Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Reader_Install_Setup.exe

Overview

General Information

Sample name:Reader_Install_Setup.exe
Analysis ID:1391064
MD5:f543b65c504c5d548e6005f2cba5ddb6
SHA1:b5484f2abd286c49360077ae18fa1f0fcdc77900
SHA256:9fd5d542f797d9dc630738d7c1b803d34bc0bab593c8d992f9a159ac0a28b276
Infos:

Detection

Score:7
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Found evaded block containing many API calls
Found potential string decryption / allocating functions
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
  • System is w10x64
  • Reader_Install_Setup.exe (PID: 7420 cmdline: C:\Users\user\Desktop\Reader_Install_Setup.exe MD5: F543B65C504C5D548E6005F2CBA5DDB6)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Reader_Install_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Reader_Install_Setup.exeStatic PE information: certificate valid
Source: Reader_Install_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003393E0 GetFileAttributesW,PathFileExistsW,PathIsDirectoryW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_003393E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00344620 PathIsDirectoryW,GetFileAttributesW,GetLastError,FindFirstFileW,FindNextFileW,GetLastError,FindClose,DeleteFileW,DeleteFileW,RemoveDirectoryW,RemoveDirectoryW,FindClose,GetLastError,0_2_00344620
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Reader_Install_Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Reader_Install_Setup.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E59000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1675262282.0000000007E4C000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912917971.0000000009E58000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017704
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1680102941.000000000413D000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1679761273.000000000413D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000017704R
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2914228623.000000000ACC2000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: Reader_Install_Setup.exe, 00000000.00000002.2901308172.0000000004138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://typekit.com/eulas/000000000000000000017706(v(
Source: Reader_Install_Setup.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1670096819.0000000007E09000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/)
Source: Reader_Install_Setup.exeString found in binary or memory: https://github.com/Fin
Source: Reader_Install_Setup.exe, 00000000.00000003.1663642057.0000000004141000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905428102.0000000007FBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Financial-Times/polyfill-service/issues/317
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000003.1663575978.0000000004155000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2909468149.0000000009AF0000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1669764842.0000000009DD4000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.2442597818.0000000009520000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drString found in binary or memory: https://mths.be/array-from
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000620000.00000040.00000001.01000000.00000003.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905958294.00000000080AB000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1661843913.00000000080A7000.00000004.00000020.00020000.00000000.sdmp, 231[1].0.drString found in binary or memory: https://mths.be/array-of
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/V
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903903113.0000000007F0D000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://p.typekit.net/p.gif
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p.typekit.net/p.gif?s=1&k=bxf0ivf&ht=tk&h=C%3A%5CUsers%5Cuser%5CDesktop%5CReader_Install_Se
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2902258068.0000000005040000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000146F000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2896650324.0000000000579000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rdc.adobe.io/adm/actionList
Source: Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.drString found in binary or memory: https://rdc.adobe.io/adm/actionList?installerName=readerdc64_en_ha_install.exe&defaultInstallerName=
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/analytics/events
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E4B000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007E7B000.00000004.00000020.00020000.00000000.sdmp, Adobe_ADM.log.0.drString found in binary or memory: https://rdc.adobe.io/analytics/events?UniqueId=46AAA59F-2AE3-4072-9622-61163E17181B&abbr=rdr&admErro
Source: Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://rdc.adobe.io/analytics/eventsanalyticstestWorkflowApplication
Source: Reader_Install_Setup.exe, 00000000.00000002.2912796622.0000000009DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rdc.adobe.io/w
Source: Reader_Install_Setup.exeString found in binary or memory: https://reactjs.org/docs/err
Source: Reader_Install_Setup.exe, 00000000.00000003.1676080029.0000000007D21000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2911197588.0000000009C76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: Reader_Install_Setup.exe, 00000000.00000003.1663276754.00000000092DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=arguments.length
Source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfills
Source: Reader_Install_Setup.exe, 00000000.00000002.2911755940.0000000009D0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfillsThis
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfillsn.unstable_shouldYieldn.unstable_forceFrameRate
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/T
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.00000000055E3000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2905100153.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp, bxf0ivf[1].js.0.drString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/a?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/d?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903093855.0000000007D00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=0635fba006f1437d962ae878ad04a
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2899455039.0000000003568000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2900577435.00000000036A3000.00000004.00000800.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001418000.00000004.00000020.00020000.00000000.sdmp, Reader_Install_Setup.exe, 00000000.00000002.2903252619.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, 160[1].0.drString found in binary or memory: https://use.typekit.net/bxf0ivf.js
Source: Reader_Install_Setup.exe, 00000000.00000002.2902316987.0000000005601000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.js#
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.0000000001484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsEvent1256
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsL
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.000000000144F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.js_Install_Setup.exe/160C959/
Source: Reader_Install_Setup.exe, 00000000.00000002.2911694624.0000000009D00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsinitErrorMultipleInstanceRunningI
Source: Reader_Install_Setup.exe, 00000000.00000002.2898087056.00000000014DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsn
Source: Reader_Install_Setup.exe, 00000000.00000003.1663237896.00000000092F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bxf0ivf.jsn.type
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003251200_2_00325120
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E41700_2_002E4170
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FD2400_2_002FD240
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E12E00_2_002E12E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003213D00_2_003213D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003124100_2_00312410
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FC7B00_2_002FC7B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003207D00_2_003207D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F99100_2_002F9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031F9700_2_0031F970
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003229500_2_00322950
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DEE500_2_002DEE50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00323F000_2_00323F00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00306F900_2_00306F90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002ED0000_2_002ED000
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DB0400_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003140900_2_00314090
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003100C00_2_003100C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D10D00_2_002D10D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004B51500_2_004B5150
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004B31730_2_004B3173
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004AB11B0_2_004AB11B
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EE1E00_2_002EE1E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031E1C00_2_0031E1C0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003022000_2_00302200
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004BD22A0_2_004BD22A
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003372E00_2_003372E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032C3000_2_0032C300
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031B3600_2_0031B360
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030F3E00_2_0030F3E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EF4300_2_002EF430
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F25000_2_002F2500
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F45700_2_002F4570
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032B5B00_2_0032B5B0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003446200_2_00344620
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004C16610_2_004C1661
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032E6000_2_0032E600
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002FF7200_2_002FF720
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031C7100_2_0031C710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D97100_2_002D9710
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003437400_2_00343740
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004D07E00_2_004D07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032D7F00_2_0032D7F0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F07E00_2_002F07E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003387E00_2_003387E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002D87D00_2_002D87D0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003518400_2_00351840
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F38500_2_002F3850
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004A58E00_2_004A58E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003069A00_2_003069A0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030E9900_2_0030E990
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003419800_2_00341980
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003529E00_2_003529E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0033CA300_2_0033CA30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030CA000_2_0030CA00
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00325A600_2_00325A60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0030BA400_2_0030BA40
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_003ABABB0_2_003ABABB
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00312AA00_2_00312AA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00335AF00_2_00335AF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00327BA00_2_00327BA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002F1C200_2_002F1C20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032BCA00_2_0032BCA0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002EFC800_2_002EFC80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00314CF00_2_00314CF0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0034CCE00_2_0034CCE0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032AD300_2_0032AD30
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00302D100_2_00302D10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00328D600_2_00328D60
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00338D900_2_00338D90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004AAD8D0_2_004AAD8D
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0031EDD00_2_0031EDD0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0032CE700_2_0032CE70
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_004CCE0F0_2_004CCE0F
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00326E800_2_00326E80
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00305ED00_2_00305ED0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00315F200_2_00315F20
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_00329F100_2_00329F10
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DCF500_2_002DCF50
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DDF900_2_002DDF90
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0049FB1E appears 56 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DBB40 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DBE30 appears 128 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0033D100 appears 47 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 0049FC00 appears 44 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DC370 appears 97 times
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: String function: 002DC400 appears 87 times
Source: Reader_Install_Setup.exeStatic PE information: Resource name: PNG type: DOS executable (COM, 0x8C-variant)
Source: Reader_Install_Setup.exe, 00000000.00000000.1642519353.000000000070F000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exe, 00000000.00000002.2897660493.000000000070F000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: Reader_Install_Setup.exeBinary or memory string: OriginalFilenameAdobe Download ManagerN vs Reader_Install_Setup.exe
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: oleaccrc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: pgpmapih.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeSection loaded: windowscodecs.dllJump to behavior
Source: Reader_Install_Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: clean7.winEXE@1/13@0/0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E9910 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,OpenProcess,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_002E9910
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002DB040 GetDiskFreeSpaceExW,GetDiskFreeSpaceExW,GetLogicalDrives,0_2_002DB040
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_002E03E0 FindResourceW,LoadResource,LockResource,SizeofResource,0_2_002E03E0
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile created: C:\Users\user\AppData\Local\Adobe\FC8E3F82-914E-4939-8222-C31F7BB4E7DEJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Adobe_ADM.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeMutant created: \Sessions\1\BaseNamedObjects\Adobe_GDE.log
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile created: C:\Users\user\AppData\Local\Temp\Adobe_ADMLogsJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Reader_Install_Setup.exeString found in binary or memory: che Fertig stellen und starten Sie den Installationsvorgang neu." }, "invalidSKU": { "message": "Das {0}-Installationsprogramm ist veraltet oder eine Datei wurde umbenannt. Klicken Sie auf Fertig stellen, um das aktuelle Installa
Source: Reader_Install_Setup.exeString found in binary or memory: 84ydtiU3il6ry9nY {\r\n -webkit-animation: none;\r\n animation: none;\r\n }\r\n}\r\n\r\n.W6C_Cm_0CSNW7ljg2Y9l {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n}\r\n\r\n.xyiYCq7vZX3AEsLK_h4t {\r
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/waitForCompletion
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/launchProcessGuid
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/arguments/argument
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/launchPath
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/returnCode
Source: Reader_Install_Setup.exeString found in binary or memory: /launchParams/errorCode
Source: Reader_Install_Setup.exeString found in binary or memory: rrorUpdateMessage": { "message": " -installer " }, "ActionList_AlreadyExists": { "message": "" }, "ActionList_Complete": {
Source: Reader_Install_Setup.exeString found in binary or memory: -pack: start;\r\n justify-content: flex-start;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .bCwZiTNFMMbBWr3jcpcC .UdZ9h4yDyt7zzl_efcFz .WNvdx4uqUWtr9A7ET3s8 {\r\n posit
Source: Reader_Install_Setup.exeString found in binary or memory: /install/arguments/argument
Source: Reader_Install_Setup.exeString found in binary or memory: /install/progressWaitLimit
Source: Reader_Install_Setup.exeString found in binary or memory: /install/returnCodes/returnCode
Source: Reader_Install_Setup.exeString found in binary or memory: /install/progressWaitTime
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n .yZVqwct25RQtg_rJyphu {\r\n -ms-flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .yZVqwct25RQtg_rJyphu .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex
Source: Reader_Install_Setup.exeString found in binary or memory: 5GF_bATvy {\r\n z-index: 1;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw {\r\n display: -ms-flexbox;\r\n display: flex;\r\n -ms-flex-wrap: wrap;\r\n flex-wrap: wrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.zL1_mT_7fs5uZHMuZ2nw .c1Sk
Source: Reader_Install_Setup.exeString found in binary or memory: rt;\r\n align-items: flex-start;\r\n -ms-flex-pack: center;\r\n justify-content: center;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI26_236LLhD2moOSicV,\r\n.KreO5lkqzKRYE6kMOpU8 > .znKiFK8BtK3Ryz9nqB1f {\r\n width: 100%;\r\n}\r\n\r\n.KreO5lkqzKRYE6kMOpU8 > .SI2
Source: Reader_Install_Setup.exeString found in binary or memory: flex-flow: row nowrap;\r\n flex-flow: row nowrap;\r\n -ms-flex-pack: start;\r\n justify-content: flex-start;\r\n }\r\n .HR7PgL6swGh5IOFzTcX2 .UdZ9h4yDyt7zzl_efcFz {\r\n -ms-flex-direction: row;\r\n flex-direction: row;\r\n }\r\n .HR7PgL6swGh
Source: Reader_Install_Setup.exeString found in binary or memory: Adobe Acrobat" }, "Congratulations": { "message": "Onnittelut" }, "ActionList_Verify": { "message": "Tarkistetaan asennusta..." }, "ActionList_ErrorUpdateMessage": { "message": "Komentoriviargumentti -installer vaaditaan, mutt
Source: Reader_Install_Setup.exeString found in binary or memory: "Congratulations": { "message": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided."
Source: Reader_Install_Setup.exeString found in binary or memory: ms-flex-pack: start;\r\n justify-content: flex-start;\r\n}\r\n\r\n.q2Zc28XrMrY0gB3RKQXQ > .P9ttp5CfYv4K8NwPCfAS,\r\n.q2Zc28XrMrY0gB3RKQXQ > .m8oOHyBtRiyoCu3QS5_q, .q2Zc28XrMrY0gB3RKQXQ > .uTTRfMaOKj_KeT7DYxKx, .q2Zc28XrMrY0gB3RKQXQ > .iJvWw3vT2QR1DLdPDvu3, .q
Source: Reader_Install_Setup.exeString found in binary or memory: r\n\r\n.sSYTlm_fbXuMQ2nOLx0w {\r\n -ms-flex-negative: 1 !important;\r\n flex-shrink: 1 !important;\r\n}\r\n\r\n.DASZHkth1o5IOMZyhTDx {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n}\r\n\r\n.LAWb7Cbf0N5DYoYZseWF {\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: flex-shrink-0":"on8QKWtR02qa9o9le_l4","flex-shrink-1":"sSYTlm_fbXuMQ2nOLx0w","justify-content-start":"DASZHkth1o5IOMZyhTDx","justify-content-end":"LAWb7Cbf0N5DYoYZseWF","justify-content-center":"FXBomI8D0oPm5hc8wxwA","justify-content-between":"wcoUwDW3XLAvF5XE
Source: Reader_Install_Setup.exeString found in binary or memory: f_0","justify-content-around":"YZxKsrbvidFu366yCv8k","align-items-start":"kzhaT0Oba_fChd17ICcv","align-items-end":"DfrSF9G_NhJxaBrTyI9E","align-items-center":"T2gjS8V2_aCimczn_mvA","align-items-baseline":"wvV162mt8CM64dJRJC_K","align-items-stretch":"uwleunsKzY
Source: Reader_Install_Setup.exeString found in binary or memory: essage": "Congratulations" }, "ActionList_Verify": { "message": "Verifying install..." }, "ActionList_ErrorUpdateMessage": { "message": "The command line argument -installer is required but not provided." }, "ActionList_AlreadyExist
Source: Reader_Install_Setup.exeString found in binary or memory: oW2nYlOE4","align-content-start":"Ux_l3vTkayi2Nq7VsaVG","align-content-end":"NeoGktt2uqAOkIls2tkD","align-content-center":"kFFYrbLbLECA7hshfgB4","align-content-between":"_ovIEpiGXhGpst7ciRVY","align-content-around":"lkHcf3zkijisAIDcTRgA","align-content-stretch
Source: Reader_Install_Setup.exeString found in binary or memory: ign-items: flex-start !important;\r\n}\r\n\r\n.DfrSF9G_NhJxaBrTyI9E {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n}\r\n\r\n.T2gjS8V2_aCimczn_mvA {\r\n -ms-flex-align: center !important;\r\n align-items: center !important;\r
Source: Reader_Install_Setup.exeString found in binary or memory: \n justify-content: flex-start;\r\n align-items: flex-end;\r\n}\r\n\r\n.IDKVSl_h7I8AUkTJyJZR{\r\n color:#505050;\r\n margin-left: auto;\r\n}\r\n\r\n.mdye5L_d5nxHhgXOJzOl {\r\n background-color: #2680eb\r\n}\r\n\r\n.uA6xPsp_APEYTCYzQpAm {\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: :"NEedZEkDvapuuRM76fDm","align-self-auto":"HZJOrTsRFta7TuRD5mLC","align-self-start":"OcYm86Cu28Oe4t9OrHGy","align-self-end":"Wie7fqOQFV_ARe1Jw09R","align-self-center":"M8kCN1fgOGwZVFJ3wLAX","align-self-baseline":"JItXRBa5bZTWWkWA6xmX","align-self-stretch":"B36
Source: Reader_Install_Setup.exeString found in binary or memory: VG {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n}\r\n\r\n.NeoGktt2uqAOkIls2tkD {\r\n -ms-flex-line-pack: end !important;\r\n align-content: flex-end !important;\r\n}\r\n\r\n.kFFYrbLbLECA7hshfgB4 {\r\n -ms-flex-l
Source: Reader_Install_Setup.exeString found in binary or memory: -content-sm-start":"B5btvvlXn96uf7yGf1tR","justify-content-sm-end":"PoT2qU4sMKBleURcc2cJ","justify-content-sm-center":"AVIeQzlddzrtDxIBXkKd","justify-content-sm-between":"ivJwQA579UzEbjI7CkZ_","justify-content-sm-around":"z68IWjEqXuP67bRb8eEp","align-items-sm-
Source: Reader_Install_Setup.exeString found in binary or memory: tart":"fJTv_QJTsr6EO2H1q4V3","align-items-sm-end":"w8v8i3VE57doJW3WhKMD","align-items-sm-center":"xPBnP81DTQHre7ixEe_q","align-items-sm-baseline":"Fv8YCtye3D9Er3k3sYNM","align-items-sm-stretch":"V6bazQgwJb2yoGr1NWeW","align-content-sm-start":"WLLVW2mH0bVmfnnPL
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n align-self: auto !important;\r\n}\r\n\r\n.OcYm86Cu28Oe4t9OrHGy {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n}\r\n\r\n.Wie7fqOQFV_ARe1Jw09R {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !
Source: Reader_Install_Setup.exeString found in binary or memory: m-auto":"IzdFJiZ2UCQMY9aGg_QA","align-self-sm-start":"iiYDHEA6tQXlGqaKw7jz","align-self-sm-end":"uq0dyk4fScobfEBVnATd","align-self-sm-center":"UpE4hJfsUm5TuZtTZvsv","align-self-sm-baseline":"e4_Oxc7RitQH_sjNSulu","align-self-sm-stretch":"k3cpKukN1yqN0o_bwWbO",
Source: Reader_Install_Setup.exeString found in binary or memory: reverse":"vy8MgiufjANaWTk_ZwWQ","flex-md-fill":"Oew_loBO0_dkmOrnii5w","flex-md-grow-0":"suF3M9_Dg1jwPDHryUtV","flex-md-grow-1":"NgldPqvt9DiqtAbphcRj","flex-md-shrink-0":"InhTYOgC9dF8dQSb1MLY","flex-md-shrink-1":"OqqmkSrciAjIMRn4zhht","justify-content-md-start"
Source: Reader_Install_Setup.exeString found in binary or memory: "hkIpV6klVOwAo752VSvr","justify-content-md-end":"eLk5KmeziN3FG_ZvWUbk","justify-content-md-center":"wx9l9CrohZahb5XLMrGW","justify-content-md-between":"ysWVT3V793_xoLXozo0y","justify-content-md-around":"cCZYopTiajqBE6zSF4mb","align-items-md-start":"THpMIn_rv9g
Source: Reader_Install_Setup.exeString found in binary or memory: J1zTlRSw","align-items-md-end":"GDHTGrjlGD0S0f1_DiJ5","align-items-md-center":"wtOokl2f_oejiBt8WE_w","align-items-md-baseline":"RZpDrGEVofFZ2OwqC2qL","align-items-md-stretch":"wekS_MR1HkGU6Ej1xqxk","align-content-md-start":"LkRjjQuLuuq2HISiPqJR","align-content
Source: Reader_Install_Setup.exeString found in binary or memory: -flexbox;\r\n display: flex;\r\n -ms-flex-align: start;\r\n align-items: flex-start;\r\n -ms-flex-pack: justify;\r\n justify-content: space-between;\r\n padding: 1rem 1rem;\r\n border-bottom: 1px solid #dee2e6;\r\n border-top-left-radius: calc(0.3rem -
Source: Reader_Install_Setup.exeString found in binary or memory: z26TjBddI4","align-self-md-start":"xTvlYZBtMd3hxVUw0G1S","align-self-md-end":"fZE3fFOWzrNpoqLg33AU","align-self-md-center":"R1In6pl7PW91BoY3krKQ","align-self-md-baseline":"J1mijNk_O5u2_BNY_hz0","align-self-md-stretch":"NAXMdJmeSI56lhqzCE60","flex-lg-row":"mj9d
Source: Reader_Install_Setup.exeString found in binary or memory: vvlXn96uf7yGf1tR {\r\n -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .PoT2qU4sMKBleURcc2cJ {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .AVIeQzlddzrtDxIBXkKd {
Source: Reader_Install_Setup.exeString found in binary or memory: w99NEZmcvYy","flex-lg-fill":"HKtXJhwNMeSoCd3MgKGQ","flex-lg-grow-0":"dvvTGp7Qb5VsoLexKoAj","flex-lg-grow-1":"MF9RSy7GVU0ZJs8Gio4O","flex-lg-shrink-0":"lPtuBlsAx25tEyrdPW0j","flex-lg-shrink-1":"smDQGRg_vRvZ1zTRxO2O","justify-content-lg-start":"hz1rXkTClh20Fh5LF
Source: Reader_Install_Setup.exeString found in binary or memory: ex-pack: distribute !important;\r\n justify-content: space-around !important;\r\n }\r\n .fJTv_QJTsr6EO2H1q4V3 {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .w8v8i3VE57doJW3WhKMD {\r\n -ms-flex-align:
Source: Reader_Install_Setup.exeString found in binary or memory: 5h","justify-content-lg-end":"mXqDCUtaC_JMHMad0ZwV","justify-content-lg-center":"qOrqtkCp3ivHw7SVfILq","justify-content-lg-between":"LdfUwIH0FNecJPWWPrg1","justify-content-lg-around":"nVtckCgiojWEvbI_02td","align-items-lg-start":"SkBdZQ4j6W8eEExZe0hD","align-i
Source: Reader_Install_Setup.exeString found in binary or memory: ems-lg-end":"WAJbhUQHN23bq7qy5Sn4","align-items-lg-center":"kd6x9h_3ZymIzA4bgzN7","align-items-lg-baseline":"KO8aNPXTLKYLQxI6em9l","align-items-lg-stretch":"Km2Za0W8caH7Y94_8Cii","align-content-lg-start":"W43tG1Sz8VgKlzT3ABdI","align-content-lg-end":"jl0mwv_1I
Source: Reader_Install_Setup.exeString found in binary or memory: self-lg-start":"G9A3tlQ35wA03mx2tzqx","align-self-lg-end":"eLScPzCVVKub71kFSTo6","align-self-lg-center":"AjPsmeBDtyK_yy_tIXdq","align-self-lg-baseline":"tEiZrAGTU4ltRxVsQYja","align-self-lg-stretch":"zM8DoQ0E3PzQ1e4NdlbO","flex-xl-row":"xiURbQvawKtv3lpRx8BS","
Source: Reader_Install_Setup.exeString found in binary or memory: o=e.n(t),a=e(2312),i=e.n(a)()(o());i.push([r.id,".h3prVibJIx6xMWozlLvS{\r\n display: flex;\r\n flex-direction: row;\r\n flex-wrap: nowrap;\r\n align-content: flex-end;\r\n justify-content: flex-start;\r\n align-items: flex-end;\r\n}",""]),i.l
Source: Reader_Install_Setup.exeString found in binary or memory: xl-fill":"kGKaQXNtKVolETkb6VY_","flex-xl-grow-0":"NeShcrAZ5y_hpxB1Krrg","flex-xl-grow-1":"ysC1kPY5k3OAcyOOrAZF","flex-xl-shrink-0":"c7DdFRyXaVXxSNLm96SA","flex-xl-shrink-1":"vVfhGb47ZI1vy9SKdLAy","justify-content-xl-start":"EMKOqdcLxlLCtgNKAVN9","justify-conte
Source: Reader_Install_Setup.exeString found in binary or memory: YDHEA6tQXlGqaKw7jz {\r\n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .uq0dyk4fScobfEBVnATd {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .UpE4hJfsUm5TuZtTZv
Source: Reader_Install_Setup.exeString found in binary or memory: t-xl-end":"y9ejXHhttjAEgovYXYMU","justify-content-xl-center":"COPRSpy9kETB_SZQ4smx","justify-content-xl-between":"mYnlm8yqHdRJ8jWo0Ula","justify-content-xl-around":"SRf5p8hsCyhBY1KbbllG","align-items-xl-start":"AwPLyaWsRJ3kVfxTYAKZ","align-items-xl-end":"JLhQy
Source: Reader_Install_Setup.exeString found in binary or memory: 9YeJ2Xzm4rGI0o","align-items-xl-center":"TnX6CLfh8vo_Q_DeYU2g","align-items-xl-baseline":"VtD1JQ5GGSN55msvqOuH","align-items-xl-stretch":"r3SPzoMrEJe9HyIuwWCJ","align-content-xl-start":"kaIxRiZtzxK_YyZMBHo_","align-content-xl-end":"l1QG33TebFm8kJRTmnh7","align
Source: Reader_Install_Setup.exeString found in binary or memory: content-xl-center":"MV4EN51PwhHoa9MTCThc","align-content-xl-between":"ch_UlL0T5dkZlpBCGf6z","align-content-xl-around":"qeeJg8mLhC36_AtZhgPi","align-content-xl-stretch":"VnQjhwHZwYkSNDH0IDLS","align-self-xl-auto":"f6I_MfERc6Cd5U2cvKdb","align-self-xl-start":"Pa
Source: Reader_Install_Setup.exeString found in binary or memory: -ms-flex-pack: start !important;\r\n justify-content: flex-start !important;\r\n }\r\n .eLk5KmeziN3FG_ZvWUbk {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .wx9l9CrohZahb5XLMrGW {\r\n -ms-flex-pack:
Source: Reader_Install_Setup.exeString found in binary or memory: portant;\r\n justify-content: space-around !important;\r\n }\r\n .THpMIn_rv9gXJ1zTlRSw {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .GDHTGrjlGD0S0f1_DiJ5 {\r\n -ms-flex-align: end !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: //launchReader
Source: Reader_Install_Setup.exeString found in binary or memory: //launchAcrobat
Source: Reader_Install_Setup.exeString found in binary or memory: //launchReaderSAPP
Source: Reader_Install_Setup.exeString found in binary or memory: mportant;\r\n }\r\n .wekS_MR1HkGU6Ej1xqxk {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .LkRjjQuLuuq2HISiPqJR {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: https://helpx.adobe.com/acrobat/kb/download-64-bit-installer.html
Source: Reader_Install_Setup.exeString found in binary or memory: n -ms-flex-item-align: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .fZE3fFOWzrNpoqLg33AU {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .R1In6pl7PW91BoY3krKQ {\r\n -ms-flex-it
Source: Reader_Install_Setup.exeString found in binary or memory: !important;\r\n justify-content: flex-start !important;\r\n }\r\n .mXqDCUtaC_JMHMad0ZwV {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .qOrqtkCp3ivHw7SVfILq {\r\n -ms-flex-pack: center !important;\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: -content: space-around !important;\r\n }\r\n .SkBdZQ4j6W8eEExZe0hD {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .WAJbhUQHN23bq7qy5Sn4 {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !
Source: Reader_Install_Setup.exeString found in binary or memory: Km2Za0W8caH7Y94_8Cii {\r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .W43tG1Sz8VgKlzT3ABdI {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .jl0mwv_1IlwXKTH
Source: Reader_Install_Setup.exeString found in binary or memory: lighting-color marker-end marker-mid marker-start overline-position overline-thickness paint-order panose-1 pointer-events rendering-intent shape-rendering stop-color stop-opacity strikethrough-position strikethrough-thickness stroke-dasharray stroke-dashoffs
Source: Reader_Install_Setup.exeString found in binary or memory: Congratulations": { "message": "Gratulerer!" }, "ActionList_Verify": { "message": "Verifiserer installasjon ..." }, "ActionList_ErrorUpdateMessage": { "message": "Kommandolinjeargumentet -installasjonsprogram kreves, men er ikke oppg
Source: Reader_Install_Setup.exeString found in binary or memory: n: start !important;\r\n align-self: flex-start !important;\r\n }\r\n .eLScPzCVVKub71kFSTo6 {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .AjPsmeBDtyK_yy_tIXdq {\r\n -ms-flex-item-align: center !impor
Source: Reader_Install_Setup.exeString found in binary or memory: stify-content: flex-start !important;\r\n }\r\n .y9ejXHhttjAEgovYXYMU {\r\n -ms-flex-pack: end !important;\r\n justify-content: flex-end !important;\r\n }\r\n .COPRSpy9kETB_SZQ4smx {\r\n -ms-flex-pack: center !important;\r\n justify-content: ce
Source: Reader_Install_Setup.exeString found in binary or memory: !important;\r\n }\r\n .AwPLyaWsRJ3kVfxTYAKZ {\r\n -ms-flex-align: start !important;\r\n align-items: flex-start !important;\r\n }\r\n .JLhQyJ9YeJ2Xzm4rGI0o {\r\n -ms-flex-align: end !important;\r\n align-items: flex-end !important;\r\n }\r\n
Source: Reader_Install_Setup.exeString found in binary or memory: ft..." }, "ActionList_ErrorUpdateMessage": { "message": "Das Befehlszeilenargument -installer muss angegeben werden." }, "ActionList_AlreadyExists": { "message": "Die Anwendung ist bereits installiert." }, "ActionList_Comp
Source: Reader_Install_Setup.exeString found in binary or memory: \r\n -ms-flex-align: stretch !important;\r\n align-items: stretch !important;\r\n }\r\n .kaIxRiZtzxK_YyZMBHo_ {\r\n -ms-flex-line-pack: start !important;\r\n align-content: flex-start !important;\r\n }\r\n .l1QG33TebFm8kJRTmnh7 {\r\n -ms-fle
Source: Reader_Install_Setup.exeString found in binary or memory: \n align-self: flex-start !important;\r\n }\r\n .gvNgooS8lRGqBrL8T2NG {\r\n -ms-flex-item-align: end !important;\r\n align-self: flex-end !important;\r\n }\r\n .hd7N4PctGEIBBTckCPnz {\r\n -ms-flex-item-align: center !important;\r\n align-sel
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeFile read: C:\Users\user\Desktop\Reader_Install_Setup.exeJump to behavior
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: Reader_Install_Setup.exeStatic PE information: certificate valid
Source: Reader_Install_Setup.exeStatic file information: File size 1445432 > 1048576
Source: Reader_Install_Setup.exeStatic PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x159200
Source: Reader_Install_Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\rdcadm\jenkins\workspace\WindowsBuild\2.0\dev\target\win\Release\Adobe Download Manager.pdb source: Reader_Install_Setup.exe, Reader_Install_Setup.exe, 00000000.00000002.2896650324.00000000002D1000.00000040.00000001.01000000.00000003.sdmp
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0070DE50 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_0070DE50
Source: Reader_Install_Setup.exeStatic PE information: real checksum: 0x16cd57 should be: 0x166b71
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0049FAEC push ecx; ret 0_2_0049FAFF
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_080651F3 pushad ; iretd 0_2_080651F6
Source: C:\Users\user\Desktop\Reader_Install_Setup.exeCode function: 0_2_0970D590 pushfd ; ret 0_2_0970D591
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1