Windows Analysis Report
Reader_Install_Setup.exe

Overview

General Information

Sample name: Reader_Install_Setup.exe
Analysis ID: 1391064
MD5: f543b65c504c5d548e6005f2cba5ddb6
SHA1: b5484f2abd286c49360077ae18fa1f0fcdc77900
SHA256: 9fd5d542f797d9dc630738d7c1b803d34bc0bab593c8d992f9a159ac0a28b276
Infos:

Detection

Score: 7
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Found evaded block containing many API calls
Found potential string decryption / allocating functions
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: Reader_Install_Setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Reader_Install_Setup.exe Static PE information: certificate valid
Source: Reader_Install_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003393E0 GetFileAttributesW,PathFileExistsW,PathIsDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_003393E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00344620 PathIsDirectoryW,GetFileAttributesW,GetLastError,FindFirstFileW,FindNextFileW,GetLastError,FindClose,DeleteFileW,DeleteFileW,RemoveDirectoryW,RemoveDirectoryW,FindClose,GetLastError, 0_2_00344620
Source: Reader_Install_Setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Reader_Install_Setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Reader_Install_Setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Reader_Install_Setup.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Reader_Install_Setup.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Reader_Install_Setup.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Reader_Install_Setup.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Reader_Install_Setup.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Reader_Install_Setup.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Reader_Install_Setup.exe String found in binary or memory: http://ocsp.digicert.com0
Source: Reader_Install_Setup.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: Reader_Install_Setup.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: Reader_Install_Setup.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E59000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1675262282.0000000007E4C000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017704
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://typekit.com/eulas/000000000000000000017704R
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://typekit.com/eulas/000000000000000000017706(v(
Source: Reader_Install_Setup.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1670096819.0000000007E09000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://getbootstrap.com/)
Source: Reader_Install_Setup.exe String found in binary or memory: https://github.com/Fin
Source: Reader_Install_Setup.exe, 00000000.00000003.1663642057.0000000004141000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905428102.0000000007FBA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Financial-Times/polyfill-service/issues/317
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.dr String found in binary or memory: https://mths.be/array-from
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.dr String found in binary or memory: https://mths.be/array-of
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://p.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://p.typekit.net/V
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903903113.0000000007F0D000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://p.typekit.net/p.gif
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E6F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://p.typekit.net/p.gif?s=1&k=bxf0ivf&ht=tk&h=C%3A%5CUsers%5Cuser%5CDesktop%5CReader_Install_Se
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rdc.adobe.io
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rdc.adobe.io/
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2902258068.0000000005040000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://rdc.adobe.io/adm/actionList
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.dr String found in binary or memory: https://rdc.adobe.io/adm/actionList?installerName=readerdc64_en_ha_install.exe&defaultInstallerName=
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rdc.adobe.io/analytics/events
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E4B000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.dr String found in binary or memory: https://rdc.adobe.io/analytics/events?UniqueId=46AAA59F-2AE3-4072-9622-61163E17181B&abbr=rdr&admErro
Source: Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://rdc.adobe.io/analytics/eventsanalyticstestWorkflowApplication
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rdc.adobe.io/w
Source: Reader_Install_Setup.exe String found in binary or memory: https://reactjs.org/docs/err
Source: Reader_Install_Setup.exe, 00000000.00000003.1676080029.0000000007D21000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2911197588.0000000009C76000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: Reader_Install_Setup.exe, 00000000.00000003.1663276754.00000000092DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=arguments.length
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reactjs.org/link/react-polyfillsThis
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://reactjs.org/link/react-polyfillsn.unstable_shouldYieldn.unstable_forceFrameRate
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/T
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.dr String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2899455039.0000000003568000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2900577435.00000000036A3000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001418000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, 160[1].0.dr String found in binary or memory: https://use.typekit.net/bxf0ivf.js
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.js#
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.jsEvent1256
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.jsL
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000144F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.js_Install_Setup.exe/160C959/
Source: Reader_Install_Setup.exe, 00000000.00000002.2911694624.0000000009D00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.jsinitErrorMultipleInstanceRunningI
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.jsn
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://use.typekit.net/bxf0ivf.jsn.type
Detected potential crypto function
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00325120 0_2_00325120
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002E4170 0_2_002E4170
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002FD240 0_2_002FD240
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002E12E0 0_2_002E12E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003213D0 0_2_003213D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00312410 0_2_00312410
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002FC7B0 0_2_002FC7B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003207D0 0_2_003207D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F9910 0_2_002F9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0031F970 0_2_0031F970
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00322950 0_2_00322950
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DEE50 0_2_002DEE50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00323F00 0_2_00323F00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00306F90 0_2_00306F90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002ED000 0_2_002ED000
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DB040 0_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00314090 0_2_00314090
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003100C0 0_2_003100C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002D10D0 0_2_002D10D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004B5150 0_2_004B5150
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004B3173 0_2_004B3173
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004AB11B 0_2_004AB11B
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002EE1E0 0_2_002EE1E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0031E1C0 0_2_0031E1C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00302200 0_2_00302200
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004BD22A 0_2_004BD22A
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003372E0 0_2_003372E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032C300 0_2_0032C300
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0031B360 0_2_0031B360
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0030F3E0 0_2_0030F3E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002EF430 0_2_002EF430
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F2500 0_2_002F2500
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F4570 0_2_002F4570
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032B5B0 0_2_0032B5B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00344620 0_2_00344620
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004C1661 0_2_004C1661
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032E600 0_2_0032E600
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002FF720 0_2_002FF720
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0031C710 0_2_0031C710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002D9710 0_2_002D9710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00343740 0_2_00343740
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004D07E0 0_2_004D07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032D7F0 0_2_0032D7F0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F07E0 0_2_002F07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003387E0 0_2_003387E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002D87D0 0_2_002D87D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00351840 0_2_00351840
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F3850 0_2_002F3850
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004A58E0 0_2_004A58E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003069A0 0_2_003069A0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0030E990 0_2_0030E990
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00341980 0_2_00341980
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003529E0 0_2_003529E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0033CA30 0_2_0033CA30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0030CA00 0_2_0030CA00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00325A60 0_2_00325A60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0030BA40 0_2_0030BA40
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003ABABB 0_2_003ABABB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00312AA0 0_2_00312AA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00335AF0 0_2_00335AF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00327BA0 0_2_00327BA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002F1C20 0_2_002F1C20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032BCA0 0_2_0032BCA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002EFC80 0_2_002EFC80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00314CF0 0_2_00314CF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0034CCE0 0_2_0034CCE0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032AD30 0_2_0032AD30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00302D10 0_2_00302D10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00328D60 0_2_00328D60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00338D90 0_2_00338D90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004AAD8D 0_2_004AAD8D
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0031EDD0 0_2_0031EDD0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0032CE70 0_2_0032CE70
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004CCE0F 0_2_004CCE0F
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00326E80 0_2_00326E80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00305ED0 0_2_00305ED0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00315F20 0_2_00315F20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00329F10 0_2_00329F10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DCF50 0_2_002DCF50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DDF90 0_2_002DDF90
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 0049FB1E appears 56 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 002DBB40 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 002DBE30 appears 128 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 0033D100 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 0049FC00 appears 44 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 002DC370 appears 97 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: String function: 002DC400 appears 87 times
PE file contains executable resources (Code or Archives)
Source: Reader_Install_Setup.exe Static PE information: Resource name: PNG type: DOS executable (COM, 0x8C-variant)
Sample file is different than original file name gathered from version info
Source: Reader_Install_Setup.exe, 00000000.00000000.1642519353.000000000070F000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exe, 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exe Binary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Searches for the Microsoft Outlook file path
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE Jump to behavior
Tries to load missing DLLs
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: oledlg.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: oleaccrc.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: pgpmapih.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dxgidebug.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: jscript9.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: msimtf.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: uianimation.dll Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Section loaded: windowscodecs.dll Jump to behavior
Uses 32bit PE files
Source: Reader_Install_Setup.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean7.winEXE@1/13@0/0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002E9910 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,OpenProcess,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle, 0_2_002E9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DB040 GetDiskFreeSpaceExW,GetDiskFreeSpaceExW,GetLogicalDrives, 0_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002E03E0 FindResourceW,LoadResource,LockResource,SizeofResource, 0_2_002E03E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe File created: C:\Users\user\AppData\Local\Adobe\FC8E3F82-914E-4939-8222-C31F7BB4E7DE Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Mutant created: \Sessions\1\BaseNamedObjects\Adobe_ADM.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Mutant created: \Sessions\1\BaseNamedObjects\Adobe_GDE.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe File created: C:\Users\user\AppData\Local\Temp\Adobe_ADMLogs Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: Reader_Install_Setup.exe String found in binary or memory: che Fertig stellen und starten Sie den Installationsvorgang neu." }, "invalidSKU": { "message": "Das {0}-Installationsprogramm ist veraltet oder eine Datei wurde umbenannt. Klicken Sie auf Fertig stellen, um das aktuelle Installa
Source: Reader_Install_Setup.exe String found in binary or memory: 84ydtiU3il6ry9nY {\r\n -webkit-animation: none;\r\n animation: none;\r\n }\r\n}\r\n\r\n.W6C_Cm_0CSNW7ljg2Y9l {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n}\r\n\r\n.xyiYCq7vZX3AEsLK_h4t {\r
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/waitForCompletion
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/launchProcessGuid
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/arguments/argument
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/launchPath
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/returnCode
Source: Reader_Install_Setup.exe String found in binary or memory: /launchParams/errorCode
Source: Reader_Install_Setup.exe String found in binary or memory: rrorUpdateMessage": { "message": " -installer " }, "ActionList_AlreadyExists": { "message": "" }, "ActionList_Complete": {
Source: Reader_Install_Setup.exe String found in binary or memory: -pack: start;\r\n justify-content: flex-start;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz .WNvdx4uqUWtr9A7ET3s8 {\r\n posit
Source: Reader_Install_Setup.exe String found in binary or memory: /install/arguments/argument
Source: Reader_Install_Setup.exe String found in binary or memory: /install/progressWaitLimit
Source: Reader_Install_Setup.exe String found in binary or memory: /install/returnCodes/returnCode
Source: Reader_Install_Setup.exe String found in binary or memory: /install/progressWaitTime
Source: Reader_Install_Setup.exe String found in binary or memory: \r\n .yZVqwct25RQtg_rJyphu {\r\n -ms-flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .yZVqwct25RQtg_rJyphu .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex
Source: Reader_Install_Setup.exe String found in binary or memory: 5GF_bATvy {\r\n z-index: 1;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-wrap: wrap;\r\n flex-wrap: wrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw .c1Sk
Source: Reader_Install_Setup.exe String found in binary or memory: rt;\r\n align-items: flex-start;\r\n -ms-flex-pack: center;\r\n justify-content: center;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI26_236LLhD2moOSicV,\r\n.KreO5lkqzKRYE6kMOpU8 > .znKiFK8BtK3Ryz9nqB1f {\r\n width: 100%;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI2
Source: Reader_Install_Setup.exe String found in binary or memory: flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .HR7PgL6swGh5IOFzTcX2 .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .HR7PgL6swGh
Source: Reader_Install_Setup.exe String found in binary or memory: Adobe Acrobat" }, "Congratulations": { "message": "Onnittelut" }, "ActionList_Verify": { "message": "Tarkistetaan asennusta..." }, "ActionList_ErrorUpdateMessage": { "message": "Komentoriviargumentti -installer vaaditaan, mutt
Source: Reader_Install_Setup.exe String found in binary or memory: "Congratulations": { "message": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided."
Source: Reader_Install_Setup.exe String found in binary or memory: ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.q2Zc28XrMrY0gB3RKQXQ > .P9ttp5CfYv4K8NwPCfAS,\r\n.q2Zc28XrMrY0gB3RKQXQ > .m8oOHyBtRiyoCu3QS5_q, .q2Zc28XrMrY0gB3RKQXQ > .uTTRfMaOKj_KeT7DYxKx, .q2Zc28XrMrY0gB3RKQXQ > .iJvWw3vT2QR1DLdPDvu3, .q
Source: Reader_Install_Setup.exe String found in binary or memory: r\n\r\n.sSYTlm_fbXuMQ2nOLx0w {\r\n -ms-flex-negative: 1 !important;\r\n flex-shrink: 1 !important;\r\n}\r\n\r\n.DASZHkth1o5IOMZyhTDx {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n}\r\n\r\n.LAWb7Cbf0N5DYoYZseWF {\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: flex-shrink-0":"on8QKWtR02qa9o9le_l4","flex-shrink-1":"sSYTlm_fbXuMQ2nOLx0w","justify-content-start":"DASZHkth1o5IOMZyhTDx","justify-content-end":"LAWb7Cbf0N5DYoYZseWF","justify-content-center":"FXBomI8D0oPm5hc8wxwA","justify-content-between":"wcoUwDW3XLAvF5XE
Source: Reader_Install_Setup.exe String found in binary or memory: f_0","justify-content-around":"YZxKsrbvidFu366yCv8k","align-items-start":"kzhaT0Oba_fChd17ICcv","align-items-end":"DfrSF9G_NhJxaBrTyI9E","align-items-center":"T2gjS8V2_aCimczn_mvA","align-items-baseline":"wvV162mt8CM64dJRJC_K","align-items-stretch":"uwleunsKzY
Source: Reader_Install_Setup.exe String found in binary or memory: essage": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided." }, "ActionList_AlreadyExist
Source: Reader_Install_Setup.exe String found in binary or memory: oW2nYlOE4","align-content-start":"Ux_l3vTkayi2Nq7VsaVG","align-content-end":"NeoGktt2uqAOkIls2tkD","align-content-center":"kFFYrbLbLECA7hshfgB4","align-content-between":"_ovIEpiGXhGpst7ciRVY","align-content-around":"lkHcf3zkijisAIDcTRgA","align-content-stretch
Source: Reader_Install_Setup.exe String found in binary or memory: ign-items: flex-start !important;\r\n}\r\n\r\n.DfrSF9G_NhJxaBrTyI9E {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n}\r\n\r\n.T2gjS8V2_aCimczn_mvA {\r\n -ms-flex-align: center !important;\r\n align-items: center !important;\r
Source: Reader_Install_Setup.exe String found in binary or memory: \n justify-content: flex-start;\r\n align-items: flex-end;\r\n}\r\n\r\n.IDKVSl_h7I8AUkTJyJZR{\r\n color:#505050;\r\n margin-left: auto;\r\n}\r\n\r\n.mdye5L_d5nxHhgXOJzOl {\r\n background-color: #2680eb\r\n}\r\n\r\n.uA6xPsp_APEYTCYzQpAm {\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: :"NEedZEkDvapuuRM76fDm","align-self-auto":"HZJOrTsRFta7TuRD5mLC","align-self-start":"OcYm86Cu28Oe4t9OrHGy","align-self-end":"Wie7fqOQFV_ARe1Jw09R","align-self-center":"M8kCN1fgOGwZVFJ3wLAX","align-self-baseline":"JItXRBa5bZTWWkWA6xmX","align-self-stretch":"B36
Source: Reader_Install_Setup.exe String found in binary or memory: VG {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n}\r\n\r\n.NeoGktt2uqAOkIls2tkD {\r\n -ms-flex-line-pack: end !important;\r\n align-content: flex-end !important;\r\n}\r\n\r\n.kFFYrbLbLECA7hshfgB4 {\r\n -ms-flex-l
Source: Reader_Install_Setup.exe String found in binary or memory: -content-sm-start":"B5btvvlXn96uf7yGf1tR","justify-content-sm-end":"PoT2qU4sMKBleURcc2cJ","justify-content-sm-center":"AVIeQzlddzrtDxIBXkKd","justify-content-sm-between":"ivJwQA579UzEbjI7CkZ_","justify-content-sm-around":"z68IWjEqXuP67bRb8eEp","align-items-sm-
Source: Reader_Install_Setup.exe String found in binary or memory: tart":"fJTv_QJTsr6EO2H1q4V3","align-items-sm-end":"w8v8i3VE57doJW3WhKMD","align-items-sm-center":"xPBnP81DTQHre7ixEe_q","align-items-sm-baseline":"Fv8YCtye3D9Er3k3sYNM","align-items-sm-stretch":"V6bazQgwJb2yoGr1NWeW","align-content-sm-start":"WLLVW2mH0bVmfnnPL
Source: Reader_Install_Setup.exe String found in binary or memory: \r\n align-self: auto !important;\r\n}\r\n\r\n.OcYm86Cu28Oe4t9OrHGy {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n}\r\n\r\n.Wie7fqOQFV_ARe1Jw09R {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !
Source: Reader_Install_Setup.exe String found in binary or memory: m-auto":"IzdFJiZ2UCQMY9aGg_QA","align-self-sm-start":"iiYDHEA6tQXlGqaKw7jz","align-self-sm-end":"uq0dyk4fScobfEBVnATd","align-self-sm-center":"UpE4hJfsUm5TuZtTZvsv","align-self-sm-baseline":"e4_Oxc7RitQH_sjNSulu","align-self-sm-stretch":"k3cpKukN1yqN0o_bwWbO",
Source: Reader_Install_Setup.exe String found in binary or memory: reverse":"vy8MgiufjANaWTk_ZwWQ","flex-md-fill":"Oew_loBO0_dkmOrnii5w","flex-md-grow-0":"suF3M9_Dg1jwPDHryUtV","flex-md-grow-1":"NgldPqvt9DiqtAbphcRj","flex-md-shrink-0":"InhTYOgC9dF8dQSb1MLY","flex-md-shrink-1":"OqqmkSrciAjIMRn4zhht","justify-content-md-start"
Source: Reader_Install_Setup.exe String found in binary or memory: "hkIpV6klVOwAo752VSvr","justify-content-md-end":"eLk5KmeziN3FG_ZvWUbk","justify-content-md-center":"wx9l9CrohZahb5XLMrGW","justify-content-md-between":"ysWVT3V793_xoLXozo0y","justify-content-md-around":"cCZYopTiajqBE6zSF4mb","align-items-md-start":"THpMIn_rv9g
Source: Reader_Install_Setup.exe String found in binary or memory: J1zTlRSw","align-items-md-end":"GDHTGrjlGD0S0f1_DiJ5","align-items-md-center":"wtOokl2f_oejiBt8WE_w","align-items-md-baseline":"RZpDrGEVofFZ2OwqC2qL","align-items-md-stretch":"wekS_MR1HkGU6Ej1xqxk","align-content-md-start":"LkRjjQuLuuq2HISiPqJR","align-content
Source: Reader_Install_Setup.exe String found in binary or memory: -flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n -ms-flex-pack: justify;\r\n justify-content: space-between;\r\n padding: 1rem 1rem;\r\n border-bottom: 1px solid #dee2e6;\r\n border-top-left-radius: calc(0.3rem -
Source: Reader_Install_Setup.exe String found in binary or memory: z26TjBddI4","align-self-md-start":"xTvlYZBtMd3hxVUw0G1S","align-self-md-end":"fZE3fFOWzrNpoqLg33AU","align-self-md-center":"R1In6pl7PW91BoY3krKQ","align-self-md-baseline":"J1mijNk_O5u2_BNY_hz0","align-self-md-stretch":"NAXMdJmeSI56lhqzCE60","flex-lg-row":"mj9d
Source: Reader_Install_Setup.exe String found in binary or memory: vvlXn96uf7yGf1tR {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .PoT2qU4sMKBleURcc2cJ {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .AVIeQzlddzrtDxIBXkKd {
Source: Reader_Install_Setup.exe String found in binary or memory: w99NEZmcvYy","flex-lg-fill":"HKtXJhwNMeSoCd3MgKGQ","flex-lg-grow-0":"dvvTGp7Qb5VsoLexKoAj","flex-lg-grow-1":"MF9RSy7GVU0ZJs8Gio4O","flex-lg-shrink-0":"lPtuBlsAx25tEyrdPW0j","flex-lg-shrink-1":"smDQGRg_vRvZ1zTRxO2O","justify-content-lg-start":"hz1rXkTClh20Fh5LF
Source: Reader_Install_Setup.exe String found in binary or memory: ex-pack: distribute !important;\r\n justify-content: space-around !important;\r\n }\r\n .fJTv_QJTsr6EO2H1q4V3 {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .w8v8i3VE57doJW3WhKMD {\r\n -ms-flex-align:
Source: Reader_Install_Setup.exe String found in binary or memory: 5h","justify-content-lg-end":"mXqDCUtaC_JMHMad0ZwV","justify-content-lg-center":"qOrqtkCp3ivHw7SVfILq","justify-content-lg-between":"LdfUwIH0FNecJPWWPrg1","justify-content-lg-around":"nVtckCgiojWEvbI_02td","align-items-lg-start":"SkBdZQ4j6W8eEExZe0hD","align-i
Source: Reader_Install_Setup.exe String found in binary or memory: ems-lg-end":"WAJbhUQHN23bq7qy5Sn4","align-items-lg-center":"kd6x9h_3ZymIzA4bgzN7","align-items-lg-baseline":"KO8aNPXTLKYLQxI6em9l","align-items-lg-stretch":"Km2Za0W8caH7Y94_8Cii","align-content-lg-start":"W43tG1Sz8VgKlzT3ABdI","align-content-lg-end":"jl0mwv_1I
Source: Reader_Install_Setup.exe String found in binary or memory: self-lg-start":"G9A3tlQ35wA03mx2tzqx","align-self-lg-end":"eLScPzCVVKub71kFSTo6","align-self-lg-center":"AjPsmeBDtyK_yy_tIXdq","align-self-lg-baseline":"tEiZrAGTU4ltRxVsQYja","align-self-lg-stretch":"zM8DoQ0E3PzQ1e4NdlbO","flex-xl-row":"xiURbQvawKtv3lpRx8BS","
Source: Reader_Install_Setup.exe String found in binary or memory: o=e.n(t),a=e(2312),i=e.n(a)()(o());i.push([r.id,".h3prVibJIx6xMWozlLvS{\r\n display: flex;\r\n flex-direction: row;\r\n flex-wrap: nowrap;\r\n align-content: flex-end;\r\n justify-content: flex-start;\r\n align-items: flex-end;\r\n}",""]),i.l
Source: Reader_Install_Setup.exe String found in binary or memory: xl-fill":"kGKaQXNtKVolETkb6VY_","flex-xl-grow-0":"NeShcrAZ5y_hpxB1Krrg","flex-xl-grow-1":"ysC1kPY5k3OAcyOOrAZF","flex-xl-shrink-0":"c7DdFRyXaVXxSNLm96SA","flex-xl-shrink-1":"vVfhGb47ZI1vy9SKdLAy","justify-content-xl-start":"EMKOqdcLxlLCtgNKAVN9","justify-conte
Source: Reader_Install_Setup.exe String found in binary or memory: YDHEA6tQXlGqaKw7jz {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .uq0dyk4fScobfEBVnATd {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .UpE4hJfsUm5TuZtTZv
Source: Reader_Install_Setup.exe String found in binary or memory: t-xl-end":"y9ejXHhttjAEgovYXYMU","justify-content-xl-center":"COPRSpy9kETB_SZQ4smx","justify-content-xl-between":"mYnlm8yqHdRJ8jWo0Ula","justify-content-xl-around":"SRf5p8hsCyhBY1KbbllG","align-items-xl-start":"AwPLyaWsRJ3kVfxTYAKZ","align-items-xl-end":"JLhQy
Source: Reader_Install_Setup.exe String found in binary or memory: 9YeJ2Xzm4rGI0o","align-items-xl-center":"TnX6CLfh8vo_Q_DeYU2g","align-items-xl-baseline":"VtD1JQ5GGSN55msvqOuH","align-items-xl-stretch":"r3SPzoMrEJe9HyIuwWCJ","align-content-xl-start":"kaIxRiZtzxK_YyZMBHo_","align-content-xl-end":"l1QG33TebFm8kJRTmnh7","align
Source: Reader_Install_Setup.exe String found in binary or memory: content-xl-center":"MV4EN51PwhHoa9MTCThc","align-content-xl-between":"ch_UlL0T5dkZlpBCGf6z","align-content-xl-around":"qeeJg8mLhC36_AtZhgPi","align-content-xl-stretch":"VnQjhwHZwYkSNDH0IDLS","align-self-xl-auto":"f6I_MfERc6Cd5U2cvKdb","align-self-xl-start":"Pa
Source: Reader_Install_Setup.exe String found in binary or memory: -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .eLk5KmeziN3FG_ZvWUbk {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .wx9l9CrohZahb5XLMrGW {\r\n -ms-flex-pack:
Source: Reader_Install_Setup.exe String found in binary or memory: portant;\r\n justify-content: space-around !important;\r\n }\r\n .THpMIn_rv9gXJ1zTlRSw {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .GDHTGrjlGD0S0f1_DiJ5 {\r\n -ms-flex-align: end !important;\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: //launchReader
Source: Reader_Install_Setup.exe String found in binary or memory: //launchAcrobat
Source: Reader_Install_Setup.exe String found in binary or memory: //launchReaderSAPP
Source: Reader_Install_Setup.exe String found in binary or memory: mportant;\r\n }\r\n .wekS_MR1HkGU6Ej1xqxk {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .LkRjjQuLuuq2HISiPqJR {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: https://helpx.adobe.com/acrobat/kb/download-64-bit-installer.html
Source: Reader_Install_Setup.exe String found in binary or memory: n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .fZE3fFOWzrNpoqLg33AU {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .R1In6pl7PW91BoY3krKQ {\r\n -ms-flex-it
Source: Reader_Install_Setup.exe String found in binary or memory: !important;\r\n justify-content: flex-start !important;\r\n }\r\n .mXqDCUtaC_JMHMad0ZwV {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .qOrqtkCp3ivHw7SVfILq {\r\n -ms-flex-pack: center !important;\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: -content: space-around !important;\r\n }\r\n .SkBdZQ4j6W8eEExZe0hD {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .WAJbhUQHN23bq7qy5Sn4 {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !
Source: Reader_Install_Setup.exe String found in binary or memory: Km2Za0W8caH7Y94_8Cii {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .W43tG1Sz8VgKlzT3ABdI {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .jl0mwv_1IlwXKTH
Source: Reader_Install_Setup.exe String found in binary or memory: lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffs
Source: Reader_Install_Setup.exe String found in binary or memory: Congratulations": { "message": "Gratulerer!" }, "ActionList_Verify": { "message": "Verifiserer installasjon ..." }, "ActionList_ErrorUpdateMessage": { "message": "Kommandolinjeargumentet -installasjonsprogram kreves, men er ikke oppg
Source: Reader_Install_Setup.exe String found in binary or memory: n: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .eLScPzCVVKub71kFSTo6 {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .AjPsmeBDtyK_yy_tIXdq {\r\n -ms-flex-item-align: center !impor
Source: Reader_Install_Setup.exe String found in binary or memory: stify-content: flex-start !important;\r\n }\r\n .y9ejXHhttjAEgovYXYMU {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .COPRSpy9kETB_SZQ4smx {\r\n -ms-flex-pack: center !important;\r\n justify-content: ce
Source: Reader_Install_Setup.exe String found in binary or memory: !important;\r\n }\r\n .AwPLyaWsRJ3kVfxTYAKZ {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .JLhQyJ9YeJ2Xzm4rGI0o {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n }\r\n
Source: Reader_Install_Setup.exe String found in binary or memory: ft..." }, "ActionList_ErrorUpdateMessage": { "message": "Das Befehlszeilenargument -installer muss angegeben werden." }, "ActionList_AlreadyExists": { "message": "Die Anwendung ist bereits installiert." }, "ActionList_Comp
Source: Reader_Install_Setup.exe String found in binary or memory: \r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .kaIxRiZtzxK_YyZMBHo_ {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .l1QG33TebFm8kJRTmnh7 {\r\n -ms-fle
Source: Reader_Install_Setup.exe String found in binary or memory: \n align-self: flex-start !important;\r\n }\r\n .gvNgooS8lRGqBrL8T2NG {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .hd7N4PctGEIBBTckCPnz {\r\n -ms-flex-item-align: center !important;\r\n align-sel
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe File read: C:\Users\user\Desktop\Reader_Install_Setup.exe Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32 Jump to behavior
Source: Reader_Install_Setup.exe Static PE information: certificate valid
Source: Reader_Install_Setup.exe Static file information: File size 1445432 > 1048576
Source: Reader_Install_Setup.exe Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x159200
Source: Reader_Install_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0070DE50 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, 0_2_0070DE50
PE file contains an invalid checksum
Source: Reader_Install_Setup.exe Static PE information: real checksum: 0x16cd57 should be: 0x166b71
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0049FAEC push ecx; ret 0_2_0049FAFF
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_080651F3 pushad ; iretd 0_2_080651F6
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0970D590 pushfd ; ret 0_2_0970D591
Source: initial sample Static PE information: section name: UPX0
Source: initial sample Static PE information: section name: UPX1
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 3520000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 36D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 43B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 43D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 7F60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 8000000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 8020000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9750000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 97B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9850000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 98B0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9910000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9990000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 99D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9A10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9AD0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9AF0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9B10000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9B40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9B60000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9C80000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9CC0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9D40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 7F40000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 91F0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9210000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9470000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 94E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9500000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9520000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: A1A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 95B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: A2A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9810000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 98D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 99B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: B5A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: B5C0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: B960000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: BD00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 95D0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 9630000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 1350000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: 1370000 memory commit | memory reserve | memory write watch Jump to behavior
Found evaded block containing many API calls
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003393E0 GetFileAttributesW,PathFileExistsW,PathIsDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,RemoveDirectoryW, 0_2_003393E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00344620 PathIsDirectoryW,GetFileAttributesW,GetLastError,FindFirstFileW,FindNextFileW,GetLastError,FindClose,DeleteFileW,DeleteFileW,RemoveDirectoryW,RemoveDirectoryW,FindClose,GetLastError, 0_2_00344620
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004A067B VirtualQuery,GetSystemInfo, 0_2_004A067B
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWL
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWpxN
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004A6EB1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_004A6EB1
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00358331 OutputDebugStringA,GetLastError, 0_2_00358331
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0070DE50 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect, 0_2_0070DE50
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004C4A24 mov eax, dword ptr fs:[00000030h] 0_2_004C4A24
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004B6F6C mov ecx, dword ptr fs:[00000030h] 0_2_004B6F6C
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_0049F624 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0049F624
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004A6EB1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_004A6EB1
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Memory allocated: page read and write | page guard Jump to behavior
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002EDB00 GetModuleFileNameW,GetVersionExW,ShellExecuteExW,CloseHandle, 0_2_002EDB00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002E95A0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid, 0_2_002E95A0
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetModuleHandleW,GetProcAddress,RtlEncodePointer,RtlDecodePointer,GetLocaleInfoEx,GetLocaleInfoW, 0_2_0036D567
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetACP,IsValidCodePage,GetLocaleInfoW, 0_2_004C9387
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW, 0_2_004C9582
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: EnumSystemLocalesW, 0_2_004C9674
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: EnumSystemLocalesW, 0_2_004C9629
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: EnumSystemLocalesW, 0_2_004C26F3
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: EnumSystemLocalesW, 0_2_004C970F
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 0_2_004C979A
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW, 0_2_004C99ED
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 0_2_004C9B16
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW, 0_2_004C9C1C
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 0_2_004C9CEB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: GetLocaleInfoW, 0_2_004C2CB0
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Users\user\Desktop\Reader_Install_Setup.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_00330FE0 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlEnterCriticalSection,RtlLeaveCriticalSection,CreateFileW,Sleep,CreateFileW,CreateNamedPipeW,CreateNamedPipeW,ConnectNamedPipe,GetLastError,GetLastError,Sleep,GetLastError,RtlLeaveCriticalSection,ConnectNamedPipe,GetLastError,GetLastError,GetLastError,GetLastError,CreateThread,RtlLeaveCriticalSection,RtlLeaveCriticalSection,RtlLeaveCriticalSection, 0_2_00330FE0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_003404D0 GetLocalTime,GetTimeFormatW,GetDateFormatW, 0_2_003404D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_004C51D9 GetTimeZoneInformation, 0_2_004C51D9
Source: C:\Users\user\Desktop\Reader_Install_Setup.exe Code function: 0_2_002DEE50 GetVersionExW,GetModuleFileNameW,PathRemoveFileSpecW,PathFileExistsW,GetModuleHandleW,GetProcAddress,GetSystemWindowsDirectoryW,SetDllDirectoryW,LoadLibraryW,PathIsDirectoryW,LoadLibraryW,LoadLibraryW,6F5433E0,CommandLineToArgvW,__Init_thread_footer,__Init_thread_footer,SHCreateDirectoryExW,GetLastError,WaitForSingleObject,TerminateThread,CloseHandle,LoadIconW,FreeLibrary, 0_2_002DEE50
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1391064 Sample: Reader_Install_Setup.exe Startdate: 12/02/2024 Architecture: WINDOWS Score: 7 4 Reader_Install_Setup.exe 34 2->4         started       
No contacted IP infos