76309092
                                                                                                                                                                                                        • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                        • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                        Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                        • MulDiv.KERNEL32(03B8B360,00000064,03B8FD18), ref: 00402E3C
                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                                                                                                        • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                        • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                        Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2667972263-0
                                                                                                                                                                                                        • Opcode ID: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                        • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                        Function 1000103F Relevance: 9.1, APIs: 6, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • OpenProcess.KERNEL32(00100401,00000000,?,0000025E,?,00004000,?), ref: 10001054
                                                                                                                                                                                                        • EnumWindows.USER32(10001007,?), ref: 10001074
                                                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(00000000,?), ref: 10001084
                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 1000109D
                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 100010AE
                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 100010C5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1862074481.0000000010001000.00000020.00000001.01000000.00000009.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862035517.0000000010000000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862103950.0000000010002000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1862135107.0000000010004000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_10000000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Process$CloseCodeEnumExitHandleObjectOpenSingleTerminateWaitWindows
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3465249596-0
                                                                                                                                                                                                        • Opcode ID: ba2bc8da3a6140de48577a9aba2e14b09a295dc7b85f115a3014824a2a14e04b
                                                                                                                                                                                                        • Instruction ID: a75cb7c18b994dd6f526631e0a7af626cc5939ab073c97fe0f3ca5b5d0fb8a21
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba2bc8da3a6140de48577a9aba2e14b09a295dc7b85f115a3014824a2a14e04b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3811E235A00299EFFB00DFA5CDC8AEE77BCEB456C5F014069FA4192149D7B49981CB62
                                                                                                                                                                                                        Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                        • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                        • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                        • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                                                                                                        • String ID: *?|<>/":
                                                                                                                                                                                                        • API String ID: 589700163-165019052
                                                                                                                                                                                                        • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                        • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                        Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll,?,?,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsmD94F.tmp$C:\Users\user\AppData\Local\Temp\nsmD94F.tmp\StdUtils.dll
                                                                                                                                                                                                        • API String ID: 3109718747-3700268023
                                                                                                                                                                                                        • Opcode ID: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                        • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                        Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 1849352358-0
                                                                                                                                                                                                        • Opcode ID: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                        • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                        Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                                                                                                        • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                        • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                        Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Close$Enum
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 464197530-0
                                                                                                                                                                                                        • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                                                                                        • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                        Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2102729457-0
                                                                                                                                                                                                        • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                        • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                        Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                          • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                                                                                                        • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                        • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                        Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                        • String ID: Error launching installer
                                                                                                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                                                                                                        • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                        • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                        Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                        • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000000.00000002.1851942487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000000.00000002.1851891669.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852023051.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852089016.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.0000000000597000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005AD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000000.00000002.1852657854.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_NeatReader Setup 8.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 190613189-0
                                                                                                                                                                                                        • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                        • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98