Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe

Overview

General Information

Sample name:Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
Analysis ID:1475671
MD5:196c6cdd199d2148723a4a22fb9608fa
SHA1:35defb7852ccec846956bd4f37231613925f5638
SHA256:a06dfc86f1e4fbc5c469a961437692152eaeec13d6fa5fe87a3c29627ec6953f
Tags:exe
Infos:

Detection

AgentTesla, DarkTortilla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected DarkTortilla Crypter
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to launch a process as a different user
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe (PID: 3864 cmdline: "C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe" MD5: 196C6CDD199D2148723A4A22FB9608FA)
    • InstallUtil.exe (PID: 7528 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • InstallUtil.exe (PID: 7540 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • InstallUtil.exe (PID: 7660 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
NameDescriptionAttributionBlogpost URLsLink
DarkTortillaDarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2507506722.000000000306E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.1792637573.0000000003F19000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
      0000000C.00000002.2507506722.0000000003091000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
          00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 21 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3ec9670.2.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
              0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3f19690.3.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.5590000.4.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                  0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3ec9670.2.raw.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                    0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3f19690.3.unpackJoeSecurity_DarkTortillaYara detected DarkTortilla CrypterJoe Security
                      Click to see the 13 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.230.212.164, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 7660, Protocol: tcp, SourceIp: 192.168.2.11, SourceIsIpv6: false, SourcePort: 49721

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeAvira: detected
                      Found malware configuration
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.zoho.eu", "Username": "logs@astonherald.com", "Password": "office12#"}
                      Multi AV Scanner detection for submitted file
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeReversingLabs: Detection: 63%
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeVirustotal: Detection: 48%Perma Link
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeJoe Sandbox ML: detected
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.11:49721 -> 185.230.212.164:587
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                      Source: Joe Sandbox ViewASN Name: COMPUTERLINEComputerlineSchlierbachSwitzerlandCH COMPUTERLINEComputerlineSchlierbachSwitzerlandCH
                      Source: unknownDNS query: name: ip-api.com
                      Source: global trafficTCP traffic: 192.168.2.11:49721 -> 185.230.212.164:587
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: www.google.com
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: smtp.zoho.eu
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=
                      Source: InstallUtil.exe, 0000000C.00000002.2507506722.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0B
                      Source: InstallUtil.exe, 0000000C.00000002.2507506722.0000000003011000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.zoho.eu
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://status.thawte.com0:
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, gmBpn1ecBmQ.cs.Net Code: cTytqmH

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740C4D8 CreateProcessAsUserW,0_2_0740C4D8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_012848B00_2_012848B0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_01286D000_2_01286D00
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0128CFA80_2_0128CFA8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_012873180_2_01287318
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0128D8700_2_0128D870
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_012848A00_2_012848A0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0128CAB10_2_0128CAB1
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0128CFA30_2_0128CFA3
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_02BF11680_2_02BF1168
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_02BF1FE80_2_02BF1FE8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_060344200_2_06034420
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_060344000_2_06034400
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0603E3500_2_0603E350
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740CA700_2_0740CA70
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07406EB00_2_07406EB0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074055100_2_07405510
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07406C780_2_07406C78
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074078100_2_07407810
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074073180_2_07407318
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074013380_2_07401338
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074057B00_2_074057B0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07405E400_2_07405E40
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740AE080_2_0740AE08
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740A6D80_2_0740A6D8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07406E9F0_2_07406E9F
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074016A80_2_074016A8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074016B80_2_074016B8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074055000_2_07405500
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740950B0_2_0740950B
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07401D110_2_07401D11
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074095180_2_07409518
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07401D200_2_07401D20
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074004400_2_07400440
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074010480_2_07401048
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074004500_2_07400450
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074028680_2_07402868
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07406C680_2_07406C68
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074010380_2_07401038
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0740283E0_2_0740283E
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074018E00_2_074018E0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074018F00_2_074018F0
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_074064A80_2_074064A8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07412E780_2_07412E78
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741F2C80_2_0741F2C8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741F9F20_2_0741F9F2
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741D40A0_2_0741D40A
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_07412E450_2_07412E45
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741F2110_2_0741F211
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741F2360_2_0741F236
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741E6880_2_0741E688
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0741F2990_2_0741F299
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_081144180_2_08114418
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_081100400_2_08110040
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0811EE700_2_0811EE70
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0811EE620_2_0811EE62
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817F8040_2_0817F804
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817E9480_2_0817E948
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_081741D80_2_081741D8
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817F8230_2_0817F823
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817F82F0_2_0817F82F
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817E91F0_2_0817E91F
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_081741BF0_2_081741BF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015C41F012_2_015C41F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015CA8D012_2_015CA8D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015C4AC012_2_015C4AC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015CAD1712_2_015CAD17
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015CDE9012_2_015CDE90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015C3EA812_2_015C3EA8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_05A9243812_2_05A92438
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_05A9E04812_2_05A9E048
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D66C012_2_066D66C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D525812_2_066D5258
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066DC25012_2_066DC250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066DB2F012_2_066DB2F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D312012_2_066D3120
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D7E5012_2_066D7E50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D777012_2_066D7770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066DE47012_2_066DE470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D004012_2_066D0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D59AB12_2_066D59AB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D003812_2_066D0038
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D000712_2_066D0007
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002F98000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1780232302.000000000101E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000000.1255709990.0000000000A46000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamez56.exe@ vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003F19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMiPro.dll, vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1799131324.00000000077A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRP8SH.dll, vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7bc3a901-84f9-4a81-8277-20a61843655f.exe4 vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeBinary or memory string: OriginalFilenamez56.exe@ vs Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, Lw3.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, roEs93G.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, JQn0Aia1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, YsrmZ97b.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/1@3/3
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.logJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeReversingLabs: Detection: 63%
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeVirustotal: Detection: 48%
                      Source: unknownProcess created: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe "C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe"
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Yara detected DarkTortilla Crypter
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3ec9670.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3f19690.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.5590000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3ec9670.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3f19690.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.5590000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3ea1650.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003F19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe PID: 3864, type: MEMORYSTR
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, To3i9W.cs.Net Code: NewLateBinding.LateCall(objectValue, (Type)null, "Invoke", obj5, (string[])null, (Type[])null, obj6, true)
                      .NET source code contains potential unpacker
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, k5Q6Tj.cs.Net Code: t8PSi1 System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_08110C60 pushad ; retf 0_2_08110C61
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0811FA98 pushfd ; ret 0_2_0811FAA5
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeCode function: 0_2_0817195A push 00000059h; ret 0_2_0817195E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D254B push 8B040750h; retf 12_2_066D2550
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_066D2954 push 8B040750h; retf 12_2_066D2959
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeStatic PE information: section name: .text entropy: 7.191174421301109

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeFile opened: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe\:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe PID: 3864, type: MEMORYSTR
                      Check if machine is in data center or colocation facility
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 1280000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 8280000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 9280000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: 9450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: A450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: A7E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: B7E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1580000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2F40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeWindow / User API: threadDelayed 1572Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeWindow / User API: threadDelayed 7895Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1642Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8184Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe TID: 7364Thread sleep time: -23058430092136925s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe TID: 7524Thread sleep time: -66000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe TID: 2680Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -200000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7904Thread sleep count: 1642 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7904Thread sleep count: 8184 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99530s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99422s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99304s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99195s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -97110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96860s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -96110s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -95985s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99671s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99558s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99452s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99343s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99234s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99124s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -99015s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98906s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98796s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98577s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98468s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7900Thread sleep time: -98359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99530Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99304Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99195Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 97110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96860Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 96110Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 95985Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99671Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99558Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99452Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99124Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99015Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98906Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98796Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98577Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98468Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98359Jump to behavior
                      Source: InstallUtil.exe, 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003F19000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: VBoxTray
                      Source: InstallUtil.exe, 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
                      Source: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1780232302.0000000001053000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllul]
                      Source: InstallUtil.exe, 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                      Source: InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 12_2_015C70B0 CheckRemoteDebuggerPresent,12_2_015C70B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 430000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 390000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 430000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 390000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 430000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 432000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 470000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 472000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 334008Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 390000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 392000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3D0000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3D2000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5ED008Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 440000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 442000Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C02008Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.000000000306E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe PID: 3864, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7528, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7660, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe PID: 3864, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7528, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7660, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 9.2.InstallUtil.exe.430000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.3fc3830.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.000000000306E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe PID: 3864, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7528, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7660, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Valid Accounts                      		231
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      Valid Accounts                      		1
                      Valid Accounts                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		34
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		1
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Access Token Manipulation                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		531
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook311
                      Process Injection                      		22
                      Software Packing                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets261
                      Virtualization/Sandbox Evasion                      		SSHKeylogging12
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Valid Accounts                      		DCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt261
                      Virtualization/Sandbox Evasion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                      Process Injection                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                      Hidden Files and Directories                      		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1475671 Sample: Pedido9456_muestras_materia... Startdate: 18/07/2024 Architecture: WINDOWS Score: 100 22 smtp.zoho.eu 2->22 24 ip-api.com 2->24 26 www.google.com 2->26 34 Found malware configuration 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 11 other signatures 2->40 7 Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe 3 2->7         started        signatures3 process4 dnsIp5 28 www.google.com 172.217.18.100, 49708, 80 GOOGLEUS United States 7->28 20 Pedido9456_muestra...CO SA de CV.exe.log, ASCII 7->20 dropped 42 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->42 44 Writes to foreign memory regions 7->44 46 Allocates memory in foreign processes 7->46 48 2 other signatures 7->48 12 InstallUtil.exe 15 2 7->12         started        16 InstallUtil.exe 7->16         started        18 InstallUtil.exe 7->18         started        file6 signatures7 process8 dnsIp9 30 ip-api.com 208.95.112.1, 49720, 80 TUT-ASUS United States 12->30 32 smtp.zoho.eu 185.230.212.164, 49721, 49723, 587 COMPUTERLINEComputerlineSchlierbachSwitzerlandCH Netherlands 12->32 50 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->50 52 Tries to steal Mail credentials (via file / registry access) 12->52 54 Tries to harvest and steal ftp login credentials 12->54 56 Tries to harvest and steal browser information (history, passwords, etc) 12->56 58 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 16->58 60 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->60 62 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 16->62 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe63%ReversingLabsWin32.Spyware.Negasteal
                      Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe49%VirustotalBrowse
                      Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe100%AviraHEUR/AGEN.1311110
                      Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      smtp.zoho.eu0%VirustotalBrowse
                      www.google.com0%VirustotalBrowse
                      ip-api.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://account.dyn.com/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                      http://ip-api.com0%URL Reputationsafe
                      http://ip-api.com0%URL Reputationsafe
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%Avira URL Cloudsafe
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt00%Avira URL Cloudsafe
                      http://status.thawte.com0:0%Avira URL Cloudsafe
                      http://smtp.zoho.eu0%Avira URL Cloudsafe
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt00%VirustotalBrowse
                      http://smtp.zoho.eu0%VirustotalBrowse
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0p0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      smtp.zoho.eu
                      		185.230.212.164
                      		truetrueunknown
                      www.google.com
                      		172.217.18.100
                      		truefalseunknown
                      ip-api.com
                      		208.95.112.1
                      		truetrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://ip-api.com/line/?fields=hostingfalse
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://account.dyn.com/Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe, 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameInstallUtil.exe, 0000000C.00000002.2507506722.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://cacerts.thawte.com/ThawteTLSRSACAG1.crt0InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://cdp.thawte.com/ThawteTLSRSACAG1.crl0pInstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://status.thawte.com0:InstallUtil.exe, 0000000C.00000002.2506277638.0000000001408000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2513246867.0000000006250000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://smtp.zoho.euInstallUtil.exe, 0000000C.00000002.2507506722.0000000003074000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000C.00000002.2507506722.0000000003115000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://ip-api.comInstallUtil.exe, 0000000C.00000002.2507506722.0000000003011000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      208.95.112.1
                      		ip-api.comUnited States
                      		53334TUT-ASUStrue
                      185.230.212.164
                      		smtp.zoho.euNetherlands
                      		41913COMPUTERLINEComputerlineSchlierbachSwitzerlandCHtrue
                      172.217.18.100
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1475671
                      Start date and time:2024-07-18 08:06:45 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 6m 28s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@7/1@3/3
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 96%
                      • Number of executed functions: 194
                      • Number of non-executed functions: 39
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      02:07:41API Interceptor58x Sleep call for process: Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe modified
                      02:08:31API Interceptor66x Sleep call for process: InstallUtil.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      208.95.112.1172124118542a797d7ad180ab40c605d31d9af6871534140e8158050e1c4deb095c262bc08645.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      wdeigthseven.vbsGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      Orden-de-compra.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      Doc 0001_RFQ _MV_Vilnius provision.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      Docs_BL INV PKL.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      RS0987656789000JHGH.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      SWIFT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                      • ip-api.com/line/?fields=hosting
                      Docs Shipping PO#QSB-8927393_2324, QSB-8927394_23-24.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      z1Factura09876789.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      Windows21.exeGet hashmaliciousZTratBrowse
                      • ip-api.com/xml/?fields=countryCode,query

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ip-api.com172124118542a797d7ad180ab40c605d31d9af6871534140e8158050e1c4deb095c262bc08645.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      wdeigthseven.vbsGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Orden-de-compra.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Doc 0001_RFQ _MV_Vilnius provision.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Docs_BL INV PKL.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      RS0987656789000JHGH.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      SWIFT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                      • 208.95.112.1
                      Docs Shipping PO#QSB-8927393_2324, QSB-8927394_23-24.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      z1Factura09876789.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Windows21.exeGet hashmaliciousZTratBrowse
                      • 208.95.112.1
                      smtp.zoho.euOrden#46789_2024_Optoflux_mexico_sderlss.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                      • 185.230.214.164
                      Orden#46789_2024_Optoflux_mexico_sderlsTY.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                      • 185.230.214.164
                      Orden#46789_2024_Optoflux_mexico_sderlsTYP.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                      • 185.230.214.164
                      okPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                      • 185.230.214.164
                      RFQ678903423_PROD_HASUE_de_Mexicso_MAT_MEX.exeGet hashmaliciousAgentTeslaBrowse
                      • 185.230.214.164
                      RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRYs.exeGet hashmaliciousGuLoaderBrowse
                      • 185.230.214.164
                      RFQ678903423_PROD_INQUIRY_SHANG_NOG_INDUSTRY.exeGet hashmaliciousAgentTeslaBrowse
                      • 185.230.214.164
                      INQUIRY#46789_MAY24_PLANEX_SERVICES_CONTRACTING_GOODS.exeGet hashmaliciousAgentTeslaBrowse
                      • 185.230.214.164
                      VBG dk Payment Receipt --doc87349281.batGet hashmaliciousRemcos, AgentTesla, DBatLoaderBrowse
                      • 185.230.214.164
                      RFQ_on_SAK-TC233L-32F200N_INFINEON_PN_PHARMA.pdf.exeGet hashmaliciousAgentTeslaBrowse
                      • 89.36.170.164

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      COMPUTERLINEComputerlineSchlierbachSwitzerlandCHhttps://e-centralprojects.trainercentralsite.comGet hashmaliciousUnknownBrowse
                      • 89.36.170.147
                      https://e-centralprojects.trainercentralsite.comGet hashmaliciousTycoon2FABrowse
                      • 89.36.170.147
                      https://zohoinvoicepay.com/invoice/horizonhivesholdings/secure?CInvoiceID=2-5d1a6e6e7fc02c6aa9c16ba084eaf7b11969e250db6bf56b3ff921885bb1a02a1de112985005752c6b386aa74f5531aa4b7fa92bbb84e57e4955efe41be6b38898e1fb71080bbb7a%20Get hashmaliciousUnknownBrowse
                      • 185.230.212.52
                      https://hbagc.netGet hashmaliciousUnknownBrowse
                      • 89.36.170.147
                      Orden#46789_2024_Optoflux_mexico_sderlss.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                      • 185.230.214.164
                      Orden#46789_2024_Optoflux_mexico_sderls.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                      • 185.230.214.164
                      okPY77wv6E.exeGet hashmaliciousAgentTeslaBrowse
                      • 185.230.214.164
                      https://bitbucket.oreaillyauto.com/Get hashmaliciousUnknownBrowse
                      • 185.230.212.52
                      https://show.zohopublic.com/publish/lbdok4d17ed2d1eb14856a7e4d9247a9cebd4Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                      • 89.36.170.147
                      c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                      • 185.230.212.166
                      TUT-ASUS172124118542a797d7ad180ab40c605d31d9af6871534140e8158050e1c4deb095c262bc08645.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      wdeigthseven.vbsGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Orden-de-compra.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Doc 0001_RFQ _MV_Vilnius provision.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Docs_BL INV PKL.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      RS0987656789000JHGH.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      SWIFT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                      • 208.95.112.1
                      Docs Shipping PO#QSB-8927393_2324, QSB-8927394_23-24.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      z1Factura09876789.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      Windows21.exeGet hashmaliciousZTratBrowse
                      • 208.95.112.1

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.34331486778365
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
                      MD5:7B709BC412BEC5C3CFD861C041DAD408
                      SHA1:532EA6BB3018AE3B51E7A5788F614A6C49252BCF
                      SHA-256:733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
                      SHA-512:B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
                      Malicious:true
                      Reputation:moderate, very likely benign file
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):7.1836252768431965
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      • Win32 Executable (generic) a (10002005/4) 49.75%
                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      File size:411'648 bytes
                      MD5:196c6cdd199d2148723a4a22fb9608fa
                      SHA1:35defb7852ccec846956bd4f37231613925f5638
                      SHA256:a06dfc86f1e4fbc5c469a961437692152eaeec13d6fa5fe87a3c29627ec6953f
                      SHA512:ebe6b74a34a61b8ea3a7d098478aa39e718706e4bfda925da7f6f26ec2bf1b433cff5ba041d02d8626e2596b1dc1812d49b1342a625550bc6c54d8ea62108c22
                      SSDEEP:12288:nLLwulIXCJnxVhSJUnGH9M7AMlwBhKj6AW+YHxG:noydpAJSGHy7AMa4j6AWzR
                      TLSH:8C94F10D13E8E505E6BE3BF86871A14043BAF0D62553E32F16C4A0F97B737A59D912A3
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......6.........."...P..2...........P... ...`....@.. ....................................`................................

                      File Icon

                      Icon Hash:9b1a7a82aca38fc6

                      Static PE Info

                      General

                      Entrypoint:0x46500e
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x36BCF90E [Sun Feb 7 02:23:10 1999 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x64fb40x57.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x11fc.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x680000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x630140x63200e95b20fdc3e261deb6c7bc9d6a21f10fFalse0.7709819317465322SysEx File -7.191174421301109IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x660000x11fc0x12008ceb5091861e31ce0db30ee617458d82False0.81640625data7.234907766431966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x680000xc0x200e540d8bce268e4b10c58febe9557ade4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x660e80xd7fPNG image data, 189 x 189, 8-bit/color RGBA, non-interlaced0.9357452966714906
                      RT_GROUP_ICON0x66e680x14data1.25
                      RT_VERSION0x66e7c0x380data0.4486607142857143

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 18, 2024 08:07:38.293613911 CEST4970880192.168.2.11172.217.18.100
                      Jul 18, 2024 08:07:38.298481941 CEST8049708172.217.18.100192.168.2.11
                      Jul 18, 2024 08:07:38.298618078 CEST4970880192.168.2.11172.217.18.100
                      Jul 18, 2024 08:07:38.298788071 CEST4970880192.168.2.11172.217.18.100
                      Jul 18, 2024 08:07:38.305404902 CEST8049708172.217.18.100192.168.2.11
                      Jul 18, 2024 08:07:38.305428982 CEST8049708172.217.18.100192.168.2.11
                      Jul 18, 2024 08:07:38.305497885 CEST4970880192.168.2.11172.217.18.100
                      Jul 18, 2024 08:08:30.846491098 CEST4972080192.168.2.11208.95.112.1
                      Jul 18, 2024 08:08:30.851730108 CEST8049720208.95.112.1192.168.2.11
                      Jul 18, 2024 08:08:30.851829052 CEST4972080192.168.2.11208.95.112.1
                      Jul 18, 2024 08:08:30.852839947 CEST4972080192.168.2.11208.95.112.1
                      Jul 18, 2024 08:08:30.870198011 CEST8049720208.95.112.1192.168.2.11
                      Jul 18, 2024 08:08:31.340411901 CEST8049720208.95.112.1192.168.2.11
                      Jul 18, 2024 08:08:31.395359039 CEST4972080192.168.2.11208.95.112.1
                      Jul 18, 2024 08:08:32.051111937 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:32.077877045 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:32.078479052 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:32.684546947 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:32.703526020 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:32.714226961 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.029174089 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.029371023 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.034255981 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.208009005 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.217192888 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.222232103 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.398071051 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.398087025 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.398102999 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.398155928 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.402034044 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.407660007 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.585927963 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.616827965 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.622323990 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.798582077 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.848319054 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.939152002 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:33.940232038 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:33.945267916 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.274324894 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.274617910 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:34.309957027 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.547049046 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.547329903 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:34.552242041 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.736284018 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.736531019 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:34.741501093 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.915445089 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:34.915713072 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:34.920581102 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:35.094333887 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:35.103811979 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:35.104320049 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:35.104362011 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:35.104383945 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:35.108755112 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:35.109282017 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:35.109292984 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:35.109302044 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.121263027 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.123450994 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.123601913 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.164760113 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.169621944 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.354891062 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.355354071 CEST58749721185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.355516911 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.358463049 CEST49721587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.359349966 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.364347935 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.364478111 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.949939966 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:36.950103998 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:36.955364943 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.237421036 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.285824060 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.366127968 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.366373062 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.371476889 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.543229103 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.545217991 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.553447008 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.726175070 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.726979971 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.726993084 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.727154970 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.729240894 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:37.729399920 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.730892897 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:37.735599041 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.159085989 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.160375118 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.160764933 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.161184072 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.173930883 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.350789070 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.351577997 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.359359026 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.533104897 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.533489943 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.538626909 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.725162983 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.725450039 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.730321884 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.903162956 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:38.903414965 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:38.908509016 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.080323935 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.080538988 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.085614920 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.270478964 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.271928072 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272038937 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272038937 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272121906 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272121906 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272156954 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272192001 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272241116 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272241116 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.272317886 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:08:39.278235912 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.278263092 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.278278112 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.278455973 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.278692961 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.583303928 CEST58749723185.230.212.164192.168.2.11
                      Jul 18, 2024 08:08:39.630341053 CEST49723587192.168.2.11185.230.212.164
                      Jul 18, 2024 08:09:22.051713943 CEST4972080192.168.2.11208.95.112.1
                      Jul 18, 2024 08:09:22.057305098 CEST8049720208.95.112.1192.168.2.11
                      Jul 18, 2024 08:09:22.057792902 CEST4972080192.168.2.11208.95.112.1

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Jul 18, 2024 08:07:38.283519983 CEST4941053192.168.2.111.1.1.1
                      Jul 18, 2024 08:07:38.290390968 CEST53494101.1.1.1192.168.2.11
                      Jul 18, 2024 08:08:30.832349062 CEST5887053192.168.2.111.1.1.1
                      Jul 18, 2024 08:08:30.839515924 CEST53588701.1.1.1192.168.2.11
                      Jul 18, 2024 08:08:32.042243958 CEST5940953192.168.2.111.1.1.1
                      Jul 18, 2024 08:08:32.050302029 CEST53594091.1.1.1192.168.2.11

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Jul 18, 2024 08:07:38.283519983 CEST192.168.2.111.1.1.10x520bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Jul 18, 2024 08:08:30.832349062 CEST192.168.2.111.1.1.10x2927Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                      Jul 18, 2024 08:08:32.042243958 CEST192.168.2.111.1.1.10x9341Standard query (0)smtp.zoho.euA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Jul 18, 2024 08:07:38.290390968 CEST1.1.1.1192.168.2.110x520bNo error (0)www.google.com172.217.18.100A (IP address)IN (0x0001)false
                      Jul 18, 2024 08:08:30.839515924 CEST1.1.1.1192.168.2.110x2927No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                      Jul 18, 2024 08:08:32.050302029 CEST1.1.1.1192.168.2.110x9341No error (0)smtp.zoho.eu185.230.212.164A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • ip-api.com

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.1149720208.95.112.1807660C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      TimestampBytes transferredDirectionData
                      Jul 18, 2024 08:08:30.852839947 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                      Host: ip-api.com
                      Connection: Keep-Alive
                      Jul 18, 2024 08:08:31.340411901 CEST175INHTTP/1.1 200 OK
                      Date: Thu, 18 Jul 2024 06:08:30 GMT
                      Content-Type: text/plain; charset=utf-8
                      Content-Length: 6
                      Access-Control-Allow-Origin: *
                      X-Ttl: 60
                      X-Rl: 44
                      Data Raw: 66 61 6c 73 65 0a
                      Data Ascii: false


                      SMTP Packets

                      TimestampSource PortDest PortSource IPDest IPCommands
                      Jul 18, 2024 08:08:32.684546947 CEST58749721185.230.212.164192.168.2.11220 mx.zoho.eu SMTP Server ready July 18, 2024 8:08:32 AM CEST
                      Jul 18, 2024 08:08:32.703526020 CEST49721587192.168.2.11185.230.212.164EHLO 414408
                      Jul 18, 2024 08:08:33.029174089 CEST58749721185.230.212.164192.168.2.11250-mx.zoho.eu Hello 414408 (8.46.123.33 (8.46.123.33))
                      250-STARTTLS
                      250 SIZE 53477376
                      Jul 18, 2024 08:08:33.029371023 CEST49721587192.168.2.11185.230.212.164STARTTLS
                      Jul 18, 2024 08:08:33.208009005 CEST58749721185.230.212.164192.168.2.11220 Ready to start TLS.
                      Jul 18, 2024 08:08:36.949939966 CEST58749723185.230.212.164192.168.2.11220 mx.zoho.eu SMTP Server ready July 18, 2024 8:08:36 AM CEST
                      Jul 18, 2024 08:08:36.950103998 CEST49723587192.168.2.11185.230.212.164EHLO 414408
                      Jul 18, 2024 08:08:37.237421036 CEST58749723185.230.212.164192.168.2.11250-mx.zoho.eu Hello 414408 (8.46.123.33 (8.46.123.33))
                      250-STARTTLS
                      Jul 18, 2024 08:08:37.366127968 CEST58749723185.230.212.164192.168.2.11250 SIZE 53477376
                      Jul 18, 2024 08:08:37.366373062 CEST49723587192.168.2.11185.230.212.164STARTTLS
                      Jul 18, 2024 08:08:37.543229103 CEST58749723185.230.212.164192.168.2.11220 Ready to start TLS.

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:02:07:37
                      Start date:18/07/2024
                      Path:C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.exe"
                      Imagebase:0x9e0000
                      File size:411'648 bytes
                      MD5 hash:196C6CDD199D2148723A4A22FB9608FA
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1792637573.0000000003F19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1796909834.0000000005590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1792637573.0000000003FC3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1781352712.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1792637573.0000000003D89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:9
                      Start time:02:07:51
                      Start date:18/07/2024
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Imagebase:0x60000
                      File size:42'064 bytes
                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1426960071.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:10
                      Start time:02:07:54
                      Start date:18/07/2024
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Imagebase:0x2c0000
                      File size:42'064 bytes
                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:12
                      Start time:02:07:56
                      Start date:18/07/2024
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Imagebase:0xbf0000
                      File size:42'064 bytes
                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2507506722.000000000306E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2507506722.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2507506722.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:moderate
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:18.2%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:15.1%
                        Total number of Nodes:126
                        Total number of Limit Nodes:16
                        execution_graph 50652 740fd40 50653 740fd80 ResumeThread 50652->50653 50655 740fdb1 50653->50655 50757 740e9f0 50758 740ea38 WriteProcessMemory 50757->50758 50760 740ea8f 50758->50760 50656 741d340 50657 741d354 50656->50657 50658 741d390 50657->50658 50673 7402a43 50657->50673 50678 7402b9f 50657->50678 50682 740283e 50657->50682 50687 74029de 50657->50687 50692 74029fc 50657->50692 50697 7403476 50657->50697 50702 7403432 50657->50702 50709 7403312 50657->50709 50713 7402b10 50657->50713 50717 7402acc 50657->50717 50723 7402868 50657->50723 50728 7403b64 50657->50728 50733 74036e3 50657->50733 50737 7402a83 50657->50737 50742 7405000 50673->50742 50745 7404ffb 50673->50745 50674 74029a7 50674->50673 50675 74029d8 50674->50675 50675->50657 50680 7405000 VirtualProtect 50678->50680 50681 7404ffb VirtualProtect 50678->50681 50679 7402bb3 50680->50679 50681->50679 50683 7402897 50682->50683 50684 74029d8 50683->50684 50685 7405000 VirtualProtect 50683->50685 50686 7404ffb VirtualProtect 50683->50686 50684->50657 50685->50683 50686->50683 50689 74029a7 50687->50689 50688 74029d8 50688->50657 50689->50688 50690 7405000 VirtualProtect 50689->50690 50691 7404ffb VirtualProtect 50689->50691 50690->50689 50691->50689 50693 74029a7 50692->50693 50694 74029d8 50693->50694 50695 7405000 VirtualProtect 50693->50695 50696 7404ffb VirtualProtect 50693->50696 50694->50657 50695->50693 50696->50693 50698 7403433 50697->50698 50699 7403479 50697->50699 50698->50697 50700 7405000 VirtualProtect 50698->50700 50701 7404ffb VirtualProtect 50698->50701 50700->50698 50701->50698 50703 7403433 50702->50703 50707 7405000 VirtualProtect 50702->50707 50708 7404ffb VirtualProtect 50702->50708 50704 7403479 50703->50704 50705 7405000 VirtualProtect 50703->50705 50706 7404ffb VirtualProtect 50703->50706 50705->50703 50706->50703 50707->50703 50708->50703 50711 7405000 VirtualProtect 50709->50711 50712 7404ffb VirtualProtect 50709->50712 50710 7403323 50711->50710 50712->50710 50714 7402acd 50713->50714 50714->50713 50715 7405000 VirtualProtect 50714->50715 50716 7404ffb VirtualProtect 50714->50716 50715->50714 50716->50714 50718 7402acd 50717->50718 50719 7405000 VirtualProtect 50717->50719 50720 7404ffb VirtualProtect 50717->50720 50721 7405000 VirtualProtect 50718->50721 50722 7404ffb VirtualProtect 50718->50722 50719->50718 50720->50718 50721->50718 50722->50718 50724 7402897 50723->50724 50725 74029d8 50724->50725 50726 7405000 VirtualProtect 50724->50726 50727 7404ffb VirtualProtect 50724->50727 50725->50657 50726->50724 50727->50724 50729 7403b6d 50728->50729 50731 7405000 VirtualProtect 50729->50731 50732 7404ffb VirtualProtect 50729->50732 50730 7403b7f 50731->50730 50732->50730 50735 7405000 VirtualProtect 50733->50735 50736 7404ffb VirtualProtect 50733->50736 50734 74036f6 50735->50734 50736->50734 50738 74029a7 50737->50738 50739 74029d8 50738->50739 50740 7405000 VirtualProtect 50738->50740 50741 7404ffb VirtualProtect 50738->50741 50739->50657 50740->50738 50741->50738 50743 7405048 VirtualProtect 50742->50743 50744 7405082 50743->50744 50744->50674 50746 7404fc8 50745->50746 50747 7404ffe VirtualProtect 50745->50747 50746->50674 50749 7405082 50747->50749 50749->50674 50761 811bd20 50763 811bd66 DeleteFileW 50761->50763 50764 811bd9f 50763->50764 50790 2bf0178 50791 2bf0303 50790->50791 50792 2bf019e 50790->50792 50792->50791 50795 2bf03f8 PostMessageW 50792->50795 50797 2bf03f0 PostMessageW 50792->50797 50796 2bf0464 50795->50796 50796->50792 50798 2bf0464 50797->50798 50798->50792 50753 740eee8 50754 740ef30 VirtualProtectEx 50753->50754 50756 740ef6e 50754->50756 50765 740e678 50766 740e6b8 VirtualAllocEx 50765->50766 50768 740e6f5 50766->50768 50769 7406c78 50771 7406c9f 50769->50771 50770 7406e0e 50771->50770 50773 7407810 50771->50773 50774 7407853 50773->50774 50775 7407c84 50774->50775 50778 7409cf0 50774->50778 50782 740a1f8 50774->50782 50775->50771 50779 7409cfe 50778->50779 50780 7409d05 50778->50780 50779->50774 50780->50779 50786 740c4d8 50780->50786 50783 740a21f 50782->50783 50784 740a3dc 50783->50784 50785 740c4d8 CreateProcessAsUserW 50783->50785 50784->50774 50785->50783 50787 740c557 CreateProcessAsUserW 50786->50787 50789 740c658 50787->50789 50799 740dfa8 50800 740dfed Wow64GetThreadContext 50799->50800 50802 740e035 50800->50802 50805 740fab8 50806 740fafd Wow64SetThreadContext 50805->50806 50808 740fb45 50806->50808 50750 741e5d8 50751 741e620 VirtualProtect 50750->50751 50752 741e65a 50751->50752 50803 2bf2650 FindCloseChangeNotification 50804 2bf26b7 50803->50804

                        Executed Functions

                        Function 01287318 Relevance: 6.7, Strings: 5, Instructions: 443COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 280 1287318-128734e 404 1287350 call 1287318 280->404 405 1287350 call 1286c69 280->405 406 1287350 call 1286d00 280->406 281 1287356-128735c 282 12873ac-12873b0 281->282 283 128735e-1287362 281->283 286 12873b2-12873c1 282->286 287 12873c7-12873db 282->287 284 1287371-1287378 283->284 285 1287364-1287369 283->285 288 128744e-128748b 284->288 289 128737e-1287385 284->289 285->284 290 12873ed-12873f7 286->290 291 12873c3-12873c5 286->291 292 12873e3-12873ea 287->292 301 128748d-1287493 288->301 302 1287496-12874b6 288->302 289->282 295 1287387-128738b 289->295 293 12873f9-12873ff 290->293 294 1287401-1287405 290->294 291->292 297 128740d-1287447 293->297 294->297 298 1287407 294->298 299 128739a-12873a1 295->299 300 128738d-1287392 295->300 297->288 298->297 299->288 303 12873a7-12873aa 299->303 300->299 301->302 308 12874b8 302->308 309 12874bd-12874c4 302->309 303->292 311 128784c-1287855 308->311 312 12874c6-12874d1 309->312 313 128785d-128786a 312->313 314 12874d7-12874ea 312->314 319 12874ec-12874fa 314->319 320 1287500-128751b 314->320 319->320 323 12877d4-12877db 319->323 324 128751d-1287523 320->324 325 128753f-1287542 320->325 323->311 328 12877dd-12877df 323->328 326 128752c-128752f 324->326 327 1287525 324->327 329 1287548-128754b 325->329 330 128769c-12876a2 325->330 332 1287562-1287568 326->332 333 1287531-1287534 326->333 327->326 327->330 331 128778e-1287791 327->331 327->332 334 12877ee-12877f4 328->334 335 12877e1-12877e6 328->335 329->330 337 1287551-1287557 329->337 330->331 336 12876a8-12876ad 330->336 342 1287858 331->342 343 1287797-128779d 331->343 344 128756a-128756c 332->344 345 128756e-1287570 332->345 338 128753a 333->338 339 12875ce-12875d4 333->339 334->313 340 12877f6-12877fb 334->340 335->334 336->331 337->330 341 128755d 337->341 338->331 339->331 348 12875da-12875e0 339->348 346 12877fd-1287802 340->346 347 1287840-1287843 340->347 341->331 342->313 349 128779f-12877a7 343->349 350 12877c2-12877c6 343->350 351 128757a-1287583 344->351 345->351 346->342 357 1287804 346->357 347->342 356 1287845-128784a 347->356 358 12875e2-12875e4 348->358 359 12875e6-12875e8 348->359 349->313 352 12877ad-12877bc 349->352 350->323 355 12877c8-12877ce 350->355 353 1287585-1287590 351->353 354 1287596-12875be 351->354 352->320 352->350 353->331 353->354 379 12876b2-12876e8 354->379 380 12875c4-12875c9 354->380 355->312 355->323 356->311 356->328 361 128780b-1287810 357->361 360 12875f2-1287609 358->360 359->360 372 128760b-1287624 360->372 373 1287634-128765b 360->373 365 1287832-1287834 361->365 366 1287812-1287814 361->366 365->342 370 1287836-1287839 365->370 367 1287823-1287829 366->367 368 1287816-128781b 366->368 367->313 371 128782b-1287830 367->371 368->367 370->347 371->365 375 1287806-1287809 371->375 372->379 384 128762a-128762f 372->384 373->342 383 1287661-1287664 373->383 375->342 375->361 387 12876ea-12876ee 379->387 388 12876f5-12876fd 379->388 380->379 383->342 386 128766a-1287693 383->386 384->379 386->379 403 1287695-128769a 386->403 390 128770d-1287711 387->390 391 12876f0-12876f3 387->391 388->342 389 1287703-1287708 388->389 389->331 393 1287730-1287734 390->393 394 1287713-1287719 390->394 391->388 391->390 396 128773e-128775d call 1287a41 393->396 397 1287736-128773c 393->397 394->393 395 128771b-1287723 394->395 395->342 399 1287729-128772e 395->399 400 1287763-1287767 396->400 397->396 397->400 399->331 400->331 401 1287769-1287785 400->401 401->331 403->379 404->281 405->281 406->281
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o_q$(o_q$(o_q$,cq$,cq
                        • API String ID: 0-1313158517
                        • Opcode ID: 7a49660769eb9ca4de331773766813f5ac8ece17bb8229cc6a7514211c5d745a
                        • Instruction ID: c8ab0ebea7e3df96a4aae383c728d5f042864f17a2c23d615120dce693713715
                        • Opcode Fuzzy Hash: 7a49660769eb9ca4de331773766813f5ac8ece17bb8229cc6a7514211c5d745a
                        • Instruction Fuzzy Hash: 60028030A21109DFDB15EF69C884AADBBF6FF88304F248469E915AB2A1D774DD41CF50
                        Function 012848B0 Relevance: 6.5, Strings: 5, Instructions: 252COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 408 12848b0-12848d8 409 12848da 408->409 410 12848df-12849d9 call 12850b8 408->410 409->410 420 12849db 410->420 421 12849e0-12849ff 410->421 420->421 470 1284a02 call 12852a8 421->470 471 1284a02 call 1285299 421->471 422 1284a08-1284a1e 423 1284a20 422->423 424 1284a25-1284a29 422->424 423->424 425 1284a2b-1284a2c 424->425 426 1284a31-1284a38 424->426 427 1284ac1-1284afd 425->427 428 1284a3a 426->428 429 1284a3f-1284a89 426->429 436 1284c2f-1284c46 427->436 428->429 438 1284a8b-1284a97 429->438 439 1284ab5 429->439 444 1284c4c-1284c71 436->444 445 1284b02-1284b72 436->445 441 1284a99-1284a9f 438->441 442 1284aa1-1284ab1 438->442 443 1284abb-1284ac0 439->443 446 1284ab3 441->446 442->446 443->427 452 1284c89 444->452 453 1284c73-1284c88 444->453 467 1284b78 call 12852a8 445->467 468 1284b78 call 1285299 445->468 446->443 456 1284c8a 452->456 453->452 456->456 459 1284b7e-1284bb5 462 1284c2d-1284c2e 459->462 463 1284bb7-1284c2b 459->463 462->436 463->444 467->459 468->459 470->422 471->422
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q$PH_q$tP_q$tP_q$tP_q
                        • API String ID: 0-690212726
                        • Opcode ID: db24901cb0bba51f4704d86436965b2e0fea4d316e910276fd91ca6e84045e3d
                        • Instruction ID: 24ac3a58ecbedb1b6f5122050de3571047a6dc0d01ff6b2cc3178a36cc4b68aa
                        • Opcode Fuzzy Hash: db24901cb0bba51f4704d86436965b2e0fea4d316e910276fd91ca6e84045e3d
                        • Instruction Fuzzy Hash: 25C1E174E112598FEB24DFA9C954B9DBBF2BF88300F1085A9D509AB3A8DB305D85CF50
                        Function 081741BF Relevance: 5.6, Instructions: 5644COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 472 81741bf-8174406 500 817440c-8175151 472->500 501 8176459-817673e 472->501 909 8175157-8175435 500->909 910 817543d-8176451 500->910 576 81776f6-817876c 501->576 577 8176744-81776ee 501->577 1167 8178ab3-8178ac6 576->1167 1168 8178772-8178aab 576->1168 577->576 909->910 910->501 1172 8179173-817a04b call 817b146 1167->1172 1173 8178acc-817916b 1167->1173 1168->1167 1555 817a051-817a058 1172->1555 1173->1172
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f653583685f2934e0f57580c9cd6fd0cf2a81df2f1be986d0c097c8f70b3ede3
                        • Instruction ID: 8bcc3fd3c066792d6828fbb9a5e393069e0b61e1b41632ece76da2a0f162e221
                        • Opcode Fuzzy Hash: f653583685f2934e0f57580c9cd6fd0cf2a81df2f1be986d0c097c8f70b3ede3
                        • Instruction Fuzzy Hash: 60C3EA70A122298FCB58EF38E99466CBBB2EF89300F5044EDD449A7354EB346E85CF55
                        Function 081741D8 Relevance: 5.6, Instructions: 5633COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1557 81741d8-8174406 1585 817440c-8175151 1557->1585 1586 8176459-817673e 1557->1586 1994 8175157-8175435 1585->1994 1995 817543d-8176451 1585->1995 1661 81776f6-817876c 1586->1661 1662 8176744-81776ee 1586->1662 2252 8178ab3-8178ac6 1661->2252 2253 8178772-8178aab 1661->2253 1662->1661 1994->1995 1995->1586 2257 8179173-817a04b call 817b146 2252->2257 2258 8178acc-817916b 2252->2258 2253->2252 2640 817a051-817a058 2257->2640 2258->2257
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b557ffb758ad16976e5235063a9e3595cf2865f540084257ca00ca9eaf724e6d
                        • Instruction ID: d866f2a8475ab811d5927749080c88c6184287bc28fe065b8a15613265437956
                        • Opcode Fuzzy Hash: b557ffb758ad16976e5235063a9e3595cf2865f540084257ca00ca9eaf724e6d
                        • Instruction Fuzzy Hash: 24C3EA70A122298FCB58EF38E99466CBBB2EF89300F5044EDD449A7354EB346E85CF55
                        Function 08114418 Relevance: 5.2, Instructions: 5170COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 3602 8114418-8114686 4558 8114688 call 811ab90 3602->4558 4559 8114688 call 811aba0 3602->4559 3630 811468e-8119ae3 call 811b240 4557 8119ae9-8119af0 3630->4557 4558->3630 4559->3630
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799597280.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8110000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 970550ed2c69bf0e15f4484cd0ffb1edcf7cce54b74a4dca2b5b10e2dcec0f39
                        • Instruction ID: 9ae5aea757f48f615c79267038ec790415895c9814ed10b1498c335a4a37675f
                        • Opcode Fuzzy Hash: 970550ed2c69bf0e15f4484cd0ffb1edcf7cce54b74a4dca2b5b10e2dcec0f39
                        • Instruction Fuzzy Hash: A4B3E870A112288BCB54EF38EA9966CBBF2FF88300F5485ADD489A3254EF345D85CF55
                        Function 0128D870 Relevance: 4.1, Strings: 3, Instructions: 323COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4783 128d870-128d8ab 4784 128d8ad 4783->4784 4785 128d8b2-128d8e6 4783->4785 4784->4785 4786 128d8e8 4785->4786 4787 128d8ed-128d966 4785->4787 4786->4787 4792 128d968 4787->4792 4793 128d96d-128d9a1 call 12852a8 4787->4793 4792->4793 4796 128d9a8-128d9ac 4793->4796 4797 128d9a3 4793->4797 4798 128d9ae-128d9af 4796->4798 4799 128d9b1-128d9b8 4796->4799 4797->4796 4800 128da26-128daa6 call 12852a8 4798->4800 4801 128d9ba 4799->4801 4802 128d9bf-128da08 4799->4802 4812 128dd3f-128dd56 4800->4812 4801->4802 4813 128da1a-128da23 4802->4813 4814 128da0a-128da10 4802->4814 4816 128daab-128dbac call 12852a8 * 2 4812->4816 4817 128dd5c-128dd81 4812->4817 4813->4800 4814->4813 4835 128dd19-128dd3e 4816->4835 4836 128dbb2-128dc51 4816->4836 4822 128dd99 4817->4822 4823 128dd83-128dd98 4817->4823 4824 128dd9a 4822->4824 4823->4822 4824->4824 4835->4812 4842 128dc58-128dc88 4836->4842 4843 128dc53 4836->4843 4857 128dc8e call 128f2a8 4842->4857 4858 128dc8e call 128f299 4842->4858 4859 128dc8e call 128f7bd 4842->4859 4860 128dc8e call 128f8c0 4842->4860 4861 128dc8e call 128f392 4842->4861 4843->4842 4844 128dc94-128dca2 4845 128dca9-128dcad 4844->4845 4846 128dca4 4844->4846 4847 128dcaf-128dcb0 4845->4847 4848 128dcb2-128dcb9 4845->4848 4846->4845 4849 128dd16-128dd17 4847->4849 4850 128dcbb 4848->4850 4851 128dcc0-128dd13 4848->4851 4849->4817 4850->4851 4851->4849 4857->4844 4858->4844 4859->4844 4860->4844 4861->4844
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: <dvq$PH_q$PH_q
                        • API String ID: 0-714248992
                        • Opcode ID: b078a6ae14afc8ece6419712e1a29917423774d2665560d454a489ef9f7eae74
                        • Instruction ID: e6621921439ce6745ff2b8cad86632941d1e41fae3c285607b7c499d2305a5c5
                        • Opcode Fuzzy Hash: b078a6ae14afc8ece6419712e1a29917423774d2665560d454a489ef9f7eae74
                        • Instruction Fuzzy Hash: 55E1E374E11218CFDB24DFA9C944B9DBBF2BF88300F2485A9E509AB295DB305D85CF50
                        Function 07405510 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4935 7405510-740552a 4936 7405531-74055dc 4935->4936 4937 740552c 4935->4937 4947 74055df 4936->4947 4937->4936 4948 74055e6-7405602 4947->4948 4949 7405604 4948->4949 4950 740560b-740560c 4948->4950 4949->4947 4951 7405611-7405615 4949->4951 4952 7405778-740577e 4949->4952 4953 7405661-74056a2 call 7406c21 4949->4953 4954 7405645-740565f 4949->4954 4955 74056b5-7405745 4949->4955 4950->4951 4950->4952 4956 7405617-7405626 4951->4956 4957 7405628-740562f 4951->4957 4969 74056a8-74056b0 4953->4969 4954->4948 4972 7405747-7405756 4955->4972 4973 7405758-740575f 4955->4973 4958 7405636-7405643 4956->4958 4957->4958 4958->4948 4969->4948 4974 7405766-7405773 4972->4974 4973->4974 4974->4948
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Q!$Q!$$_q
                        • API String ID: 0-393975285
                        • Opcode ID: 3a5a501e5d9576258579031c16e13ce8c1cd6cf248e2271cdd9a25e0b7b2275b
                        • Instruction ID: c4d198d61ff9c3130980d2566a87ae2b376accbb4a69aa89c69d8caece2cb995
                        • Opcode Fuzzy Hash: 3a5a501e5d9576258579031c16e13ce8c1cd6cf248e2271cdd9a25e0b7b2275b
                        • Instruction Fuzzy Hash: 5271B4B4E00209DFDB04DFA5D9549AEBBB2FF88310F20852AE405A7795DB385945CF91
                        Function 01286D00 Relevance: 3.0, Strings: 2, Instructions: 508COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o_q$Hcq
                        • API String ID: 0-689770731
                        • Opcode ID: 90a6673631f63363f49014fe3af054d2a364a50390449f0738e1936e14d79305
                        • Instruction ID: b09253173f714e24cd8be93a5c3af46e4e3225274e1b7100defcf3b0bae73c3e
                        • Opcode Fuzzy Hash: 90a6673631f63363f49014fe3af054d2a364a50390449f0738e1936e14d79305
                        • Instruction Fuzzy Hash: 8312A070A102199FDB14DF69C884BAEBBF6BF88300F248569E506DB395EB309D45CB90
                        Function 0741F236 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q$Te_q
                        • API String ID: 0-1615656442
                        • Opcode ID: ee75c51b8fc34917f58944afd593ab31127ae1982b9ac55985037a1cb82a8995
                        • Instruction ID: 8e0f60ab2050620bd5a966325d68d5e41aaa5a532d8af87cb5df210b53854a00
                        • Opcode Fuzzy Hash: ee75c51b8fc34917f58944afd593ab31127ae1982b9ac55985037a1cb82a8995
                        • Instruction Fuzzy Hash: 819145B4E052088FDB08DFA9D8446EEBBF2FF89310F24852AD415AB356D7356906CF51
                        Function 0741F211 Relevance: 2.7, Strings: 2, Instructions: 204COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q$Te_q
                        • API String ID: 0-1615656442
                        • Opcode ID: c85bd0a49f47d09a82126bcaa8a2a0e397296f374e53b9300aa7a8a30c5ce296
                        • Instruction ID: 7cf95c0f8ffb5ed730e1162d580575afefac9bba491d2e1c8be0c387f7bd46bb
                        • Opcode Fuzzy Hash: c85bd0a49f47d09a82126bcaa8a2a0e397296f374e53b9300aa7a8a30c5ce296
                        • Instruction Fuzzy Hash: 058124B4E052088FDB08DFA9C8946EEBBF2FF89310F14852AD415AB365D7345906CF51
                        Function 0741F299 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q$Te_q
                        • API String ID: 0-1615656442
                        • Opcode ID: 86f780867f9f4911dde96dc30248466b6d343f66e15ab8cec3c41bca4efaab67
                        • Instruction ID: 845921778f4050fd40f65c920f134c58ce7d36ac1cb0be6e1b641b6a64bd41d6
                        • Opcode Fuzzy Hash: 86f780867f9f4911dde96dc30248466b6d343f66e15ab8cec3c41bca4efaab67
                        • Instruction Fuzzy Hash: 948104B4E052088FDB08DFA9C8946EEBBF2FF89310F14856AD415AB355D7345906CF51
                        Function 0740CA70 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Q+(i$Q+(i
                        • API String ID: 0-3998099878
                        • Opcode ID: c0ce13ee17df857a36117260a7243d7f31116d4d62c3b6d94eab62402cc652e8
                        • Instruction ID: 8748db26126df9a25b02c40d3a8c0fe30ccdcfb7d2ecb95656c5237dcb8d1fa3
                        • Opcode Fuzzy Hash: c0ce13ee17df857a36117260a7243d7f31116d4d62c3b6d94eab62402cc652e8
                        • Instruction Fuzzy Hash: 9C81F2B0D01219CFCB04CFA5D9846EEBBB2FF89300F24952AD416BB294D7345A46CFA4
                        Function 0741F2C8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q$Te_q
                        • API String ID: 0-1615656442
                        • Opcode ID: 01ff2deac785ef6d0ac6e446ae031ac6dab989ce07cdf3b6e8e59439312fbfe2
                        • Instruction ID: fff9a56e186b64b11dae64f5db1d1b026d5d7a89467c10dbac58515119d474ba
                        • Opcode Fuzzy Hash: 01ff2deac785ef6d0ac6e446ae031ac6dab989ce07cdf3b6e8e59439312fbfe2
                        • Instruction Fuzzy Hash: 5971B3B4E012198FDB08DFA9C9946EEBBB2FF89300F10852AD515AB359D7745906CF50
                        Function 07405500 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Q!$$_q
                        • API String ID: 0-4001421713
                        • Opcode ID: 46413a919294346b085f1cacc2163b5c9d5fea574a4fb7afdf4b85db5b6a04fd
                        • Instruction ID: e10db5f0f0676da1ab3395370d092a4365b0cb5f472b93782eea91b6c195bf00
                        • Opcode Fuzzy Hash: 46413a919294346b085f1cacc2163b5c9d5fea574a4fb7afdf4b85db5b6a04fd
                        • Instruction Fuzzy Hash: F371D5B4E00209DFDB04CFA5D9559AEBBB2FF88310F20852AE405A7765DB385945CF91
                        Function 012848A0 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q$PH_q
                        • API String ID: 0-3760492949
                        • Opcode ID: bbbfee6a6d2bbc5ddddc9572f0a2582be3efb909f37606dec47a8affd976b768
                        • Instruction ID: 5de06177e39aac7adf31c124f0edcf8f45f8b58a38ce883bd29361ea4eb71710
                        • Opcode Fuzzy Hash: bbbfee6a6d2bbc5ddddc9572f0a2582be3efb909f37606dec47a8affd976b768
                        • Instruction Fuzzy Hash: 9561F174E112598FEB18EFAAC954B9DFBF2BF88300F248169D508AB359DB315945CF10
                        Function 0740C4D8 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON
                        Download Yara Rule
                        APIs
                        • CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 0740C643
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: CreateProcessUser
                        • String ID:
                        • API String ID: 2217836671-0
                        • Opcode ID: 78179bd5c9dc27d15ffea1b7ecb26bd0ef5ec154a4c8d9c616e083b39e3231dd
                        • Instruction ID: 27efb8fd3abb3e1a87cf6e4b05cb16ba04a31ff7956a62bf6a6817dac53ddbc2
                        • Opcode Fuzzy Hash: 78179bd5c9dc27d15ffea1b7ecb26bd0ef5ec154a4c8d9c616e083b39e3231dd
                        • Instruction Fuzzy Hash: 05513DB1D0022ADFCB20CF99C840BDDBBB5BF48314F0085AAE519B7250DB719A85CFA0
                        Function 0128CFA3 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q
                        • API String ID: 0-823545363
                        • Opcode ID: c0719fdbe8e7d47915ee92b8c1a200e6602d837793b0989e8d1aa8bccc53d669
                        • Instruction ID: 5db3a20a0376a25f7fb149c40a09f99be1ce67451a1b3001c2df646295658ea5
                        • Opcode Fuzzy Hash: c0719fdbe8e7d47915ee92b8c1a200e6602d837793b0989e8d1aa8bccc53d669
                        • Instruction Fuzzy Hash: 62B1E274A01319CFDB28DFB5C494A9EBBB2FF89305F209469D406AB3A4CB759946CF10
                        Function 0128CFA8 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Te_q
                        • API String ID: 0-823545363
                        • Opcode ID: d32c23d5474ad5c0dbcb3a0a1b3ec008e142a5098ccca6295ec759306268bccb
                        • Instruction ID: bb9cdea7cbdf92cb3bee8469da9f94fdc648c19d4661c115f1e7b93d0f91a00e
                        • Opcode Fuzzy Hash: d32c23d5474ad5c0dbcb3a0a1b3ec008e142a5098ccca6295ec759306268bccb
                        • Instruction Fuzzy Hash: 5DB1E274A01219CFDB28DFB5C494A9EBBB2FF89305F209469D406AB3A4CB759946CF10
                        Function 0741D40A Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: <
                        • API String ID: 0-4251816714
                        • Opcode ID: 79f294db1dbfaf6b1b6496a28c5119c45811800f5c43ff815c425a0f013cb9d9
                        • Instruction ID: 7c55c5544c263c3047cd7f5bf730061e8b5a21fbba3cf73c10271da4a252bb0b
                        • Opcode Fuzzy Hash: 79f294db1dbfaf6b1b6496a28c5119c45811800f5c43ff815c425a0f013cb9d9
                        • Instruction Fuzzy Hash: C26177B5E01658CFDB58CFAAC9446DDBBF2AF89301F14C1AAD408AB325DB345A85CF50
                        Function 07412E78 Relevance: 1.1, Instructions: 1088COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 97f3c6ef6d74794ed88acd355e4bbc26cfcc723c76d4bf2782b783a76d32b6da
                        • Instruction ID: fbd414e3ecad5d18b87923f57735485e447541bf3b362e9f0a72a3698089b6f2
                        • Opcode Fuzzy Hash: 97f3c6ef6d74794ed88acd355e4bbc26cfcc723c76d4bf2782b783a76d32b6da
                        • Instruction Fuzzy Hash: 6472DE71A142158FC709FFB8D89856DBFF2BF89204F51896AD089D7351EF38980ACB52
                        Function 06034420 Relevance: .6, Instructions: 596COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798231181.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6030000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a8c11b50180b4d2abf5bf1a8e8e89d16ba8de7d7cb11496bb33214f09922ecf2
                        • Instruction ID: daa481da3d40ae2ed100c571e738e59e322e578783dc23c75800fd76fd9eb571
                        • Opcode Fuzzy Hash: a8c11b50180b4d2abf5bf1a8e8e89d16ba8de7d7cb11496bb33214f09922ecf2
                        • Instruction Fuzzy Hash: 54526B34A002568FCB14DF28C944B99B7F2FF89314F2182A9D4586F3A5DB71AD86CF81
                        Function 06034400 Relevance: .6, Instructions: 590COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798231181.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6030000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5880d697bf976e8cd8ee6b9ec08e5feca5555b9d08964a7516ceb943d419812
                        • Instruction ID: fa066f2c1b4b5e2bbf17ae379af5db963f61f5f4787f4fb4c0e7d75d19c81cea
                        • Opcode Fuzzy Hash: a5880d697bf976e8cd8ee6b9ec08e5feca5555b9d08964a7516ceb943d419812
                        • Instruction Fuzzy Hash: EF525A34A003568FCB14DF28C944B99B7F2FF89314F2582A9D4586F3A5DB71AD86CB81
                        Function 0817F804 Relevance: .3, Instructions: 305COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06c79d0edf7e3be7f49530f65e75dff42071343c194db35db19ee78ae89bfe74
                        • Instruction ID: 4b793ce46058cce9728a01ad25dd3acdd0f793c1064b1d2e387ad87f85bfe5b9
                        • Opcode Fuzzy Hash: 06c79d0edf7e3be7f49530f65e75dff42071343c194db35db19ee78ae89bfe74
                        • Instruction Fuzzy Hash: 94D18D74E0520ADFCB08CFA9C4908AFFBB2FF89311B15C559D415AB215D735AA86CF90
                        Function 07407810 Relevance: .3, Instructions: 284COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e387f0beeb131db6de5d3552cdc16e3de174ae7e8cdd56259ac77c7908b43b5a
                        • Instruction ID: 630299f17a399b728540181c1202085b5bbd8b001d9d8b85492b4db4517d778d
                        • Opcode Fuzzy Hash: e387f0beeb131db6de5d3552cdc16e3de174ae7e8cdd56259ac77c7908b43b5a
                        • Instruction Fuzzy Hash: A6D126B0A102698FDB65CF65C9447DDFBB2FF89300F10C9EAD40AA7255D774AA868F40
                        Function 0817F82F Relevance: .3, Instructions: 280COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7eb095deacb46662e1b429dcda52588ada2f6a61ddf1f0966c5b7643ae708966
                        • Instruction ID: f90d4a81fb8e3fb0603305c5256d65fb561f5c18c1f60e56bcf12333cea2cd31
                        • Opcode Fuzzy Hash: 7eb095deacb46662e1b429dcda52588ada2f6a61ddf1f0966c5b7643ae708966
                        • Instruction Fuzzy Hash: 78C15C70E0520ADFDB08CFA9C4908AFFBB2FF89311B15C559D415AB255D734AA46CF90
                        Function 0817F823 Relevance: .3, Instructions: 273COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c15907d68ecf9259b4d712a9685167ed8ac5d200c69e7d78f1908340cb9d07cb
                        • Instruction ID: f1192ef90c957e0945752baa61aa1533bd23bd9efe17315ed3b22a0576997bf7
                        • Opcode Fuzzy Hash: c15907d68ecf9259b4d712a9685167ed8ac5d200c69e7d78f1908340cb9d07cb
                        • Instruction Fuzzy Hash: 78C15A70E0020ADFDB08CFA9C5908AFFBB2FF88311B15C559D415AB255DB35AA86CF90
                        Function 07406EB0 Relevance: .2, Instructions: 150COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5af385edb8e42f1ddb3ac797a80df53e8a0bdd929231c90ca7e1a002419f279c
                        • Instruction ID: 90200f608c6dba686d9f84fddd74c65d46abb54132637a6862dd04679ab9b407
                        • Opcode Fuzzy Hash: 5af385edb8e42f1ddb3ac797a80df53e8a0bdd929231c90ca7e1a002419f279c
                        • Instruction Fuzzy Hash: 746118B0E0031ADFDB04DFA5D9946EEBBB1FB89310F10882AD416A7381D7785906CF91
                        Function 0741F9F2 Relevance: .1, Instructions: 149COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0fc6636ff75f08851c8f7317c6127bfa7161a5ce727d967c18c45a83c525e44f
                        • Instruction ID: d6c031512fa8f6b833e8d26f4c5259fc6b22a9483273070ee217efb47871ddf6
                        • Opcode Fuzzy Hash: 0fc6636ff75f08851c8f7317c6127bfa7161a5ce727d967c18c45a83c525e44f
                        • Instruction Fuzzy Hash: F8516BB0E152098FCB08CFAAC5505EEFBF2EF89350F24D46AD419A7255D7384A06CF64
                        Function 07406E9F Relevance: .1, Instructions: 144COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aa0095401b0f1211e2a37285c7bbe4d1451c19b9e04a9cc74ba4908285ebe865
                        • Instruction ID: 552f425dcffd51d464325d2878d853cdc9ef30a5aee3b2f06efe468410811690
                        • Opcode Fuzzy Hash: aa0095401b0f1211e2a37285c7bbe4d1451c19b9e04a9cc74ba4908285ebe865
                        • Instruction Fuzzy Hash: 14512BB0E1031ADFDB04CFA5C9586EEBBB1FF89310F10892AD416A7285D7785906CF91
                        Function 07406C68 Relevance: .1, Instructions: 121COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56329d667feb6f8596c7395aed2f855a68dee04ddb0a26d3f8b25edc4af811f4
                        • Instruction ID: be0aa0899a551075dbe9a7d99e74db1da0beb26a77aad2d6751de2ef9a4befee
                        • Opcode Fuzzy Hash: 56329d667feb6f8596c7395aed2f855a68dee04ddb0a26d3f8b25edc4af811f4
                        • Instruction Fuzzy Hash: ED414CB4D1920A9FCB04CFA6D8415EEBBB1FF8A310F10D82AD412A7390D7784656CF91
                        Function 07406C78 Relevance: .1, Instructions: 118COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5a55fd8f0194f6040c5c7dfeb489607326d96e287db8eb274b2c0319aff6f84
                        • Instruction ID: 1be4a0558fedf0739a36d8ed2f69b8b18e61a74d22f9ae94195dbbac44c0b7ab
                        • Opcode Fuzzy Hash: a5a55fd8f0194f6040c5c7dfeb489607326d96e287db8eb274b2c0319aff6f84
                        • Instruction Fuzzy Hash: C6415AB0D2520A9BCB04CFA6C9405EEFBB5FF89310F11982AD412B7394D7384666CFA5
                        Function 0817E91F Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e16cf3a6f66f9a9b20d284e81b84e815966f385d95e3f5387983666b5d79af47
                        • Instruction ID: 42ee45ba5a13283796cadbb25896a8c308cbccb355ccfc1bc0e189f60ad000f7
                        • Opcode Fuzzy Hash: e16cf3a6f66f9a9b20d284e81b84e815966f385d95e3f5387983666b5d79af47
                        • Instruction Fuzzy Hash: C43129B0E056588FDB19CFAAC8543CEBFF2AFC9310F18C1AAD414AA265DB740945CF50
                        Function 0817E948 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13a4eb111a6e13682d8558464a4f57ac6e7718b7c6e9b3bf585a1217143ef773
                        • Instruction ID: 7eca3986f0e3233fee877217d32ea972c3165c6b230e3d01736407dbf5a8cbb6
                        • Opcode Fuzzy Hash: 13a4eb111a6e13682d8558464a4f57ac6e7718b7c6e9b3bf585a1217143ef773
                        • Instruction Fuzzy Hash: A421E4B1E006188BEB18CFABD9443DEFBF2AFC8311F14C16AD409A6254DB751A46CF90
                        Function 01287A41 Relevance: 11.8, Strings: 9, Instructions: 519COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o_q$(o_q$(o_q$(o_q$(o_q$(o_q$(o_q$,cq$,cq
                        • API String ID: 0-2006360050
                        • Opcode ID: 6a935fda115e87e69bbebb121d73520197a19fd865c210b9350d533ff1f1c719
                        • Instruction ID: 65cd5f556c520d6ee681e36b4892f14b1f4df1c1daac633e749ec85dada0a40e
                        • Opcode Fuzzy Hash: 6a935fda115e87e69bbebb121d73520197a19fd865c210b9350d533ff1f1c719
                        • Instruction Fuzzy Hash: C9227E30A1120A9FCB15EF69C984AAEBBF2FF88314F248569E515DB3A5D730ED41CB50
                        Function 01288B18 Relevance: 4.6, Strings: 3, Instructions: 815COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4561 1288b18-1289006 4636 1289558-128958d 4561->4636 4637 128900c-128901c 4561->4637 4641 1289599-12895b7 4636->4641 4642 128958f-1289594 4636->4642 4637->4636 4638 1289022-1289032 4637->4638 4638->4636 4639 1289038-1289048 4638->4639 4639->4636 4643 128904e-128905e 4639->4643 4654 12895b9-12895c3 4641->4654 4655 128962e-128963a 4641->4655 4644 128967e-1289683 4642->4644 4643->4636 4645 1289064-1289074 4643->4645 4645->4636 4647 128907a-128908a 4645->4647 4647->4636 4648 1289090-12890a0 4647->4648 4648->4636 4650 12890a6-12890b6 4648->4650 4650->4636 4651 12890bc-12890cc 4650->4651 4651->4636 4653 12890d2-12890e2 4651->4653 4653->4636 4656 12890e8-1289557 4653->4656 4654->4655 4662 12895c5-12895d1 4654->4662 4660 128963c-1289648 4655->4660 4661 1289651-128965d 4655->4661 4660->4661 4668 128964a-128964f 4660->4668 4669 128965f-128966b 4661->4669 4670 1289674-1289676 4661->4670 4671 12895d3-12895de 4662->4671 4672 12895f6-12895f9 4662->4672 4668->4644 4669->4670 4682 128966d-1289672 4669->4682 4670->4644 4671->4672 4680 12895e0-12895ea 4671->4680 4673 12895fb-1289607 4672->4673 4674 1289610-128961c 4672->4674 4673->4674 4686 1289609-128960e 4673->4686 4678 128961e-1289625 4674->4678 4679 1289684-12896e0 call 1289847 4674->4679 4678->4679 4683 1289627-128962c 4678->4683 4693 12896e2-12896ed 4679->4693 4694 12896f3 4679->4694 4680->4672 4689 12895ec-12895f1 4680->4689 4682->4644 4683->4644 4686->4644 4689->4644 4693->4694 4698 1289776-12897c8 4693->4698 4780 12896f6 call 1289d20 4694->4780 4781 12896f6 call 1289d12 4694->4781 4697 12896fc-12896fe 4699 12897cf-1289814 call 1288590 4697->4699 4700 1289704-1289761 4697->4700 4698->4699 4718 1289825-1289833 4699->4718 4719 1289816-1289823 4699->4719 4710 128976a-1289773 4700->4710 4724 1289841 4718->4724 4725 1289835-128983f 4718->4725 4728 1289843-1289846 4719->4728 4724->4728 4725->4728 4780->4697 4781->4697
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o_q$$_q$$_q
                        • API String ID: 0-2711016522
                        • Opcode ID: cad2190022eae7184e5aa3638a8b388b2213f15703aed1d07c04eab554b46a86
                        • Instruction ID: d9b5cf5b6a5e29172cbef4c9dc47041e47d5df3486011f2f9a649e8f344746e5
                        • Opcode Fuzzy Hash: cad2190022eae7184e5aa3638a8b388b2213f15703aed1d07c04eab554b46a86
                        • Instruction Fuzzy Hash: DB725474A10219CFDB15EBA5C864BAEBBB3FF94300F1081A9D10AAB399CE359D45CF51
                        Function 01289D20 Relevance: 3.9, Strings: 3, Instructions: 198COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4862 1289d20-1289d3f 4864 1289ea2-1289f36 4862->4864 4865 1289d45-1289d47 4862->4865 4907 1289f38-1289f42 4864->4907 4908 1289f55-1289f59 4864->4908 4866 1289d49-1289d53 4865->4866 4867 1289d84-1289d96 call 12801c0 4865->4867 4873 1289d7d-1289d7f 4866->4873 4874 1289d55-1289d78 4866->4874 4877 1289d98-1289da1 4867->4877 4878 1289da3-1289da5 4867->4878 4876 1289e9a-1289e9f 4873->4876 4874->4876 4877->4878 4881 1289db3-1289db5 4878->4881 4882 1289da7-1289db1 4878->4882 4881->4876 4882->4881 4888 1289dba-1289dcc 4882->4888 4895 1289dce-1289de0 4888->4895 4896 1289df1-1289dff 4888->4896 4895->4896 4905 1289de2-1289dec 4895->4905 4900 1289e08-1289e12 4896->4900 4901 1289e01-1289e03 4896->4901 4909 1289e42-1289e4c 4900->4909 4910 1289e14-1289e1e 4900->4910 4901->4876 4905->4876 4922 1289f4a-1289f54 4907->4922 4916 1289e4e-1289e58 4909->4916 4917 1289e71-1289e77 4909->4917 4910->4909 4915 1289e20-1289e26 4910->4915 4918 1289e28 4915->4918 4919 1289e2a-1289e36 4915->4919 4916->4917 4928 1289e5a-1289e6f call 12802b8 4916->4928 4920 1289e79-1289e82 call 1285d98 4917->4920 4921 1289e90-1289e92 4917->4921 4923 1289e38-1289e40 4918->4923 4919->4923 4920->4921 4930 1289e84-1289e8e 4920->4930 4921->4876 4923->4876 4928->4876 4930->4876
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq$$_q$$_q
                        • API String ID: 0-3221398524
                        • Opcode ID: 099b0a207f1b32ec782695be4ac22936e744871ebd79346728071712e9bf66fd
                        • Instruction ID: 40ce595ea9f4fd8fee6bd2ddca1113e06f881c4f87a6961d9a9a8cd073dd6e97
                        • Opcode Fuzzy Hash: 099b0a207f1b32ec782695be4ac22936e744871ebd79346728071712e9bf66fd
                        • Instruction Fuzzy Hash: C351A031B651128FDF197B3A886C63E3FE6AFC5645318486AE607CB3D5DE24CC428791
                        Function 0817FE20 Relevance: 3.8, Strings: 3, Instructions: 66COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4976 817fe20-817fe4e 4977 817fe55-817fe5a 4976->4977 4978 817fe50 4976->4978 4979 817fe63 4977->4979 4978->4977 4980 817fe6a-817fe86 4979->4980 4981 817fe8f-817fe90 4980->4981 4982 817fe88 4980->4982 4985 817fefd-817ff01 4981->4985 4982->4979 4982->4981 4983 817fed6-817fef8 4982->4983 4984 817fe92-817fea6 4982->4984 4982->4985 4983->4980 4987 817feb9-817fec0 4984->4987 4988 817fea8-817feb7 4984->4988 4989 817fec7-817fed4 4987->4989 4988->4989 4989->4980
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: tu}s$tu}s${ :
                        • API String ID: 0-3169588376
                        • Opcode ID: c3e9883f3af13e9443bd6ec5b8fe37ae167baee2d3fb331136a1c310234661f8
                        • Instruction ID: d405a1f6525ea5f084af28d26df5a938975dee29945066cac9403afe0fd4a5b2
                        • Opcode Fuzzy Hash: c3e9883f3af13e9443bd6ec5b8fe37ae167baee2d3fb331136a1c310234661f8
                        • Instruction Fuzzy Hash: 46211970E052499FDB08CFA9C940AAFBFF1FF89300F15C5AAD405A7266DB309A42DB51
                        Function 0817FE30 Relevance: 3.8, Strings: 3, Instructions: 63COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 4990 817fe30-817fe4e 4991 817fe55-817fe5a 4990->4991 4992 817fe50 4990->4992 4993 817fe63 4991->4993 4992->4991 4994 817fe6a-817fe86 4993->4994 4995 817fe8f-817fe90 4994->4995 4996 817fe88 4994->4996 4999 817fefd-817ff01 4995->4999 4996->4993 4996->4995 4997 817fed6-817fef8 4996->4997 4998 817fe92-817fea6 4996->4998 4996->4999 4997->4994 5001 817feb9-817fec0 4998->5001 5002 817fea8-817feb7 4998->5002 5003 817fec7-817fed4 5001->5003 5002->5003 5003->4994
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: tu}s$tu}s${ :
                        • API String ID: 0-3169588376
                        • Opcode ID: ea6ed7fba7cb0f7b838c48ff08389d6b50465588132f4be4a4c747db2d266436
                        • Instruction ID: 5bc2e616ac7b6a1ff0ab7b5f6cfdc7319a6c5225181edeee3aed0f50810daca1
                        • Opcode Fuzzy Hash: ea6ed7fba7cb0f7b838c48ff08389d6b50465588132f4be4a4c747db2d266436
                        • Instruction Fuzzy Hash: 0221F4B0E01609DFDB08DFA9C940AAEFBF2BF89301F11C5AAD414A7215DB309A42CB51
                        Function 012861E0 Relevance: 2.9, Strings: 2, Instructions: 431COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5266 12861e0-12861f7 5267 12861f9-1286211 5266->5267 5268 1286213-1286223 call 1285c28 5266->5268 5273 1286228-128622d 5267->5273 5268->5273 5406 128622f call 12864d8 5273->5406 5407 128622f call 12861e0 5273->5407 5408 128622f call 12861d1 5273->5408 5274 1286235-128623b 5275 12864c1-12864e6 5274->5275 5276 1286241-128624f 5274->5276 5281 12864e8-12864ee 5275->5281 5282 12864f5-1286507 5275->5282 5279 1286251-1286258 5276->5279 5280 12862a7-12862b0 5276->5280 5285 128625e-1286263 5279->5285 5286 12863b1-12863dd 5279->5286 5283 12863e4-1286410 5280->5283 5284 12862b6-12862ba 5280->5284 5281->5282 5292 128659b-128659f call 1286728 5282->5292 5293 128650d-1286511 5282->5293 5338 1286417-1286481 5283->5338 5288 12862cb-12862e0 5284->5288 5289 12862bc-12862c5 5284->5289 5290 128627b-1286289 5285->5290 5291 1286265-128626b 5285->5291 5286->5283 5404 12862e3 call 1286c69 5288->5404 5405 12862e3 call 1286d00 5288->5405 5289->5283 5289->5288 5307 128628b-128628d 5290->5307 5308 1286292-12862a2 5290->5308 5295 128626d 5291->5295 5296 128626f-1286279 5291->5296 5302 12865a5-12865ab 5292->5302 5298 1286521-128652e 5293->5298 5299 1286513-128651f 5293->5299 5295->5290 5296->5290 5321 1286530-128653a 5298->5321 5299->5321 5300 12862e9-12862f0 5303 128630b-128630f 5300->5303 5304 12862f2-12862fd 5300->5304 5310 12865ad-12865b3 5302->5310 5311 12865b7-12865be 5302->5311 5314 1286488-12864ba 5303->5314 5315 1286315-1286319 5303->5315 5412 1286300 call 1288b18 5304->5412 5413 1286300 call 128974d 5304->5413 5414 1286300 call 12896a0 5304->5414 5415 1286300 call 1288b13 5304->5415 5316 12863a7-12863ae 5307->5316 5308->5316 5319 1286619-1286678 5310->5319 5320 12865b5 5310->5320 5314->5275 5315->5314 5324 128631f-128632a 5315->5324 5347 128667f-12866a3 5319->5347 5320->5311 5332 128653c-128654b 5321->5332 5333 1286567-128656b 5321->5333 5322 1286306 5322->5316 5324->5314 5334 1286330-128635d 5324->5334 5350 128655b-1286565 5332->5350 5351 128654d-1286554 5332->5351 5335 128656d-1286573 5333->5335 5336 1286577-128657b 5333->5336 5334->5314 5346 1286363-1286372 5334->5346 5340 12865c1-1286612 5335->5340 5341 1286575 5335->5341 5336->5311 5342 128657d-1286581 5336->5342 5338->5314 5340->5319 5341->5311 5342->5347 5348 1286587-1286599 5342->5348 5409 1286375 call 1288b18 5346->5409 5410 1286375 call 12896a0 5346->5410 5411 1286375 call 1288b13 5346->5411 5361 12866a9-12866ab 5347->5361 5362 12866a5-12866a7 5347->5362 5348->5311 5350->5333 5351->5350 5355 128637b-128637f 5355->5338 5359 1286385-1286393 call 128ed58 5355->5359 5369 1286399-128639f 5359->5369 5365 12866bc-12866be 5361->5365 5366 12866ad-12866b1 5361->5366 5364 1286721-1286724 5362->5364 5373 12866c0-12866c4 5365->5373 5374 12866d1-12866d7 5365->5374 5371 12866b3-12866b5 5366->5371 5372 12866b7-12866ba 5366->5372 5369->5314 5381 12863a5 5369->5381 5371->5364 5372->5364 5375 12866ca-12866cf 5373->5375 5376 12866c6-12866c8 5373->5376 5378 12866d9-1286700 5374->5378 5379 1286702-1286704 5374->5379 5375->5364 5376->5364 5386 128670b-128670d 5378->5386 5379->5386 5381->5316 5388 128670f-1286711 5386->5388 5389 1286713-1286715 5386->5389 5388->5364 5390 128671e 5389->5390 5391 1286717-128671c 5389->5391 5390->5364 5391->5364 5404->5300 5405->5300 5406->5274 5407->5274 5408->5274 5409->5355 5410->5355 5411->5355 5412->5322 5413->5322 5414->5322 5415->5322
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq$Hcq
                        • API String ID: 0-4088181183
                        • Opcode ID: e2701e4083703b06d2e7456a0510d4fba494e5e972057cedfed31d58568a5de4
                        • Instruction ID: 974ac2717a4c76eb27a7c331b932e2c3b54688ee8829bd61a47956b186196fe6
                        • Opcode Fuzzy Hash: e2701e4083703b06d2e7456a0510d4fba494e5e972057cedfed31d58568a5de4
                        • Instruction Fuzzy Hash: 63E1E030B202169FDB15AF68C858B7E7BA3AB88710F148929E606CB3D5DF74DC45CB91
                        Function 08171D28 Relevance: 2.9, Strings: 2, Instructions: 415COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 5416 8171d28-8171d3a 5417 8171d3c-8171d59 5416->5417 5418 8171d9a-8171e0e 5416->5418 5506 8171d5b call 8113a14 5417->5506 5507 8171d5b call 811e08c 5417->5507 5425 8171e15-8171e1d 5418->5425 5424 8171d60-8171d64 5424->5425 5426 8171d6a-8171d70 5424->5426 5431 8171e24-8171e60 5425->5431 5429 8171d76-8171d7a 5426->5429 5429->5431 5432 8171d80-8171d99 5429->5432 5441 8171e62-8171e68 5431->5441 5442 8171e69-817227f 5431->5442 5506->5424 5507->5424
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq$Hcq
                        • API String ID: 0-4088181183
                        • Opcode ID: ad523cd90dc96b9b74e9a2b917000d1ee5f5d56c373d03c87a89c5f0c40919b5
                        • Instruction ID: 6f2c3ee07ebaf73ebec5f66dd1bff878869075aa1dcc6f70694795310be61f59
                        • Opcode Fuzzy Hash: ad523cd90dc96b9b74e9a2b917000d1ee5f5d56c373d03c87a89c5f0c40919b5
                        • Instruction Fuzzy Hash: 5BD1B231B142158BDB04BBB8D85416EBBB6EFC9300F40896DD48AE7395DF389C4AC766
                        Function 012868D0 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: ,cq$,cq
                        • API String ID: 0-2927840315
                        • Opcode ID: 4ebf03631b0afffb2b4c5b49a34ddb6fe1d5752c966665532ae366133b7ca4d7
                        • Instruction ID: 7e10e0844dd2bcf9848ddc15fa2e5203671d82db9287ce4f47319878d6e6cd92
                        • Opcode Fuzzy Hash: 4ebf03631b0afffb2b4c5b49a34ddb6fe1d5752c966665532ae366133b7ca4d7
                        • Instruction Fuzzy Hash: 7F819E30A21106CFCB14EF6DC884AAABBB2BF88314F158169D605AB3E5D731E841CB91
                        Function 0128F2A8 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'_q$Xcq
                        • API String ID: 0-55182120
                        • Opcode ID: e48551055b09b750651f1e5aa8b6783d636969ab4a6c34b47f289c9abcdc66f0
                        • Instruction ID: 5f4ae942941e5d0bd115dff230554ffdb22c41651ece7cb55437f2bce765ffb8
                        • Opcode Fuzzy Hash: e48551055b09b750651f1e5aa8b6783d636969ab4a6c34b47f289c9abcdc66f0
                        • Instruction Fuzzy Hash: 8F8137316122469FCB06EF7DD9186AE7FF2EF85310F1440AAE905CB2A6DB309D15CB90
                        Function 0128FA58 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq$Hcq
                        • API String ID: 0-4088181183
                        • Opcode ID: 0949927658215f1531e7678c19ae728f7be1a94acda52f37ac2e0ed341c1b0b0
                        • Instruction ID: bcece39926e6d6000a78d0ef0e7a61f54052811423bc2a64854634c417666c03
                        • Opcode Fuzzy Hash: 0949927658215f1531e7678c19ae728f7be1a94acda52f37ac2e0ed341c1b0b0
                        • Instruction Fuzzy Hash: 8141FF712252568FDB01EF28C944ABEBBE2FF88314F198859E9059B3D1DB34CC11CBA0
                        Function 08173E6B Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: D$@D6
                        • API String ID: 0-1118780540
                        • Opcode ID: 09afcd931d386fd8b60a5553a9df38cf0d9814322e1111e31ee6d93cc623dfb5
                        • Instruction ID: d425a022c7393fe2fd4fac9c2e8dab293dff025a44eb2ca35d4a82c2b72bb28f
                        • Opcode Fuzzy Hash: 09afcd931d386fd8b60a5553a9df38cf0d9814322e1111e31ee6d93cc623dfb5
                        • Instruction Fuzzy Hash: F631645280E3C25FC70387B88C656957FB0AE43120B1A06EBC0D1CF6E3EA19090AC763
                        Function 08172F6F Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: TJdq$Te_q
                        • API String ID: 0-3934155944
                        • Opcode ID: 6d5c197fa01362857cd2665d417fc7e6f623f23e392c88e88d8d37067731561d
                        • Instruction ID: 4b9873a14487a5a18ccb062ab1b1b56674c27eb7dfafe2f129a77a9c1117a555
                        • Opcode Fuzzy Hash: 6d5c197fa01362857cd2665d417fc7e6f623f23e392c88e88d8d37067731561d
                        • Instruction Fuzzy Hash: 3431E7717142118FC709BBB8E85852E7BF6FF89614B41489DE449DB352DE349C0AC366
                        Function 08172F88 Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: TJdq$Te_q
                        • API String ID: 0-3934155944
                        • Opcode ID: af1f97b357503429182f68310349046ed747ce5b80037de40eeaee73200b0d66
                        • Instruction ID: c2c24d72d727dc88f4ae3fb801d57fa7c60e89430250bc919e24ba04dbdb1d40
                        • Opcode Fuzzy Hash: af1f97b357503429182f68310349046ed747ce5b80037de40eeaee73200b0d66
                        • Instruction Fuzzy Hash: 392191317101158FC708BBB9E85892EBBF6FF89614B41486DE449D7351DE349C0A83A6
                        Function 0817C6C8 Relevance: 2.1, Strings: 1, Instructions: 884COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: bca1c2b0097f92a2e24bbd099cfa12badea13b0a73d17c75e27ed113c31fe312
                        • Instruction ID: 0b3a00734bfe52a86f679d47f7e7fee60a2929e6324b9d3ba483c070742f4295
                        • Opcode Fuzzy Hash: bca1c2b0097f92a2e24bbd099cfa12badea13b0a73d17c75e27ed113c31fe312
                        • Instruction Fuzzy Hash: 87629C70A152188FCB18BFB8E59966CBBF1EF88304F4144ADE44AE7355DF385849CB62
                        Function 0817CBC5 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: @
                        • API String ID: 0-2766056989
                        • Opcode ID: 521b607fdec56b68c27712ed57cb7e648ab321fbb10a7964a6767e86bc3dbcd2
                        • Instruction ID: 4b93357948b039b82b4337c93cf7470906d4cf015054acc8cb0e3e4ff1f129a2
                        • Opcode Fuzzy Hash: 521b607fdec56b68c27712ed57cb7e648ab321fbb10a7964a6767e86bc3dbcd2
                        • Instruction Fuzzy Hash: 6812DE70A1A2188FCB19AF74E95929C7FF1EF89300F0144ADE44AE7355EB385C49CB62
                        Function 01287FD8 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (o_q
                        • API String ID: 0-493409505
                        • Opcode ID: 2cd222258f5e249765ffdf77621f92bee04e2fe4ba1a80f8e8f73f9da88e3750
                        • Instruction ID: 993758bb83a15ca3df63d46c45c35a25e0865fa406a982465d65698ed04d0bd1
                        • Opcode Fuzzy Hash: 2cd222258f5e249765ffdf77621f92bee04e2fe4ba1a80f8e8f73f9da88e3750
                        • Instruction Fuzzy Hash: 66128E31A11106CFCB25EF68D584AAEBBF2FF48300F5A8554E506DB2A6D734ED41CB61
                        Function 07404FFB Relevance: 1.6, APIs: 1, Instructions: 70memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 07405073
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: 1f053a2adbefa6689c62dcacaae277fe4478ae084e308c81f26efdc6a56dd198
                        • Instruction ID: 5fa7b65796079d34586de03ebbae7a23c11162fc1883040c9570f78260d17c4d
                        • Opcode Fuzzy Hash: 1f053a2adbefa6689c62dcacaae277fe4478ae084e308c81f26efdc6a56dd198
                        • Instruction Fuzzy Hash: 382128B5900249DFCB10DF9AD444AEEFBF4FB48310F10846AE858A3250D3759954CFA1
                        Function 0740E9F0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule
                        APIs
                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0740EA80
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 461bf2926589424725a0f27671fab8340e2df1a932df15a7398b9c6afc40abc7
                        • Instruction ID: d91c3588b6834d4001227cabfb3a9c5537229d71f60734122f3e2eefcc91d922
                        • Opcode Fuzzy Hash: 461bf2926589424725a0f27671fab8340e2df1a932df15a7398b9c6afc40abc7
                        • Instruction Fuzzy Hash: BC2127B19003199FCB10DFA9C985BEEBBF5FF48314F10882AE919A7240D7789955CFA0
                        Function 0740DFA8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 0740E026
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 74e91fb32ba9ec7d9dfb91932cb057350f817c1880bccd8e05d7dac121a3c13a
                        • Instruction ID: 50783ed1b7cd869a4ff3e1353c2955da03eacaca47d6392f3d4d20e2f8f12ba0
                        • Opcode Fuzzy Hash: 74e91fb32ba9ec7d9dfb91932cb057350f817c1880bccd8e05d7dac121a3c13a
                        • Instruction Fuzzy Hash: E52135B1D002198FDB14DFAAC4857EEBBF4BF48324F10842AD419A7241C778A945CFA1
                        Function 0740FAB8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0740FB36
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 0dcff3ee54db220d61d49d81d5c2b89c50129d65380ff180e67a7c796db8c003
                        • Instruction ID: 40274aac7d16f0e81cebd3398592e95987c5a86ba161ed70f4ed0ee41ee1cd2a
                        • Opcode Fuzzy Hash: 0dcff3ee54db220d61d49d81d5c2b89c50129d65380ff180e67a7c796db8c003
                        • Instruction Fuzzy Hash: CC2138B1D002098FDB20DFAAC5857EEBBF4AF48314F54842AD519A7240D778A945CFA1
                        Function 0740EEE8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                        Download Yara Rule
                        APIs
                        • VirtualProtectEx.KERNEL32(?,?,?,?,?), ref: 0740EF5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: fe43abc56b022c10308a040edc4199028783f839ca2086e52d56bc2672b0d089
                        • Instruction ID: 6a3e62c616645334dec52059bb39e35a4b23e0664e6bada39fee8046cb38538a
                        • Opcode Fuzzy Hash: fe43abc56b022c10308a040edc4199028783f839ca2086e52d56bc2672b0d089
                        • Instruction Fuzzy Hash: D62138B1C002099FCB10DFAAC444AEEBBF4EF48320F10842AD519A7240C7799945CFA1
                        Function 0741E5D0 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 0741E64B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: ce8f02cbf4d05976c01446ce31ce69e3ea1fc2b42234fbf4fca05128b7d64338
                        • Instruction ID: 3e5459489749c57033f1b2e3e4345ce0d67180f36f30c8caafdf1f1304432289
                        • Opcode Fuzzy Hash: ce8f02cbf4d05976c01446ce31ce69e3ea1fc2b42234fbf4fca05128b7d64338
                        • Instruction Fuzzy Hash: 192138B5D00249DFCB10DF9AC484BDEBBF4BB48320F14842AE858A3250D374A944CFA1
                        Function 0811BD20 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                        Download Yara Rule
                        APIs
                        • DeleteFileW.KERNEL32(00000000), ref: 0811BD90
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799597280.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8110000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: DeleteFile
                        • String ID:
                        • API String ID: 4033686569-0
                        • Opcode ID: b46b8ba48b8e6541dce74192ef7d437380bf9c483f32351bf6dd9dc3c416ec59
                        • Instruction ID: 3447854d3b504b4ce84f42068b6a7b39a9f54e230a92c84f7e40867aaec27f12
                        • Opcode Fuzzy Hash: b46b8ba48b8e6541dce74192ef7d437380bf9c483f32351bf6dd9dc3c416ec59
                        • Instruction Fuzzy Hash: 6D1133B1C0465A9BCB14CFAAC544BEEFBF4BF48324F11812AD818B7240D338A944CFA5
                        Function 0741E5D8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 0741E64B
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: c9f371a4c0a0a0ac113488cdbe62ea92cc86daa26c8a191cd0ece99e004b1dd6
                        • Instruction ID: af6f1cbb3dc951b02f52cf70c5aabc8dd0c056e718cd8ec41f47bfadc1667de8
                        • Opcode Fuzzy Hash: c9f371a4c0a0a0ac113488cdbe62ea92cc86daa26c8a191cd0ece99e004b1dd6
                        • Instruction Fuzzy Hash: DF21E4B5900259DFCB10DF9AC584BDEFBF4FB48320F50842AE958A7250D379A944CFA5
                        Function 07405000 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 07405073
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: 235bb9806170e3a7929cab9f1e50fe53d68bcc14cc556a03d9c8442df08ef7cf
                        • Instruction ID: 93049134cc676a9b81c3fefbcb7b5d26bdb65c09afbb72eb96c5630f1050e1ea
                        • Opcode Fuzzy Hash: 235bb9806170e3a7929cab9f1e50fe53d68bcc14cc556a03d9c8442df08ef7cf
                        • Instruction Fuzzy Hash: 2921E4B59002499FCB10DF9AC984BDEFBF4FB48320F10842AE958A7250D379A944CFA5
                        Function 0740E678 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0740E6E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: c5067b0a6b13b7237cebf8cbf5e6313b91a72fdb13612b24e821ac43a70b91bb
                        • Instruction ID: 95812c020bcb68bc8a14364ec4543f3eca3c92ad7fff5c461a8cc6d070f84b20
                        • Opcode Fuzzy Hash: c5067b0a6b13b7237cebf8cbf5e6313b91a72fdb13612b24e821ac43a70b91bb
                        • Instruction Fuzzy Hash: 3F1167B58002599FCB10DFAAC844ADFFFF5EF48320F10881AE519A7250C775A944CFA0
                        Function 0740FD40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: f5b8f9f43ae5c5bde887125651d66d93ae80ab64b19f50d5f4cabaef40ab33e6
                        • Instruction ID: 355b01da00ee098e988ab2336cf91def4b2aff2db05e372e8536016dc5e031f3
                        • Opcode Fuzzy Hash: f5b8f9f43ae5c5bde887125651d66d93ae80ab64b19f50d5f4cabaef40ab33e6
                        • Instruction Fuzzy Hash: 81113AB1D002498FCB20DFAAC5457DEFBF4AF88324F20842AD51AA7240C775A945CFA5
                        Function 02BF2650 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(?), ref: 02BF26A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 13ce9477728a916262f3ada517068d2b4b8a8b334fdace020967225ea2af3dba
                        • Instruction ID: 0e09863aa0c6398e8c2e270e4ab804ce0ed60c2b86084c72b96f0e5f56596b12
                        • Opcode Fuzzy Hash: 13ce9477728a916262f3ada517068d2b4b8a8b334fdace020967225ea2af3dba
                        • Instruction Fuzzy Hash: 1C1145B58003499FCB10DF9AC545BDEFBF4EB48320F20845AD919A7340D338A944CFA5
                        Function 02BF264E Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                        Download Yara Rule
                        APIs
                        • FindCloseChangeNotification.KERNEL32(?), ref: 02BF26A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: ChangeCloseFindNotification
                        • String ID:
                        • API String ID: 2591292051-0
                        • Opcode ID: 35c204186199253a99af72ea5c03bd92f815bd651a136daf1ad623d9a68669fc
                        • Instruction ID: 11b8ad80b73dd1c64c5c96311c872d619b2e4735e0c8a64dd7ccd98149321e69
                        • Opcode Fuzzy Hash: 35c204186199253a99af72ea5c03bd92f815bd651a136daf1ad623d9a68669fc
                        • Instruction Fuzzy Hash: 021145B6800249CFCB10DF99C645BDEBBF0EB48320F25845AD919B7340D338A948CFA5
                        Function 02BF03F0 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 02BF0455
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 4b3f953ff4c9b0b78679887faf898796bae74c7f71e7e287e3d8ddab761fd535
                        • Instruction ID: 92327a299e7011fbeafaf8dc3fee50678e07b16829a068003595ab5dbbfbd0d0
                        • Opcode Fuzzy Hash: 4b3f953ff4c9b0b78679887faf898796bae74c7f71e7e287e3d8ddab761fd535
                        • Instruction Fuzzy Hash: AA1103B5800248DFCB50DF9AD584BDEBBF4EB48314F24845AE519B7610C374A984CFA5
                        Function 02BF03F8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,?,?,?), ref: 02BF0455
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 3dadaa2f1d0e331208b423fc8d7d2d5833f4cd85eda46bd09791065db9709d10
                        • Instruction ID: 5191f68ee2255e6ed1759f3a12fbb2e0f6c894db0abab46cff170e51e0406636
                        • Opcode Fuzzy Hash: 3dadaa2f1d0e331208b423fc8d7d2d5833f4cd85eda46bd09791065db9709d10
                        • Instruction Fuzzy Hash: 241103B5800348DFCB10DF9AD584BDEFBF8EB48314F108459D518A3210C375A584CFA5
                        Function 0817E528 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'_q
                        • API String ID: 0-2033115326
                        • Opcode ID: f49fc527731b62eef98aec3e1646b2af2d7db3c94530817602cc4a2a9a7a2740
                        • Instruction ID: 5d52fa936b5a6ee6bdbad586a511de4301e3a3c9e7d0374ec2a0d6ef9dbdb4fa
                        • Opcode Fuzzy Hash: f49fc527731b62eef98aec3e1646b2af2d7db3c94530817602cc4a2a9a7a2740
                        • Instruction Fuzzy Hash: 1A91A071A111158BD704FBB8E58866DB7F2FF88704F9188ADD449E7344DB38AC45C7A2
                        Function 012887D8 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'_q
                        • API String ID: 0-2033115326
                        • Opcode ID: 72176e8a0c4a4fcc2fa31561d8263e36736f1fd15964def3fb911ff944e9903c
                        • Instruction ID: eb68c4ac529b0a5b918a184b5be5a647ee1105ad118005bd0e0d07ab4b470c00
                        • Opcode Fuzzy Hash: 72176e8a0c4a4fcc2fa31561d8263e36736f1fd15964def3fb911ff944e9903c
                        • Instruction Fuzzy Hash: 2D6191317351068FD714EF3DD884A6A7BE9BF4820074544AAEA46CB3A1DB70EC00C761
                        Function 0128ED58 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq
                        • API String ID: 0-419967981
                        • Opcode ID: 7ad8921efb6fc746e9fb8ed8bd8ce7322a62c9d62727fb8c5862a87c77ae6168
                        • Instruction ID: fddece046f80c8feb209f815fe85b096f47931cd094e33331337589d03fe7252
                        • Opcode Fuzzy Hash: 7ad8921efb6fc746e9fb8ed8bd8ce7322a62c9d62727fb8c5862a87c77ae6168
                        • Instruction Fuzzy Hash: FE41D2313152469FC716AF2DD8586AA3FE2AF8A321F0584A9E945CB3D2CB34DC15CB61
                        Function 01285138 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 8cq
                        • API String ID: 0-304758316
                        • Opcode ID: 0a3c81c7a7e51d8231fc836d6b5603d32eeef22006c2b3fd26a5a87dcdbd6f56
                        • Instruction ID: 0b1cafd321f835a1570eb117244d18f74f4d07e4f2fd3ed63ee0d9bc4d5232c2
                        • Opcode Fuzzy Hash: 0a3c81c7a7e51d8231fc836d6b5603d32eeef22006c2b3fd26a5a87dcdbd6f56
                        • Instruction Fuzzy Hash: B9410074E16209DFDB04DFAAC4846EEBBF6BF89300F149069E419B72A4DB345A46CF50
                        Function 012885C8 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4'_q
                        • API String ID: 0-2033115326
                        • Opcode ID: cd3db435c9b49b0ce19dba65d9e801c4c212651b28342b664b043a0ca35561f0
                        • Instruction ID: 6beba937982fdceae310ee2280083889fa042a6d7d665a195690047c7f8c41f2
                        • Opcode Fuzzy Hash: cd3db435c9b49b0ce19dba65d9e801c4c212651b28342b664b043a0ca35561f0
                        • Instruction Fuzzy Hash: 5D418C75661216CFCB05EF29C948A6A7BB2FF88314F100469EA06CB3B1C731DC51CBA0
                        Function 01285128 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 8cq
                        • API String ID: 0-304758316
                        • Opcode ID: c998abd3cebeb53e38bf2eea28adb5d31e6a8f7edd642b182d181df5245baf7a
                        • Instruction ID: bd4e754e9db8803de427ca7abdcba6acb6d19d7974ad9aa9d5266432e1fb2100
                        • Opcode Fuzzy Hash: c998abd3cebeb53e38bf2eea28adb5d31e6a8f7edd642b182d181df5245baf7a
                        • Instruction Fuzzy Hash: 08410FB4E16209DFDB04DFAAC5846EDBBF2BF89300F14806AD415A73A0DB345946CF50
                        Function 08171020 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (cq
                        • API String ID: 0-301743287
                        • Opcode ID: 18ed772df984d2f5b0a2512a192a4003d896e2702ebd8ae892c2138075472d06
                        • Instruction ID: d8a83c65b54f19292d371d62939d4bb50d31581305977ff585484da6c8137bce
                        • Opcode Fuzzy Hash: 18ed772df984d2f5b0a2512a192a4003d896e2702ebd8ae892c2138075472d06
                        • Instruction Fuzzy Hash: C2317C31E042498FCB11DFBDD8509EEBBB4EF89320B1482AED549E7251EB309945CBA5
                        Function 0817195F Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (cq
                        • API String ID: 0-301743287
                        • Opcode ID: 022835cc2ba959df2091060078ce164fcb0f5916a03dbe8eb206f92632560075
                        • Instruction ID: 08dbf4b1a6963cbe2e2d10ef9ffb72fe6f5f6a46aa8391e446663dcf1ffd749f
                        • Opcode Fuzzy Hash: 022835cc2ba959df2091060078ce164fcb0f5916a03dbe8eb206f92632560075
                        • Instruction Fuzzy Hash: 4F3123B4D04258EFDB24DFA9C598B9EBFF5EF48310F24846EE405AB250C7745845CB61
                        Function 081718DB Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: (cq
                        • API String ID: 0-301743287
                        • Opcode ID: 88cb12e9fb0f08f71b9fbd6cd17c045a60bd93dfed6ff3974cccefa0c7878140
                        • Instruction ID: dcac08743b951d5ddf54e6153a93510f053c4c89c021dec731f9fa98ebf2ee2b
                        • Opcode Fuzzy Hash: 88cb12e9fb0f08f71b9fbd6cd17c045a60bd93dfed6ff3974cccefa0c7878140
                        • Instruction Fuzzy Hash: EB110820A1C3D55FE7069B7888246BE3FB29FD6310F6808DFC4419B2D2DB250D45C762
                        Function 08173F16 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: @D6
                        • API String ID: 0-6984494
                        • Opcode ID: de769bf41f963091baf5c0faf6ac7014ea5ac8155588b1afaca2c219d443e6fb
                        • Instruction ID: f399507b5816d8385ff25b1b663511a11859f2c69f452488b8b4f2fa1c18f601
                        • Opcode Fuzzy Hash: de769bf41f963091baf5c0faf6ac7014ea5ac8155588b1afaca2c219d443e6fb
                        • Instruction Fuzzy Hash: F501DF6190E3CA4FC303E7B4D9212987FB0AF57200B1905DBC089CF1A7EA250E09CB52
                        Function 08173F89 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: 43`q
                        • API String ID: 0-987742510
                        • Opcode ID: 364f59ab1e1480b4786de8dc4ecd872a73f5a8025d0b45471b29831195c14e4b
                        • Instruction ID: 42375db1403b42297c61acf241333ce862463a80a0cb1cae82f48f682c5fcf8d
                        • Opcode Fuzzy Hash: 364f59ab1e1480b4786de8dc4ecd872a73f5a8025d0b45471b29831195c14e4b
                        • Instruction Fuzzy Hash: DBE0ED293192941FC31A57766C2057B3FABABCA220B0884AAF8818B295CC704C068390
                        Function 0817BF76 Relevance: .4, Instructions: 450COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f27491810729a9508722e81af9b3be1aa1e9dae5f5a9b4b671fbc80571a96b1
                        • Instruction ID: 5f2c6a723a2d38df7ad61069fa6e494a143fbe6344a9a6650d4838a6cf7c919d
                        • Opcode Fuzzy Hash: 5f27491810729a9508722e81af9b3be1aa1e9dae5f5a9b4b671fbc80571a96b1
                        • Instruction Fuzzy Hash: 2FE1F331B152608FC705BBB8D85826D7BB1FF89204F5545ADD08AE7392DB389C46C7A2
                        Function 0817B360 Relevance: .4, Instructions: 366COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ce7f4e4280e15b3833a21201e5c6540a1e16d6a7efc017a385326af2719002a
                        • Instruction ID: 7af5cd8319150353a456f579b0fc5c3531c4d7988a763a57435d67dcbba78547
                        • Opcode Fuzzy Hash: 0ce7f4e4280e15b3833a21201e5c6540a1e16d6a7efc017a385326af2719002a
                        • Instruction Fuzzy Hash: 6BC1AF31A14625CBD704BBB8E48912DBBF1EF88714F45496DE889E7344DF38A84AC792
                        Function 0817C6B7 Relevance: .3, Instructions: 344COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cee9c1e54ff59bdc6100bd059c26231cca81dd6c1a72bf0cd201cc2bbd250e5a
                        • Instruction ID: f8eec58d73d0dc28c4dedb2f825576578d68cbcd9b448cd5705c207443497e0f
                        • Opcode Fuzzy Hash: cee9c1e54ff59bdc6100bd059c26231cca81dd6c1a72bf0cd201cc2bbd250e5a
                        • Instruction Fuzzy Hash: BBC17E71A11215CFC708BBB8E49856DBBF1EF88304F51886DE445E7361DE38A84ACB92
                        Function 0817BFE4 Relevance: .3, Instructions: 329COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 463b3610bd6f82abf9b1eba7d34663455635804a5b59c33413b65d8030291070
                        • Instruction ID: 190674f87202d4611003912e0398e6591fab552809a0a51922dabfe604c5703a
                        • Opcode Fuzzy Hash: 463b3610bd6f82abf9b1eba7d34663455635804a5b59c33413b65d8030291070
                        • Instruction Fuzzy Hash: 88B1D171B15224CFC704BBB8E84826D7BB1FF99304F5145ADD08AE7391DB389846C7A6
                        Function 01289968 Relevance: .3, Instructions: 320COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aa6a3abeb22be64209548ca212cf658fecb07b20695cdb79dbd147529ca2efaf
                        • Instruction ID: c08f6a958c3f20c082f9154042bb7f895ca5e572458fb04da095496b63fc6961
                        • Opcode Fuzzy Hash: aa6a3abeb22be64209548ca212cf658fecb07b20695cdb79dbd147529ca2efaf
                        • Instruction Fuzzy Hash: DDD12935A11215CFCB05DF6DC488AADBBF6AF88314F1A8469E505AB3A1C732EC81CB50
                        Function 0817C027 Relevance: .3, Instructions: 310COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e891ab5dd38ab9ec53c95b7bee778f31b934ccf0b4bb56256e38d6a9536e24c
                        • Instruction ID: 2a65d906056cca773207f03b6e7f0cb10618a9851cf5879a90f772b01f729785
                        • Opcode Fuzzy Hash: 5e891ab5dd38ab9ec53c95b7bee778f31b934ccf0b4bb56256e38d6a9536e24c
                        • Instruction Fuzzy Hash: 97B1B031B112248FC705BBB8E89816D7BB1FF99304F51496DD08AE7351DF38A846C7A6
                        Function 01289847 Relevance: .3, Instructions: 303COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3482011a6315766b6ae60e370b531cd8bc608ce7b9330cf10e833e4e0369262d
                        • Instruction ID: b127e7ac4ced277f59d127c0c0d142487e4565bf3fae3378bf5b6322d913a883
                        • Opcode Fuzzy Hash: 3482011a6315766b6ae60e370b531cd8bc608ce7b9330cf10e833e4e0369262d
                        • Instruction Fuzzy Hash: 3BD12871A11219CFCB05DFA9C8889ADBBF6BF88314F1A8459E515AB3A1C731EC81CB54
                        Function 0817B350 Relevance: .3, Instructions: 272COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 54e9efb014be2936a65c3ed693673680d12c470eb69c89bb15dab0af27843dd8
                        • Instruction ID: bfe2a283c25a5514bad8df1d49604a25b166e2cd266f328adf45b75b997d78a7
                        • Opcode Fuzzy Hash: 54e9efb014be2936a65c3ed693673680d12c470eb69c89bb15dab0af27843dd8
                        • Instruction Fuzzy Hash: 8F91B031A15625CBC705BBB8E49912DBBF1FF88711F44486DE885E7344DF38A84AC792
                        Function 0817E1EC Relevance: .2, Instructions: 226COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9fbf6b0072e877fd50620e965678ba8c39df94fcf06679322ec6f0dbb0b4b236
                        • Instruction ID: 7b13566c799ccaf025226ec78bd48fc3315f22e92f7dc3fd16b3f64a046ddc00
                        • Opcode Fuzzy Hash: 9fbf6b0072e877fd50620e965678ba8c39df94fcf06679322ec6f0dbb0b4b236
                        • Instruction Fuzzy Hash: 2C711571A142158FC704FBB8E88966EBFF1EF48604F4549ADD489E7391DE389C49C3A2
                        Function 0817B146 Relevance: .2, Instructions: 150COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 71ed2c57ddd48af03e63f0a85e3fb232dee590b78c08100dd332bc9fde8da914
                        • Instruction ID: df3f2c88be9bc7dc67f91f2b62cd628ce487e0b6f943f1fc8045d52d67323fba
                        • Opcode Fuzzy Hash: 71ed2c57ddd48af03e63f0a85e3fb232dee590b78c08100dd332bc9fde8da914
                        • Instruction Fuzzy Hash: FF519F7150E3D19FC3036BB498686693FB4AF47214F4945DFE4C4CB2A3DA28984AC726
                        Function 0128A1A0 Relevance: .1, Instructions: 134COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dffdd821307b95079523a6468d77bc0d3cbb1d3e97c5167f526e7abaf4c940fe
                        • Instruction ID: fbe1d4c332e069d4e698525f1f288fd2ac53f46478346cbfd2c59459a7afb17c
                        • Opcode Fuzzy Hash: dffdd821307b95079523a6468d77bc0d3cbb1d3e97c5167f526e7abaf4c940fe
                        • Instruction Fuzzy Hash: D1512170E112099FDB18DFAAD844AEEBBF2BF88310F14802AE415BB398DB305945CF50
                        Function 0128F7BD Relevance: .1, Instructions: 134COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b986a11c9b844da1c737790aa3d338e199d9b8230134350c2fc38594633cb08e
                        • Instruction ID: ba6f473baf3286d833c9c0d78bbd5098422bab86b2d4efb876586182aa5e2b16
                        • Opcode Fuzzy Hash: b986a11c9b844da1c737790aa3d338e199d9b8230134350c2fc38594633cb08e
                        • Instruction Fuzzy Hash: 8041377261A3859FC707AF3995182693FB5EF8B324F1800EBE945CB2A3D7358915C790
                        Function 08171128 Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb983d129c945e3fcba8e7f618306fb2690f8b6fde9a50e7f1d3f9bcd4294a6c
                        • Instruction ID: e3b6647f97472b7c135239d512296789f86aa7e56fc4df0a2fed27bcca86a953
                        • Opcode Fuzzy Hash: eb983d129c945e3fcba8e7f618306fb2690f8b6fde9a50e7f1d3f9bcd4294a6c
                        • Instruction Fuzzy Hash: 0D4165B0D042499FCB00DFA9D854AEEBBF1AF89310F20886ED846BB351DB745905CB61
                        Function 0128A4C0 Relevance: .1, Instructions: 104COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: efc4c81dd6e79eec1ae47b292047b081d36f066cabf4513beae961347bbe50c1
                        • Instruction ID: 0735f17a973c97b204bee90cdd3517a002d95767ccb93eb76c2d82b729d56d6b
                        • Opcode Fuzzy Hash: efc4c81dd6e79eec1ae47b292047b081d36f066cabf4513beae961347bbe50c1
                        • Instruction Fuzzy Hash: 724120B5D15209DFDB04EFAAE9483EDBFF0AF88315F10856AD011A3290DB780A84CF60
                        Function 012852A8 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29df67c3cfeabdef67e367f5378a457783471a4f4056991ab099bbf8967a651b
                        • Instruction ID: e796b89662dcc5675c0876412088d6a6c30012f317a017c32708f9af3be0dc9d
                        • Opcode Fuzzy Hash: 29df67c3cfeabdef67e367f5378a457783471a4f4056991ab099bbf8967a651b
                        • Instruction Fuzzy Hash: 40316F7171120A9BCB06EF68D458AAF7BA6FF88324F008428FA0587395CB75DC65CB90
                        Function 012889F8 Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fcc22cdb6ced9fd88d37d2bb0ed15daeebda439b3236dd9c037e27d7756d5561
                        • Instruction ID: 6f0038f5ebe6de53e41eb6a9bc05d7f6524b458a6eb6a09ed539c26b5bff4933
                        • Opcode Fuzzy Hash: fcc22cdb6ced9fd88d37d2bb0ed15daeebda439b3236dd9c037e27d7756d5561
                        • Instruction Fuzzy Hash: 3621F4313652024BEB163A2DC89837EB69BAFC4604F584439D606CB3D6EF69CC42D391
                        Function 0817176F Relevance: .1, Instructions: 93COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 29a0b166c1ca7c856a9589031733694e4e92661bff95dfb0440b4e3769f0b07c
                        • Instruction ID: 3e08ceb6e9ca2c327a5b31c95af7bbc6f913b2c53af256a5d09c8a0edf4890f5
                        • Opcode Fuzzy Hash: 29a0b166c1ca7c856a9589031733694e4e92661bff95dfb0440b4e3769f0b07c
                        • Instruction Fuzzy Hash: B2414C30D007099FDB15DFA9C89469DBBF1FF89310F14C66DD849AB261EB70A985CB90
                        Function 0817E0F0 Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a019401ac251b9c41d8b7359a8f5311b755a3c354c5c900d7403fed479b20ffe
                        • Instruction ID: acbb75f08d613642cd4ed9c470bf81542a9daa94c4a04544acde8b2679953df3
                        • Opcode Fuzzy Hash: a019401ac251b9c41d8b7359a8f5311b755a3c354c5c900d7403fed479b20ffe
                        • Instruction Fuzzy Hash: 4B210731B142214BD304BBF8E89566E7BF5EF88214F4488ADD48CE3341DE38AC06C3A2
                        Function 01286728 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 602c79f607df396f3d125336059dff5a1b570b56c3f21fef3fd7a0ef210959f8
                        • Instruction ID: 8112342db11434f6cc95511f96cc836712340152017ff12de3e98c80a489896f
                        • Opcode Fuzzy Hash: 602c79f607df396f3d125336059dff5a1b570b56c3f21fef3fd7a0ef210959f8
                        • Instruction Fuzzy Hash: 1421C235721A128BC729BB2DD498B2AB7A2FF89661B044568D606CB394DF30DC02CBD0
                        Function 0121D5B8 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780616237.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_121d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 856754271eee72594ce6b656c21f9abf547d64db05ba308630323a26be41bc52
                        • Instruction ID: 72ba04e3c2e8085eacc580a492438641c964ec603305765d5b5b49f52a82fb5c
                        • Opcode Fuzzy Hash: 856754271eee72594ce6b656c21f9abf547d64db05ba308630323a26be41bc52
                        • Instruction Fuzzy Hash: CF214871114248DFCB05DF58E9C8B16BFA5FBA4314F208969E9090B25EC336D416C6A1
                        Function 0817E100 Relevance: .1, Instructions: 74COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f62a07ab1845995a2d8306f71da125c51f0b80dcb6741fca40e8563b82399d06
                        • Instruction ID: f0cee03d41115d3ae65b1ff91941ad828e2e6de056ac50aaa46d0aa63e4a875c
                        • Opcode Fuzzy Hash: f62a07ab1845995a2d8306f71da125c51f0b80dcb6741fca40e8563b82399d06
                        • Instruction Fuzzy Hash: D6118771B141359BD704BBB8E88562E77F9EF98618F80896DD44DE3340DE78AC06C3A6
                        Function 01284657 Relevance: .1, Instructions: 73COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf00f33437769bc4a03f8710353a6138f2ab66e273f50e6575a3789634f5169b
                        • Instruction ID: b6f32c4f623feafc52ce4117724503e2b7c9404468a94d3c2e1d4b4f9c02bd16
                        • Opcode Fuzzy Hash: cf00f33437769bc4a03f8710353a6138f2ab66e273f50e6575a3789634f5169b
                        • Instruction Fuzzy Hash: EF31E074E0121A9FCB08DFAAD854AEEBBF2BF89300F10856AD815A7354EB305A45CF51
                        Function 0122D1D4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780662840.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_122d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 34d868e7e70412e4c879fb5e13883912adf1d364deb49972a7c66e933b3b7cae
                        • Instruction ID: 107c760df276c8e66ee0109b1194362ef6c006a1672554ae148fef93b4e40719
                        • Opcode Fuzzy Hash: 34d868e7e70412e4c879fb5e13883912adf1d364deb49972a7c66e933b3b7cae
                        • Instruction Fuzzy Hash: AD214971514208FFDB05DF98C5C0B2ABB65FB85324F20C66DE9094B257C37AD406CA61
                        Function 0122D01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780662840.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_122d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b53b71f965aaa5e066feda9c9a642f85044b2d2245f6a54a12e09ddb9e68140a
                        • Instruction ID: ba661761fceebe75479490563620e4c0489ea612f00613e0711546d2e9309f1f
                        • Opcode Fuzzy Hash: b53b71f965aaa5e066feda9c9a642f85044b2d2245f6a54a12e09ddb9e68140a
                        • Instruction Fuzzy Hash: C7212575514248EFCB15DF58D580B1ABF65EB84314F20C56DE9090B266C37AD507CA61
                        Function 01285299 Relevance: .1, Instructions: 70COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5e2e29d41773d15798bc7e396a3329ff32baa2feaf54c1c5d16b2df920007800
                        • Instruction ID: c7ae4631a4cb22991d3c28f2094764ba3e8495330fe0f22dc73d1d80e6292e09
                        • Opcode Fuzzy Hash: 5e2e29d41773d15798bc7e396a3329ff32baa2feaf54c1c5d16b2df920007800
                        • Instruction Fuzzy Hash: BB21FF3161520A9FCB02EF6CD45876B7BA2EF88324F004068EA058B396CB74DC55CB90
                        Function 081719A8 Relevance: .1, Instructions: 68COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 195bd226d895d845931886a82a020907e7c2ea0b16d8958857649690d9073803
                        • Instruction ID: 5d371bc447675108007b6650310ffe85dc323017bbb47278ad1f56e713663df0
                        • Opcode Fuzzy Hash: 195bd226d895d845931886a82a020907e7c2ea0b16d8958857649690d9073803
                        • Instruction Fuzzy Hash: 2931D4B4C11258EFDB20DF99C984B9EBBF5AF48714F24801EE405B7250C7B55845CFA5
                        Function 0122D006 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780662840.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_122d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db921168ae8f6958322ca5b693c1fa53e7c557345390644738d5f69d9841d4c1
                        • Instruction ID: ed0162af65b324fada0046037189d74a11631404740f14af9889f32f75da245f
                        • Opcode Fuzzy Hash: db921168ae8f6958322ca5b693c1fa53e7c557345390644738d5f69d9841d4c1
                        • Instruction Fuzzy Hash: B921B0714083849FCB03CF24D994715BF71EB46314F28C5DAD9498F2A7C33A980ACB62
                        Function 012861D1 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b96a4189fa89f9958f379fdf83a5090492913b4cadc864f377858faff02e83f0
                        • Instruction ID: 2d4472a20b950785a44d9e5460e228f583ab2497645c5ae90562db9227bfbeef
                        • Opcode Fuzzy Hash: b96a4189fa89f9958f379fdf83a5090492913b4cadc864f377858faff02e83f0
                        • Instruction Fuzzy Hash: 60110330B15612DFCB11EF28C448B69BBB2FF85312F0485A9DA06CB295DB70DC55C791
                        Function 0128B571 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 995416ca7d78c69e29c2c0c2a9f90c17c56adf61b737252ffe96c9f5b2c8b05c
                        • Instruction ID: 3913b9a097645b8b50850b3cff792a9510ef86a81739e1fa92e62cd80e9b9e73
                        • Opcode Fuzzy Hash: 995416ca7d78c69e29c2c0c2a9f90c17c56adf61b737252ffe96c9f5b2c8b05c
                        • Instruction Fuzzy Hash: 9A110C317056945FC706567E585C66BBFEBAFCA311F04487AE006C72D6CD398C058371
                        Function 0817E0AF Relevance: .1, Instructions: 61COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 76807a1078c0e6629c23803bfb1769b6160554f01ec57d38ee24f56a55d57fd5
                        • Instruction ID: 1616678550ba459e78f34a765bbe0f538d3f828e532f93fab774f018e6335aa4
                        • Opcode Fuzzy Hash: 76807a1078c0e6629c23803bfb1769b6160554f01ec57d38ee24f56a55d57fd5
                        • Instruction Fuzzy Hash: D211CA72B141218BD744BBBCE88626DB7F5FF94654F80496DD449E7340DF38A8068792
                        Function 01286818 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6f1f740cc752fd38a944ce01314c2a070300f27153e440b88090820327fb2df
                        • Instruction ID: 9b1f681f258b116697709960bdc8251cff1a0c53b1be534f799ee9d89c3e1f05
                        • Opcode Fuzzy Hash: d6f1f740cc752fd38a944ce01314c2a070300f27153e440b88090820327fb2df
                        • Instruction Fuzzy Hash: FB11C2703202068FE740EE6AD084A2A7BD6BF99660B5040BDD20ACB3A1DE61DC098791
                        Function 012864D8 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 798e8dcd4ca44605634f1931dcea1c7c8b32ae3e4a5780c5aed1e06f4e410f3b
                        • Instruction ID: 6c38133d83e04ed03dbddf555cf7daab4d9926fbb796fa36d458af3e73a94672
                        • Opcode Fuzzy Hash: 798e8dcd4ca44605634f1931dcea1c7c8b32ae3e4a5780c5aed1e06f4e410f3b
                        • Instruction Fuzzy Hash: D811E071715202DFEB25AF69E498F2ABBE6AB84310F044929E6018B388DF74D841C7A0
                        Function 012896A0 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83d32844c130ac4211c4bce1f070f0260682bce9d5e7bf1d5f7fd01a88901117
                        • Instruction ID: efb1f0fbefd98a850885c05c6929b0c3a7ac504637aee164913aa29750ccd88b
                        • Opcode Fuzzy Hash: 83d32844c130ac4211c4bce1f070f0260682bce9d5e7bf1d5f7fd01a88901117
                        • Instruction Fuzzy Hash: 94115E35B101049FDB049E69D848BADBBB6BB8C610F148529EA16A7390DA71AC10CB90
                        Function 0121D5B3 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780616237.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_121d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                        • Instruction ID: 6a4d284c76927a4b93fe68948ebf06f33dc72d8dea468452f4adea1512374347
                        • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                        • Instruction Fuzzy Hash: 0111AF76504284CFDB16CF54D9C8B16BFA1FB94314F24C6A9D9090B25AC336D45ACBA1
                        Function 08171D19 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf5f1550192b97e6d2e47abb30eb5a934908ffc5233d060f11acefdf3aad1b2a
                        • Instruction ID: 447d7f141d34bd9c72283803aa24f601e5d0c604735e7a3e9f0646d612e5420a
                        • Opcode Fuzzy Hash: cf5f1550192b97e6d2e47abb30eb5a934908ffc5233d060f11acefdf3aad1b2a
                        • Instruction Fuzzy Hash: 8001F236B082621B9B16D6BA5C508BFBBFBEFC6121309857ED848DB341DF308C0243A4
                        Function 0122D1CF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780662840.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_122d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                        • Instruction ID: c5aff798ac2773e4a0d87be10f1bc7b417ab4b2fb963dc3e31934d519a787f6a
                        • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                        • Instruction Fuzzy Hash: 1911BB75504284EFDB02CF54C5C4B19BBA1FB85224F24C6A9D9494B297C33AD40ACB61
                        Function 0128F8C0 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c5dc67d0f3a223c45d14b2e55a0634fae16ccc253c733c03c16937d8a724c74b
                        • Instruction ID: 592f5661500575274b5568121a378633e56517a3bc878a47566f9c506539c95b
                        • Opcode Fuzzy Hash: c5dc67d0f3a223c45d14b2e55a0634fae16ccc253c733c03c16937d8a724c74b
                        • Instruction Fuzzy Hash: 1111823262121AEFCB01FF1DD548A6A7BA5FF48324F004025FA058B391C770D960CB90
                        Function 0128451A Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af3ec528b73b09a07c6cc40d3be91216134bd99cf7af3c7ced89a01304b2a30b
                        • Instruction ID: d289fce5b2553c355d5134278f8ec75213e2df225d7b85c9ef570056f6757261
                        • Opcode Fuzzy Hash: af3ec528b73b09a07c6cc40d3be91216134bd99cf7af3c7ced89a01304b2a30b
                        • Instruction Fuzzy Hash: 38111270D112199BDB04DFAAE8486EDFBB6EF8A300F209569E915B7250DB344946CF60
                        Function 0128F9BA Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a34ae2bb2fa1df5db643ff9567a3734196798adfa37ad431fbd33d004869e465
                        • Instruction ID: 35b894542765aa0351329484e168291b9db72085517dc5bde30391f66b9e7b94
                        • Opcode Fuzzy Hash: a34ae2bb2fa1df5db643ff9567a3734196798adfa37ad431fbd33d004869e465
                        • Instruction Fuzzy Hash: 1201F572A142456FCB02DF5998146AF3FE7EBCA261F09446AF604D7280CA718D118B91
                        Function 08171088 Relevance: .0, Instructions: 48COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 08ec0f02aa41a8cc1e6eb29fcbc575c3b193ddedb50ccc191c83519a51add921
                        • Instruction ID: 8adb1b4652c3c787000045f873c2689a9cdc3839d26d4e9d12ec3cf2ba2d1d03
                        • Opcode Fuzzy Hash: 08ec0f02aa41a8cc1e6eb29fcbc575c3b193ddedb50ccc191c83519a51add921
                        • Instruction Fuzzy Hash: D111C571D0070A8ECB10EFA9C9409EEFBF4EF48310B11966AD558B7211E730EA91CB90
                        Function 0128A190 Relevance: .0, Instructions: 47COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3f5aef6eb95063eb5de2c18a000d486321bad8d63a31c1d99e2c6afec197ba93
                        • Instruction ID: 841c74982d46e9d10590755bfd4c4fd4c0ec15571459cb806b271afd26d067d6
                        • Opcode Fuzzy Hash: 3f5aef6eb95063eb5de2c18a000d486321bad8d63a31c1d99e2c6afec197ba93
                        • Instruction Fuzzy Hash: 3A116971D146598BEB09DFAAD8083EEBFB6AF8A301F04C56AC524A7294DB740145CFA0
                        Function 0121D7ED Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780616237.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_121d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c7a3f42a10c2ff39b8754fda50c5073a72a0b2d9924f74bbea84923ece589171
                        • Instruction ID: 47df772f8eb429dddc9c5b2546fd12ae7b07d3f6a4677cddc8f94dc42711fa48
                        • Opcode Fuzzy Hash: c7a3f42a10c2ff39b8754fda50c5073a72a0b2d9924f74bbea84923ece589171
                        • Instruction Fuzzy Hash: 7501FC71014308DAE710CB99C988B67BFD8EF61324F15C429EE0D1A18AC3749441C671
                        Function 0128A638 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 211146439e3b3f91e940fecaf32bb58a43b897c6b8d7142572c82a1a6cb83e29
                        • Instruction ID: 63fe69c857452ec0ec9916cb57938b9447611db8d4d0d73017d8479cc8010ed4
                        • Opcode Fuzzy Hash: 211146439e3b3f91e940fecaf32bb58a43b897c6b8d7142572c82a1a6cb83e29
                        • Instruction Fuzzy Hash: 9E014870D11209DFEF14EFAAC9087EEBAB1BB89314F049529D110B3294DF780840CF64
                        Function 0128A637 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d4b63b448bc1c55b93841f4336461da1d8992626ab8d650cf4e2db0964a1328c
                        • Instruction ID: 1f981f61fea3f88d485e95deb5943f038522af593442b0a776781158aaf573d3
                        • Opcode Fuzzy Hash: d4b63b448bc1c55b93841f4336461da1d8992626ab8d650cf4e2db0964a1328c
                        • Instruction Fuzzy Hash: CE012570D112099FEF14DFAAD9197EEBBB1BB89314F149529D111B3294DB780841CF64
                        Function 01284528 Relevance: .0, Instructions: 43COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9c29d77d6a23cb4fa9f1851538bc8f332a7209a2c88fbf1992864fee70d71455
                        • Instruction ID: dd3b60f9b67ff5148c02ce3197aed0d7ac12ddba1412a8fc1704faca83ab0225
                        • Opcode Fuzzy Hash: 9c29d77d6a23cb4fa9f1851538bc8f332a7209a2c88fbf1992864fee70d71455
                        • Instruction Fuzzy Hash: A601D074E112099BCB14DFAAE8086EDBBF6AB8D301F10D52AD919B3254DB355902CF64
                        Function 08170FE0 Relevance: .0, Instructions: 42COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 57d2a8121d9ce27462e58cbd51eb1df87f90efd832be1fa5bd70dbc0cf594b68
                        • Instruction ID: 9842b41e0cc0f5ed35f6c1b5aa43708a514aa25afc4d854d3702c324e4ad8330
                        • Opcode Fuzzy Hash: 57d2a8121d9ce27462e58cbd51eb1df87f90efd832be1fa5bd70dbc0cf594b68
                        • Instruction Fuzzy Hash: 800186756092846FC702CF68E4509EA7FE4EF8B221B1880AFE848CB652C672C812D791
                        Function 012850B8 Relevance: .0, Instructions: 40COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7182165735a47aa252f2147f8040b997927b4c5d301d77f7d2493795931f898c
                        • Instruction ID: 00eab208556c90e2e970d0257d9987c4bd2a2c1cdd174b4773a12df1d7a71ae3
                        • Opcode Fuzzy Hash: 7182165735a47aa252f2147f8040b997927b4c5d301d77f7d2493795931f898c
                        • Instruction Fuzzy Hash: 3001AD359592E49FDB01EF7D94A82DCBFF0DF06314F1846EAC88097112E6700A4ACB40
                        Function 0121D7EC Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780616237.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_121d000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 746309d047d60bc4c1a8429a7fb71bff80c8cc6d06bdfc28a0dd59e4f8fa7937
                        • Instruction ID: 7c0c9f9e6c93466236f3b31b291289c0fa0a05d0ce988cd2e562e99a463d3afc
                        • Opcode Fuzzy Hash: 746309d047d60bc4c1a8429a7fb71bff80c8cc6d06bdfc28a0dd59e4f8fa7937
                        • Instruction Fuzzy Hash: 5DF0C871404344DAE7108B0AC8C8B62FFD8EF51624F18C45AEE0C1B286C3789845CA70
                        Function 01284738 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6c27a2d55d5447f2a8f3bba4f094a7ae5b66ff882e16eb15c4728ff5851d7fbf
                        • Instruction ID: 3bc918f6d95f0596ff4d56e056f131afb0c44a6031c4ac1b5149e0cae9cb31e1
                        • Opcode Fuzzy Hash: 6c27a2d55d5447f2a8f3bba4f094a7ae5b66ff882e16eb15c4728ff5851d7fbf
                        • Instruction Fuzzy Hash: DEF06275D0525ADFCB04EFA8D4915EDBFB0FF56304B1040AAD855E7394D3349606CB41
                        Function 0128A628 Relevance: .0, Instructions: 34COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4dfd570ae1274a0e8c85518b9e7a3479cc4c6246272da9bca5527016187ba410
                        • Instruction ID: 983c387c35b179efe3f757a76c7977bc747d352728acb9212b285c8cc63582eb
                        • Opcode Fuzzy Hash: 4dfd570ae1274a0e8c85518b9e7a3479cc4c6246272da9bca5527016187ba410
                        • Instruction Fuzzy Hash: 37F017729652199FEF10DF98C819BEEBBB0FB98318F102929D011B7394CB7909419F64
                        Function 0128A344 Relevance: .0, Instructions: 33COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 585ee7bed33ac4a5d7132da2ed34469b8c86f18407335343459f0dd6a957a337
                        • Instruction ID: abba52e35cbcb9b3fc92d567a6bd42fbe8da3fef2a9403ad265e13e9a8111ee4
                        • Opcode Fuzzy Hash: 585ee7bed33ac4a5d7132da2ed34469b8c86f18407335343459f0dd6a957a337
                        • Instruction Fuzzy Hash: 68F064B2D19268CFCF01DBE8D8921ECBFB0EB5A211F4040AAD405AB295D6799542CB10
                        Function 0817E0B3 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 532ef6c1469fa69671477221ff8c22afa2f505d547eedcb36f306018a9528dd2
                        • Instruction ID: 77767abff908cc75c7b10038516cb78e88fd289f4bd3a3bff9820e5b7e513cbd
                        • Opcode Fuzzy Hash: 532ef6c1469fa69671477221ff8c22afa2f505d547eedcb36f306018a9528dd2
                        • Instruction Fuzzy Hash: DEF0482104F3E18FDB135BB49865191BFB09E0722039E04C7D8D1CE0A7C668286EDB22
                        Function 08171010 Relevance: .0, Instructions: 25COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce5c7c518b0f9cdee90f3f52de0acafc3b107cbd19edee6cd92d6b6546733715
                        • Instruction ID: d983227f46a0914badfc3bfd33731f24cee06c7ee61279ce9e0caab22bd5ed7a
                        • Opcode Fuzzy Hash: ce5c7c518b0f9cdee90f3f52de0acafc3b107cbd19edee6cd92d6b6546733715
                        • Instruction Fuzzy Hash: 19E0DF2631D2D02FC70746A8A4A4A7A3F298FC7212B0D40FFE589CB192C5904804C363
                        Function 01284C8C Relevance: .0, Instructions: 18COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f986968f170f3340ae911b518c3e1d07166a1bf6aadd964daef390377f545ae0
                        • Instruction ID: 425108b32eaa51f10505d24e968c1ef004b34ca3e4c4ea35849934b317b8c567
                        • Opcode Fuzzy Hash: f986968f170f3340ae911b518c3e1d07166a1bf6aadd964daef390377f545ae0
                        • Instruction Fuzzy Hash: 03E01234E00259CFCB18EF95E8807DCBBB4AB84210F1084AAD01EA7214DA302A96CFA0
                        Function 08173F50 Relevance: .0, Instructions: 17COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8911674fb26f24fa95471feeb211976e4623af3888ce701626ffb93456d76431
                        • Instruction ID: 571ed39eb78c72e9babc777a0e9d4e20f99c671ce81c2e6cecf784745ed973a1
                        • Opcode Fuzzy Hash: 8911674fb26f24fa95471feeb211976e4623af3888ce701626ffb93456d76431
                        • Instruction Fuzzy Hash: CFD0127091520DEFCB00EFB4E94155DBBF9EB45310B5045A9E419D7314DB316F049B51
                        Function 0128974D Relevance: .0, Instructions: 16COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a608d63dbde613d227d9e40074ef1f4dc3dd2230faaa83969a6939f2eab96083
                        • Instruction ID: 5bd450af87fdf90dc966ae0340e5f4a7a546983d43c94ff3d49ecb41c1d89cb2
                        • Opcode Fuzzy Hash: a608d63dbde613d227d9e40074ef1f4dc3dd2230faaa83969a6939f2eab96083
                        • Instruction Fuzzy Hash: 1AD0673BB400189FCB049F9DE884DDDF776FB98221B048516E915E3261D632A921DB90
                        Function 01286B6F Relevance: .0, Instructions: 15COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dda39bb2e4d11fa99c5bf1e2b49a23b1cf8b1b2f0ebebf78eda16d57f9b84333
                        • Instruction ID: 45396241ec61d6c12dc96523b5f37f4a3da9f2b021bef2e886e2072b0554227b
                        • Opcode Fuzzy Hash: dda39bb2e4d11fa99c5bf1e2b49a23b1cf8b1b2f0ebebf78eda16d57f9b84333
                        • Instruction Fuzzy Hash: C7E0C2310186868EC703EB38EC14B993BB2BF52305F0445B1E1080A2AECB7458488B51
                        Function 0817ED91 Relevance: .0, Instructions: 14COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799746272.0000000008170000.00000040.00000800.00020000.00000000.sdmp, Offset: 08170000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8170000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2cb1688999f34aae223199b12456b5145f4d26d2a844b8cfc2d95e5892751e54
                        • Instruction ID: 0fa4cb3934356724f1cc521146a7928f438447bb0df0a57b5e98c54f6f66ffb0
                        • Opcode Fuzzy Hash: 2cb1688999f34aae223199b12456b5145f4d26d2a844b8cfc2d95e5892751e54
                        • Instruction Fuzzy Hash: 0DE0B630601254CFD758DBA0DA85858BBB2FF49305B519498E0069B766C735D981CE01
                        Function 01286B80 Relevance: .0, Instructions: 12COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e5bc8cedc65249cedff692fa37ebb7f0799aefd021132754583fec3382c6addf
                        • Instruction ID: 4e21efb5c57963cf81eeb888f03fcd6db9c03c2ba5c8252511d5010ad75df71a
                        • Opcode Fuzzy Hash: e5bc8cedc65249cedff692fa37ebb7f0799aefd021132754583fec3382c6addf
                        • Instruction Fuzzy Hash: 9EC0123145420B8AC602F77DF845F5D377BFA80314B508630A2050A23DDF74B8894690

                        Non-executed Functions

                        Function 08110040 Relevance: 6.8, Strings: 5, Instructions: 529COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799597280.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8110000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Hcq$Hcq$Hcq$Hcq$Hcq
                        • API String ID: 0-1692708840
                        • Opcode ID: a4bd8636747bf8638dbf289a0b3f41ec126496b6cfffeee1c47d49461119f349
                        • Instruction ID: 6da9c8d09ec07c2d9e55ee41c9529076ce2ad501b09b196a30e181eca6ed9030
                        • Opcode Fuzzy Hash: a4bd8636747bf8638dbf289a0b3f41ec126496b6cfffeee1c47d49461119f349
                        • Instruction Fuzzy Hash: 97F1B031B101149FCB48EB7DC89467E7BA7BFD8360B248569E50ADB398CE34DD0687A1
                        Function 02BF1FE8 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q$PH_q
                        • API String ID: 0-3760492949
                        • Opcode ID: 5ce836f0a539ee9c893f5950c25ea9f4309010a7085710bb4d444f697a3d7b88
                        • Instruction ID: bff0ffe514cf4efe2912dc78823a08c95bb9348a03cc47ec4bef0c6944706083
                        • Opcode Fuzzy Hash: 5ce836f0a539ee9c893f5950c25ea9f4309010a7085710bb4d444f697a3d7b88
                        • Instruction Fuzzy Hash: DBD1C174A006048FDB58DF69C598AA9B7F1FF4C714F2580E8EA06AB365DB31AD44CF60
                        Function 0128CAB1 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Xcq
                        • API String ID: 0-450769270
                        • Opcode ID: b39d4e675da6323812f11debf4908f5a3e6dec25f24b34106aff678cb5203a84
                        • Instruction ID: b09bce4a83fa0908e65eeef817db5c5d3f5b2bb6dbb574de481e98256eb0a8f3
                        • Opcode Fuzzy Hash: b39d4e675da6323812f11debf4908f5a3e6dec25f24b34106aff678cb5203a84
                        • Instruction Fuzzy Hash: FDB1BA31732106CBEB387E7DD4452BA7AE6AFC4B01F284C19D982966C8DB31C9618775
                        Function 07400440 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: L~
                        • API String ID: 0-3876828424
                        • Opcode ID: b298b687a49c6f0d9ce75512724938f224b657cea8bbab63f07fb2ffcaa5c06f
                        • Instruction ID: 9aea7bac74eb6c747ce6a00e413215790331308e2e905fe9dad3a44e32ec696c
                        • Opcode Fuzzy Hash: b298b687a49c6f0d9ce75512724938f224b657cea8bbab63f07fb2ffcaa5c06f
                        • Instruction Fuzzy Hash: 95911574E15219CFCB04CFA9C5809AEFBF2FF89210F14996AD405EB264D334AA42CF95
                        Function 07400450 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: L~
                        • API String ID: 0-3876828424
                        • Opcode ID: 28dc281623cbd13e1a6e564e4ebe1efaee3af8cccc55bfc1bbb65da1db9b62e1
                        • Instruction ID: c4bdef333062febd3f68fb8a44459596dc128690b6aff301e31a624bb96b4b33
                        • Opcode Fuzzy Hash: 28dc281623cbd13e1a6e564e4ebe1efaee3af8cccc55bfc1bbb65da1db9b62e1
                        • Instruction Fuzzy Hash: 2B91F5B4A15219CFCB04CF99C58499EFBF2FF89210F14996AD015AB264D334AA42CF95
                        Function 07412E45 Relevance: .6, Instructions: 569COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1a293ac0a2b6719026aa1ad556abd7ad2f3d0fba2d73c2106ccf855447339bf3
                        • Instruction ID: 543ad5dd2db317dcbc1443331e63c312408eec604618327241b71797b1d62092
                        • Opcode Fuzzy Hash: 1a293ac0a2b6719026aa1ad556abd7ad2f3d0fba2d73c2106ccf855447339bf3
                        • Instruction Fuzzy Hash: CA228E71E102159FCB08FFB9D9845AEBBF2FF98304B518969D049A7354EF38A806CB51
                        Function 02BF1168 Relevance: .4, Instructions: 421COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1781128557.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_2bf0000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6799e17b910c667ed30154ae78c72468dde8cd1ae3c7f7e714d1c40f51615c8d
                        • Instruction ID: 2bf424bd44657e364d5f46cd52dcbcc38f3e9ed5a42c1b49b90967a01865042c
                        • Opcode Fuzzy Hash: 6799e17b910c667ed30154ae78c72468dde8cd1ae3c7f7e714d1c40f51615c8d
                        • Instruction Fuzzy Hash: 75E1BD707106018BDB69EB79C4507AEB7F6AF89304F1488ADD25ACB7A5CF35E809CB50
                        Function 0603E350 Relevance: .3, Instructions: 318COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798231181.0000000006030000.00000040.00000800.00020000.00000000.sdmp, Offset: 06030000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_6030000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7559500211e582706e78cab2ceee221b3a377d49ed2d0f82638dcfdcf02fa469
                        • Instruction ID: 6442e2d81ae1f2629f842faa4b2c67875235d453a3e542e9611ae663d546556a
                        • Opcode Fuzzy Hash: 7559500211e582706e78cab2ceee221b3a377d49ed2d0f82638dcfdcf02fa469
                        • Instruction Fuzzy Hash: 3BA18130B502556FDB98EB79881477F6AEBAFC8350F24856D900ADB398CE349D07C791
                        Function 0811EE62 Relevance: .3, Instructions: 271COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799597280.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8110000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d6a58649809ca17787cb68741949b409254707cd9eb53ba1a1cdc0acbbfe8bb2
                        • Instruction ID: 9223b728619d00097ef280c3d4e7c9c20a8c76575b7fd4d42c0f9b777f83272a
                        • Opcode Fuzzy Hash: d6a58649809ca17787cb68741949b409254707cd9eb53ba1a1cdc0acbbfe8bb2
                        • Instruction Fuzzy Hash: E3D1193192075ACACB01EF64D9506EDB7B1FF95300F10C7AAD11937269EB70AAC8CB91
                        Function 0811EE70 Relevance: .3, Instructions: 264COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1799597280.0000000008110000.00000040.00000800.00020000.00000000.sdmp, Offset: 08110000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_8110000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4a4989b05abe2d6af43757f2bb8b7fb108336006dd976315c812670e1561b4d2
                        • Instruction ID: ad90ddffe00f324d662252f4380e1e202f7864a654528322d71d050415615bb2
                        • Opcode Fuzzy Hash: 4a4989b05abe2d6af43757f2bb8b7fb108336006dd976315c812670e1561b4d2
                        • Instruction Fuzzy Hash: E7D1193192075ACACB01EF64D9506EDB7B1FF95300F10C7AAD11937629EB70AAC8CB91
                        Function 0740A6D8 Relevance: .2, Instructions: 250COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cdf661ac9170e8f1da039fe91b33187dd2e4b4a5421daa745212381d4b41b835
                        • Instruction ID: 528b863d9c3c468954bbfcb64095122881772ad7a017dd9dab207066a83a5186
                        • Opcode Fuzzy Hash: cdf661ac9170e8f1da039fe91b33187dd2e4b4a5421daa745212381d4b41b835
                        • Instruction Fuzzy Hash: 79A104B0E15318CFDB04CFA5DA84ADDBBB2FB8A350F14D92AD40AA7295D7349902CF54
                        Function 07407318 Relevance: .2, Instructions: 212COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 74c6fd4926fad3f4c0c60e3663c38828cb2c6899cab3a7ccbff87ac93c6b5d9b
                        • Instruction ID: 3ea8a12f7646fd2952a806014cb644f3b02106a8926e38dc9a3f973089ad22d3
                        • Opcode Fuzzy Hash: 74c6fd4926fad3f4c0c60e3663c38828cb2c6899cab3a7ccbff87ac93c6b5d9b
                        • Instruction Fuzzy Hash: DFA14E70E1020A9FCB05DFA9D580A9EBFF2FF89310F20C969D414AB359D735AA098F50
                        Function 074018E0 Relevance: .2, Instructions: 176COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 61b8ef8c8a9d57954e04500152a8f3e46cf5811df6ed97190c14e6beb77b2213
                        • Instruction ID: f88c92b9c8c2599c453a1730aaa43307b066df9fdf6654f92004c9f246f28c2b
                        • Opcode Fuzzy Hash: 61b8ef8c8a9d57954e04500152a8f3e46cf5811df6ed97190c14e6beb77b2213
                        • Instruction Fuzzy Hash: 5E71F6B4E1520E8FCB04CFA9C5809DEFBF2BF8A310F24946AD415B7254D3749A42CBA5
                        Function 074018F0 Relevance: .2, Instructions: 173COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a8cc2b58910b9db194d2ac1c5a3b8af53e8090cc5561e91139425a7b7476443
                        • Instruction ID: 5477d6cf8ff6abf59ae52edfce021bc47af93e96cb6031100b936c5f79533b64
                        • Opcode Fuzzy Hash: 7a8cc2b58910b9db194d2ac1c5a3b8af53e8090cc5561e91139425a7b7476443
                        • Instruction Fuzzy Hash: 1471D3B4E1520A9FCB04CFA9D5809DEFBF2FF8A310F24942AD415B7254D3749A42CBA4
                        Function 07401338 Relevance: .2, Instructions: 160COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7c37dced7f5f9f45e12d9bb3bb8b2c796255e69f76b3c6acbeaa3cf6a838fd82
                        • Instruction ID: 454ee467850b1c03534b8877ec66523dc268bfb22396d872a6d268a01dfd4ac1
                        • Opcode Fuzzy Hash: 7c37dced7f5f9f45e12d9bb3bb8b2c796255e69f76b3c6acbeaa3cf6a838fd82
                        • Instruction Fuzzy Hash: A76128B0D15219DFDB04CFA9C5819EEFBF1AF8A300F14C56AD455AB294D3349A42CF90
                        Function 07401048 Relevance: .2, Instructions: 160COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f3de6d4fed5bc58be448f9a53006f7b9bc2f314156ca60e2b0f4adfaf43e14c7
                        • Instruction ID: a7cb8f6e7ce26f4217fd3cd904de643d040b096381d7f017265595d0bd678bc0
                        • Opcode Fuzzy Hash: f3de6d4fed5bc58be448f9a53006f7b9bc2f314156ca60e2b0f4adfaf43e14c7
                        • Instruction Fuzzy Hash: 8C71D1B4E1524ADFCB04CFA9D5808EEFBB1BF89310F24856AD515AB354C334A982CF95
                        Function 07401038 Relevance: .2, Instructions: 159COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e1bf56174c3bc658fc16825241a3ee87a2bb1ebfba14dab7ebd8668f76be73fe
                        • Instruction ID: 5221e815591be302b988d249cb778af1b8bba9f2f60ec6b7c983e1cee81702cd
                        • Opcode Fuzzy Hash: e1bf56174c3bc658fc16825241a3ee87a2bb1ebfba14dab7ebd8668f76be73fe
                        • Instruction Fuzzy Hash: C56105B4D1424ACFCB04CFA9C5809EEFFB1BF8A310F14856AD555AB654C334A982CF91
                        Function 074016A8 Relevance: .1, Instructions: 115COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ad7a52b94500324ac85e32bfa5d60b90a322f926274d37687f81931cffe9d49
                        • Instruction ID: 1bc42ba709692bf52b9a8b2d11cd323deff4b0de01f9f7df7aa62ca17d50dc34
                        • Opcode Fuzzy Hash: 3ad7a52b94500324ac85e32bfa5d60b90a322f926274d37687f81931cffe9d49
                        • Instruction Fuzzy Hash: A341EAB5D1460A8FCB48CFAAC5855EEFBF2BF89300F14D46AC415A7255D3349A42CF94
                        Function 0740283E Relevance: .1, Instructions: 114COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a9e8a546c8562e63e3b2bdf51435bf3a3cbdc21216404fdf93f2618f33ad9bd
                        • Instruction ID: eb9cea81f6b40ca8f90ea273561798647f9e6012cbba8d2928c6ac3c5386a66b
                        • Opcode Fuzzy Hash: 2a9e8a546c8562e63e3b2bdf51435bf3a3cbdc21216404fdf93f2618f33ad9bd
                        • Instruction Fuzzy Hash: 8F416FB1E056588FDB18CF6B8D4469AFBF3AFC9300F14C1BAC54DAA265DB3409468F51
                        Function 074016B8 Relevance: .1, Instructions: 113COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7208ed39863b37af71a6e0f886ea0c37767bb44674ac385164b793407f27d9a4
                        • Instruction ID: 10b407029d534344cfb214b0367f1bffd013088ad972552662ab6ef7d66cb837
                        • Opcode Fuzzy Hash: 7208ed39863b37af71a6e0f886ea0c37767bb44674ac385164b793407f27d9a4
                        • Instruction Fuzzy Hash: CA41D7B4E1420EDBCB48CFAAC9855EEFBF2BB89300F14D46AC415A7254D3349A42CF94
                        Function 07401D20 Relevance: .1, Instructions: 110COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: af57a8a50962123e1ee923cd1044c807b12493f94714a2538730b71a3daf8178
                        • Instruction ID: f204c8decfc28bf40fb9cfab76f867afa27bc643493ee9ac4ecda73db38a3010
                        • Opcode Fuzzy Hash: af57a8a50962123e1ee923cd1044c807b12493f94714a2538730b71a3daf8178
                        • Instruction Fuzzy Hash: 7941D6B0E112198FDB58CFABC94469EFBF3BF88300F14C0AAD518AB254D7345A468F91
                        Function 07402868 Relevance: .1, Instructions: 106COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c992105a4e4e1d4120545a65135189ecdee025d7cc9783e4e9c6f0a22b78aa4
                        • Instruction ID: b6e1ddd95193b9a4141ab1d140755d249296aad4925972aa71df33a64410ea3f
                        • Opcode Fuzzy Hash: 8c992105a4e4e1d4120545a65135189ecdee025d7cc9783e4e9c6f0a22b78aa4
                        • Instruction Fuzzy Hash: D5414CB1E116188BDB58CF6B8D4479EFAF3BFC9300F14C1BA850CA6255EB3409858E51
                        Function 07401D11 Relevance: .1, Instructions: 105COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49f2f2bc1a36e5dd50f9baa2491800a53b20599698cd983159c783ca7affb75f
                        • Instruction ID: 498fe48c1f179cc32acaddd119fa139fb3f96ae0008581db7d44cb2e20302c36
                        • Opcode Fuzzy Hash: 49f2f2bc1a36e5dd50f9baa2491800a53b20599698cd983159c783ca7affb75f
                        • Instruction Fuzzy Hash: 7241C9B0E112198FDB58CF6BC94469EFBF3BF89300F14C0AAD519AB254D7345A468F91
                        Function 0741E688 Relevance: .1, Instructions: 79COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798977469.0000000007410000.00000040.00000800.00020000.00000000.sdmp, Offset: 07410000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7410000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c27394b11ef932b287b7e202a4e5e6b6c63037a5c5c7b5788dce0fcea15993ef
                        • Instruction ID: c2a1b2e77ae807e30d8a0b47febc8704dc0f232d1900331cfa647ef84697cd98
                        • Opcode Fuzzy Hash: c27394b11ef932b287b7e202a4e5e6b6c63037a5c5c7b5788dce0fcea15993ef
                        • Instruction Fuzzy Hash: 3D31DC71E056189FEB18DFABD85069EFBF3AFC9300F14C0AAD518A6265DB340A468F51
                        Function 07405E40 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6e2e06dbae701b1d98b1af3a83a03afd1ab6e19e4b48be2a0e02c20c31680324
                        • Instruction ID: 5a2f3a3088fe859b1fbfe0abb93a38a945c4d25e4b19ccfcaaa5e328ed63eb16
                        • Opcode Fuzzy Hash: 6e2e06dbae701b1d98b1af3a83a03afd1ab6e19e4b48be2a0e02c20c31680324
                        • Instruction Fuzzy Hash: 432127B1E116198BDB08CFAAD9405DEFBF7EFC9210F14C13AD418A7254DB345A518F91
                        Function 074057B0 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb0d77bfc409fbd9682953f83973eacdd2051d23fcfb18de05668d8ef2e51f0f
                        • Instruction ID: 269a079e19b1519732d6d95e7275898bd852a32124ade8be85b2eb44d6544417
                        • Opcode Fuzzy Hash: fb0d77bfc409fbd9682953f83973eacdd2051d23fcfb18de05668d8ef2e51f0f
                        • Instruction Fuzzy Hash: F9114AB1E112199BDB08CFABE9406DEFBF7EFC8210F14C03AD418A7214DA344A118F90
                        Function 0740AE08 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c400acf19931b290f1b51fbdf4ac8dbfceeba08d92fa9ea648ee8e5cd5c71420
                        • Instruction ID: 40aa728c75c3c9b416a0048f55b3ed3b929f66dc252532877f857fc69ff5d350
                        • Opcode Fuzzy Hash: c400acf19931b290f1b51fbdf4ac8dbfceeba08d92fa9ea648ee8e5cd5c71420
                        • Instruction Fuzzy Hash: F71103B1E116199BDB08CFABD9406EEFBF7EBC8210F14C03AD518A7254DB345A028B91
                        Function 07409518 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 31d4cb35806267011457a720e1ffe9b4298d4af4ac68f8888f634d8b579f511a
                        • Instruction ID: 9d7d71bae59a93ccdf5b01b68d62c01ffce95bc7275a643348b7690e4d5dc5ab
                        • Opcode Fuzzy Hash: 31d4cb35806267011457a720e1ffe9b4298d4af4ac68f8888f634d8b579f511a
                        • Instruction Fuzzy Hash: A91106B1E116199BDB48CFABD9406EEFBF7AFC8210F14C03AD408A6255DB745A428F91
                        Function 074064A8 Relevance: .1, Instructions: 60COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b7fc8403df2e85a9eabcb4f106d678ca77ad543c847cf386f5c7eb61ff342844
                        • Instruction ID: 4f1c43fde2258f840eb4dd7881eb695c1e5f472d7b00661540866fcc52691d58
                        • Opcode Fuzzy Hash: b7fc8403df2e85a9eabcb4f106d678ca77ad543c847cf386f5c7eb61ff342844
                        • Instruction Fuzzy Hash: 481117B1E116199BDB08CFAAD9406DEFBF7EFC9310F14C07AD418A7254DA345A128F91
                        Function 0740950B Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1798926482.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_7400000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 83187f4a05d36a755828fef73245bfa08e718124b8b117d010b9925d804fc94d
                        • Instruction ID: e1fd70bc47ee3f3632f691887c2ddb267a314dae8c4f4b51b18a96bb3070f44c
                        • Opcode Fuzzy Hash: 83187f4a05d36a755828fef73245bfa08e718124b8b117d010b9925d804fc94d
                        • Instruction Fuzzy Hash: E41137B0E116189FDB48CFABC9406AEFAF7AFC9300F14C07AD408A6255DB745A428F91
                        Function 0128B638 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Xcq$Xcq$Xcq$Xcq
                        • API String ID: 0-2577476577
                        • Opcode ID: c256d8392ddb62015f7b77a3d7ecaef3f56b63ec895ffb3d8fd34d4bc70aff91
                        • Instruction ID: d3fd7610dc0f5861cc267d05f49841bc9d3091e4917665deabb7d5165d513aae
                        • Opcode Fuzzy Hash: c256d8392ddb62015f7b77a3d7ecaef3f56b63ec895ffb3d8fd34d4bc70aff91
                        • Instruction Fuzzy Hash: 1781D27291335A8FDB66BF3984843AE77A0EF45310F1941BBC1019B6A1EB718C5ADB90
                        Function 0128B628 Relevance: 5.1, Strings: 4, Instructions: 96COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: Xcq$Xcq$Xcq$Xcq
                        • API String ID: 0-2577476577
                        • Opcode ID: 67c14bf9b08ee54a40700105ed21f74f420fc7c04575b162434948ec69dcefc0
                        • Instruction ID: 57f4bef01a3c72192294c8ed06e61a09f8c5cf9412b9412fa137cf02d9093f0d
                        • Opcode Fuzzy Hash: 67c14bf9b08ee54a40700105ed21f74f420fc7c04575b162434948ec69dcefc0
                        • Instruction Fuzzy Hash: 0931EA35E5226B4BDF3DAA6CC9503BF7AA1BF84300F5900B9C616977C5EB3089419FA1
                        Function 0128F1C8 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.1780919549.0000000001280000.00000040.00000800.00020000.00000000.sdmp, Offset: 01280000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_1280000_Pedido9456_muestras_material_JC_INDUSTRIAL_DE_MEXICO SA de CV.jbxd
                        Similarity
                        • API ID:
                        • String ID: \;_q$\;_q$\;_q$\;_q
                        • API String ID: 0-294077808
                        • Opcode ID: 9873eec421c4190b0b894f51b7516c81171916b07ad821f37b9a42cbf01a1498
                        • Instruction ID: 071f4cdae700d18359a9323e263830de435d0ff8334bbc156a26c021f4b501c5
                        • Opcode Fuzzy Hash: 9873eec421c4190b0b894f51b7516c81171916b07ad821f37b9a42cbf01a1498
                        • Instruction Fuzzy Hash: C801F73677100A8FCB64AE2CC65492577EAAFC9760315406AE601CB3FDDE70DC42C750

                        Execution Graph

                        Execution Coverage:9.5%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:2.8%
                        Total number of Nodes:109
                        Total number of Limit Nodes:14
                        execution_graph 42530 15c0848 42532 15c084e 42530->42532 42531 15c091b 42532->42531 42534 15c1388 42532->42534 42535 15c138b 42534->42535 42536 15c14aa 42535->42536 42540 15c8268 42535->42540 42547 15c8140 42535->42547 42551 15c8150 42535->42551 42536->42532 42541 15c8272 42540->42541 42542 15c828c 42541->42542 42555 66df700 42541->42555 42559 66df710 42541->42559 42543 15c82d2 42542->42543 42563 15cfb8f 42542->42563 42543->42535 42549 15c8166 42547->42549 42548 15c82d2 42548->42535 42549->42548 42550 15cfb8f 2 API calls 42549->42550 42550->42548 42553 15c8166 42551->42553 42552 15c82d2 42552->42535 42553->42552 42554 15cfb8f 2 API calls 42553->42554 42554->42552 42557 66df710 42555->42557 42556 66df93a 42556->42542 42557->42556 42558 66dfd58 GlobalMemoryStatusEx GlobalMemoryStatusEx 42557->42558 42558->42557 42561 66df725 42559->42561 42560 66df93a 42560->42542 42561->42560 42562 66dfd58 GlobalMemoryStatusEx GlobalMemoryStatusEx 42561->42562 42562->42561 42564 15cfb9a 42563->42564 42566 66df700 2 API calls 42564->42566 42567 66df710 2 API calls 42564->42567 42565 15cfba1 42565->42543 42566->42565 42567->42565 42520 5a97120 42521 5a970d7 DuplicateHandle 42520->42521 42522 5a970f6 42521->42522 42523 5a9f680 42524 5a9f6c8 LoadLibraryExW 42523->42524 42525 5a9f6c2 42523->42525 42526 5a9f6f9 42524->42526 42525->42524 42568 5a97670 42569 5a97678 42568->42569 42572 5a96c2c 42569->42572 42571 5a976c6 42571->42571 42574 5a96c37 42572->42574 42573 5a97dec 42573->42571 42574->42573 42577 5a99a57 42574->42577 42582 5a99a68 42574->42582 42578 5a99a89 42577->42578 42579 5a99aad 42578->42579 42587 5a99c18 42578->42587 42591 5a99c0b 42578->42591 42579->42573 42583 5a99a89 42582->42583 42584 5a99aad 42583->42584 42585 5a99c18 3 API calls 42583->42585 42586 5a99c0b 3 API calls 42583->42586 42584->42573 42585->42584 42586->42584 42588 5a99c25 42587->42588 42590 5a99c5e 42588->42590 42595 5a9895c 42588->42595 42590->42579 42592 5a99c25 42591->42592 42593 5a99c5e 42592->42593 42594 5a9895c 3 API calls 42592->42594 42593->42579 42594->42593 42596 5a98967 42595->42596 42597 5a99cd0 42596->42597 42599 5a98990 42596->42599 42600 5a9899b 42599->42600 42606 5a989a0 42600->42606 42602 5a99d3f 42610 5a9ef60 42602->42610 42616 5a9ef48 42602->42616 42603 5a99d79 42603->42597 42609 5a989ab 42606->42609 42607 5a9aee0 42607->42602 42608 5a99a68 3 API calls 42608->42607 42609->42607 42609->42608 42612 5a9ef91 42610->42612 42613 5a9efdd 42610->42613 42611 5a9ef9d 42611->42603 42612->42611 42621 5a9f1c9 42612->42621 42625 5a9f1d8 42612->42625 42613->42603 42617 5a9ef55 42616->42617 42618 5a9ef9d 42617->42618 42619 5a9f1c9 3 API calls 42617->42619 42620 5a9f1d8 3 API calls 42617->42620 42618->42603 42619->42618 42620->42618 42629 5a9f218 42621->42629 42638 5a9f228 42621->42638 42622 5a9f1e2 42622->42613 42626 5a9f1e2 42625->42626 42627 5a9f228 2 API calls 42625->42627 42628 5a9f218 2 API calls 42625->42628 42626->42613 42627->42626 42628->42626 42630 5a9f228 42629->42630 42633 5a9f25c 42630->42633 42647 5a9e15c 42630->42647 42633->42622 42634 5a9f254 42634->42633 42635 5a9f460 GetModuleHandleW 42634->42635 42636 5a9f48d 42635->42636 42636->42622 42639 5a9f239 42638->42639 42642 5a9f25c 42638->42642 42640 5a9e15c GetModuleHandleW 42639->42640 42641 5a9f244 42640->42641 42641->42642 42646 5a9f4b0 GetModuleHandleW 42641->42646 42642->42622 42643 5a9f254 42643->42642 42644 5a9f460 GetModuleHandleW 42643->42644 42645 5a9f48d 42644->42645 42645->42622 42646->42643 42648 5a9f418 GetModuleHandleW 42647->42648 42650 5a9f244 42648->42650 42650->42633 42651 5a9f4b0 42650->42651 42652 5a9e15c GetModuleHandleW 42651->42652 42653 5a9f4d4 42652->42653 42653->42634 42527 15c70b0 42528 15c70f4 CheckRemoteDebuggerPresent 42527->42528 42529 15c7136 42528->42529

                        Executed Functions

                        Function 066D3120 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 650 66d3120-66d3141 651 66d3143-66d3146 650->651 652 66d316c-66d316f 651->652 653 66d3148-66d3167 651->653 654 66d3175-66d3194 652->654 655 66d3910-66d3912 652->655 653->652 663 66d31ad-66d31b7 654->663 664 66d3196-66d3199 654->664 656 66d3919-66d391c 655->656 657 66d3914 655->657 656->651 660 66d3922-66d392b 656->660 657->656 668 66d31bd-66d31cc 663->668 664->663 665 66d319b-66d31ab 664->665 665->668 776 66d31ce call 66d3939 668->776 777 66d31ce call 66d3940 668->777 669 66d31d3-66d31d8 670 66d31da-66d31e0 669->670 671 66d31e5-66d34c2 669->671 670->660 692 66d34c8-66d3577 671->692 693 66d3902-66d390f 671->693 702 66d3579-66d359e 692->702 703 66d35a0 692->703 705 66d35a9-66d35bc 702->705 703->705 707 66d38e9-66d38f5 705->707 708 66d35c2-66d35e4 705->708 707->692 709 66d38fb 707->709 708->707 711 66d35ea-66d35f4 708->711 709->693 711->707 712 66d35fa-66d3605 711->712 712->707 713 66d360b-66d36e1 712->713 725 66d36ef-66d371f 713->725 726 66d36e3-66d36e5 713->726 730 66d372d-66d3739 725->730 731 66d3721-66d3723 725->731 726->725 732 66d3799-66d379d 730->732 733 66d373b-66d373f 730->733 731->730 734 66d38da-66d38e3 732->734 735 66d37a3-66d37df 732->735 733->732 736 66d3741-66d376b 733->736 734->707 734->713 746 66d37ed-66d37fb 735->746 747 66d37e1-66d37e3 735->747 743 66d376d-66d376f 736->743 744 66d3779-66d3796 736->744 743->744 744->732 750 66d37fd-66d3808 746->750 751 66d3812-66d381d 746->751 747->746 750->751 754 66d380a 750->754 755 66d381f-66d3825 751->755 756 66d3835-66d3846 751->756 754->751 757 66d3829-66d382b 755->757 758 66d3827 755->758 760 66d385e-66d386a 756->760 761 66d3848-66d384e 756->761 757->756 758->756 765 66d386c-66d3872 760->765 766 66d3882-66d38d3 760->766 762 66d3850 761->762 763 66d3852-66d3854 761->763 762->760 763->760 767 66d3874 765->767 768 66d3876-66d3878 765->768 766->734 767->766 768->766 776->669 777->669
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-155944776
                        • Opcode ID: 5cb73b63a6b9b43d40c64f1875526122371b06c7695ae71c1cfbefeb96172109
                        • Instruction ID: 08ab40784270abfc82fcd8dbe4eb2f466e6a77dbe606412897809e8c225382cf
                        • Opcode Fuzzy Hash: 5cb73b63a6b9b43d40c64f1875526122371b06c7695ae71c1cfbefeb96172109
                        • Instruction Fuzzy Hash: 61321D30E1061A9FCB14EF65D8945ADB7B2FFC9300F50C66AD409BB364EB70A985CB91
                        Function 066D7E50 Relevance: 3.0, Strings: 2, Instructions: 470COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1318 66d7e50-66d7e6e 1319 66d7e70-66d7e73 1318->1319 1320 66d7e75-66d7e7f 1319->1320 1321 66d7e80-66d7e83 1319->1321 1322 66d7e85-66d7e9f 1321->1322 1323 66d7ea4-66d7ea7 1321->1323 1322->1323 1324 66d7ea9-66d7ec5 1323->1324 1325 66d7eca-66d7ecd 1323->1325 1324->1325 1326 66d7ecf-66d7edd 1325->1326 1327 66d7ee4-66d7ee6 1325->1327 1333 66d7ef6-66d7f0c 1326->1333 1336 66d7edf 1326->1336 1330 66d7eed-66d7ef0 1327->1330 1331 66d7ee8 1327->1331 1330->1319 1330->1333 1331->1330 1338 66d8127-66d8131 1333->1338 1339 66d7f12-66d7f1b 1333->1339 1336->1327 1340 66d7f21-66d7f3e 1339->1340 1341 66d8132-66d8167 1339->1341 1348 66d8114-66d8121 1340->1348 1349 66d7f44-66d7f6c 1340->1349 1344 66d8169-66d816c 1341->1344 1346 66d821f-66d8222 1344->1346 1347 66d8172-66d817e 1344->1347 1350 66d844e-66d8451 1346->1350 1351 66d8228-66d8237 1346->1351 1354 66d8189-66d818b 1347->1354 1348->1338 1348->1339 1349->1348 1376 66d7f72-66d7f7b 1349->1376 1352 66d8474-66d8476 1350->1352 1353 66d8453-66d846f 1350->1353 1361 66d8239-66d8254 1351->1361 1362 66d8256-66d8291 1351->1362 1357 66d847d-66d8480 1352->1357 1358 66d8478 1352->1358 1353->1352 1359 66d818d-66d8193 1354->1359 1360 66d81a3-66d81aa 1354->1360 1357->1344 1364 66d8486-66d848f 1357->1364 1358->1357 1365 66d8195 1359->1365 1366 66d8197-66d8199 1359->1366 1367 66d81ac-66d81b9 1360->1367 1368 66d81bb 1360->1368 1361->1362 1377 66d8297-66d82a8 1362->1377 1378 66d8422-66d8438 1362->1378 1365->1360 1366->1360 1369 66d81c0-66d81c2 1367->1369 1368->1369 1371 66d81d9-66d8212 1369->1371 1372 66d81c4-66d81c7 1369->1372 1371->1351 1399 66d8214-66d821e 1371->1399 1372->1364 1376->1341 1379 66d7f81-66d7f9d 1376->1379 1386 66d840d-66d841c 1377->1386 1387 66d82ae-66d82cb 1377->1387 1378->1350 1388 66d7fa3-66d7fcd 1379->1388 1389 66d8102-66d810e 1379->1389 1386->1377 1386->1378 1387->1386 1398 66d82d1-66d83c7 call 66d6670 1387->1398 1402 66d80f8-66d80fd 1388->1402 1403 66d7fd3-66d7ffb 1388->1403 1389->1348 1389->1376 1451 66d83c9-66d83d3 1398->1451 1452 66d83d5 1398->1452 1402->1389 1403->1402 1409 66d8001-66d802f 1403->1409 1409->1402 1415 66d8035-66d803e 1409->1415 1415->1402 1416 66d8044-66d8076 1415->1416 1424 66d8078-66d807c 1416->1424 1425 66d8081-66d809d 1416->1425 1424->1402 1426 66d807e 1424->1426 1425->1389 1427 66d809f-66d80f6 call 66d6670 1425->1427 1426->1425 1427->1389 1453 66d83da-66d83dc 1451->1453 1452->1453 1453->1386 1454 66d83de-66d83e3 1453->1454 1455 66d83e5-66d83ef 1454->1455 1456 66d83f1 1454->1456 1457 66d83f6-66d83f8 1455->1457 1456->1457 1457->1386 1458 66d83fa-66d8406 1457->1458 1458->1386
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q
                        • API String ID: 0-458585787
                        • Opcode ID: 0366c78a829ebf7d515316b5dea6944d45ce8abdf755eccc3ef10ca08bda7753
                        • Instruction ID: a2946934b667e9ffb480c953d020a9dc8faa3a75ed94f9a6d69b8cd186e02be9
                        • Opcode Fuzzy Hash: 0366c78a829ebf7d515316b5dea6944d45ce8abdf755eccc3ef10ca08bda7753
                        • Instruction Fuzzy Hash: 47029A30F002069FDB54DF68D998AAEBBA2FF84344F248529D415EB394DB35EC46CB81
                        Function 066D5258 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2351 66d5258-66d5277 2353 66d5278-66d527b 2351->2353 2354 66d527d-66d5283 2353->2354 2355 66d528e-66d5291 2353->2355 2356 66d5289 2354->2356 2357 66d53ab-66d53ae 2354->2357 2358 66d52b7-66d52ba 2355->2358 2359 66d5293-66d52b2 2355->2359 2356->2355 2360 66d53b3-66d53b6 2357->2360 2361 66d52cd-66d52d0 2358->2361 2362 66d52bc-66d52c2 2358->2362 2359->2358 2364 66d53b8-66d53bb 2360->2364 2365 66d53c0-66d53c3 2360->2365 2368 66d530e-66d5311 2361->2368 2369 66d52d2-66d52db 2361->2369 2366 66d53ee-66d53f8 2362->2366 2367 66d52c8 2362->2367 2364->2365 2374 66d53d9-66d53dc 2365->2374 2375 66d53c5-66d53ce 2365->2375 2379 66d53ff-66d5401 2366->2379 2367->2361 2372 66d532e-66d5331 2368->2372 2373 66d5313-66d5329 2368->2373 2370 66d52e1-66d52e9 2369->2370 2371 66d5442-66d546b 2369->2371 2370->2371 2376 66d52ef-66d52ff 2370->2376 2401 66d5475-66d5478 2371->2401 2380 66d5345-66d5348 2372->2380 2381 66d5333-66d5340 2372->2381 2373->2372 2377 66d53de-66d53e2 2374->2377 2378 66d53e9-66d53ec 2374->2378 2375->2369 2383 66d53d4 2375->2383 2376->2371 2384 66d5305-66d5309 2376->2384 2385 66d5434-66d5441 2377->2385 2386 66d53e4 2377->2386 2378->2366 2387 66d5406-66d5409 2378->2387 2379->2387 2389 66d534a-66d535c 2380->2389 2390 66d5361-66d5364 2380->2390 2381->2380 2383->2374 2384->2368 2386->2378 2394 66d540b-66d5414 2387->2394 2395 66d5415-66d5418 2387->2395 2389->2390 2392 66d537a-66d537d 2390->2392 2393 66d5366-66d5375 2390->2393 2392->2362 2397 66d5383-66d5386 2392->2397 2393->2392 2398 66d541a-66d541d 2395->2398 2399 66d5422-66d5424 2395->2399 2405 66d5388-66d538d 2397->2405 2406 66d5390-66d5393 2397->2406 2398->2399 2407 66d542b-66d542e 2399->2407 2408 66d5426 2399->2408 2402 66d548c-66d548f 2401->2402 2403 66d547a-66d5481 2401->2403 2411 66d5491-66d549b 2402->2411 2412 66d54a0-66d54a3 2402->2412 2409 66d555a-66d5561 2403->2409 2410 66d5487 2403->2410 2405->2406 2413 66d5395-66d539c 2406->2413 2414 66d53a1-66d53a4 2406->2414 2407->2353 2407->2385 2408->2407 2410->2402 2411->2412 2415 66d54c5-66d54c8 2412->2415 2416 66d54a5-66d54a9 2412->2416 2413->2414 2414->2375 2417 66d53a6-66d53a9 2414->2417 2421 66d54ca-66d54d1 2415->2421 2422 66d54d2-66d54d5 2415->2422 2419 66d54af-66d54b7 2416->2419 2420 66d5562-66d559c 2416->2420 2417->2357 2417->2360 2419->2420 2423 66d54bd-66d54c0 2419->2423 2431 66d559e-66d55a1 2420->2431 2424 66d54d7-66d54db 2422->2424 2425 66d54f3-66d54f6 2422->2425 2423->2415 2424->2420 2429 66d54e1-66d54e9 2424->2429 2426 66d54f8-66d54fc 2425->2426 2427 66d5510-66d5513 2425->2427 2426->2420 2430 66d54fe-66d5506 2426->2430 2432 66d552d-66d5530 2427->2432 2433 66d5515-66d5519 2427->2433 2429->2420 2434 66d54eb-66d54ee 2429->2434 2430->2420 2435 66d5508-66d550b 2430->2435 2436 66d55af-66d55b2 2431->2436 2437 66d55a3-66d55aa 2431->2437 2439 66d5548-66d554a 2432->2439 2440 66d5532-66d5543 2432->2440 2433->2420 2438 66d551b-66d5523 2433->2438 2434->2425 2435->2427 2441 66d55b4-66d55bb 2436->2441 2442 66d55c0-66d55c3 2436->2442 2437->2436 2438->2420 2443 66d5525-66d5528 2438->2443 2444 66d554c 2439->2444 2445 66d5551-66d5554 2439->2445 2440->2439 2441->2442 2446 66d58ac-66d58af 2442->2446 2447 66d55c9-66d575d 2442->2447 2443->2432 2444->2445 2445->2401 2445->2409 2449 66d58b9-66d58bc 2446->2449 2450 66d58b1-66d58b6 2446->2450 2501 66d5896-66d58a9 2447->2501 2502 66d5763-66d576a 2447->2502 2449->2447 2451 66d58c2-66d58c5 2449->2451 2450->2449 2453 66d58df-66d58e2 2451->2453 2454 66d58c7-66d58d8 2451->2454 2456 66d58e4-66d58f5 2453->2456 2457 66d5900-66d5903 2453->2457 2459 66d5905-66d5918 2454->2459 2462 66d58da 2454->2462 2456->2441 2465 66d58fb 2456->2465 2458 66d591b-66d591e 2457->2458 2457->2459 2458->2447 2461 66d5924-66d5927 2458->2461 2467 66d5929-66d593a 2461->2467 2468 66d5945-66d5948 2461->2468 2462->2453 2465->2457 2467->2441 2478 66d5940 2467->2478 2470 66d594a-66d595b 2468->2470 2471 66d5966-66d5969 2468->2471 2470->2441 2482 66d5961 2470->2482 2472 66d596b-66d597c 2471->2472 2473 66d5987-66d5989 2471->2473 2472->2456 2484 66d5982 2472->2484 2476 66d598b 2473->2476 2477 66d5990-66d5993 2473->2477 2476->2477 2477->2431 2481 66d5999-66d59a2 2477->2481 2478->2468 2482->2471 2484->2473 2503 66d581e-66d5825 2502->2503 2504 66d5770-66d5793 2502->2504 2503->2501 2505 66d5827-66d585a 2503->2505 2513 66d579b-66d57a3 2504->2513 2517 66d585c 2505->2517 2518 66d585f-66d588c 2505->2518 2515 66d57a8-66d57e9 2513->2515 2516 66d57a5 2513->2516 2526 66d57eb-66d57fc 2515->2526 2527 66d5801-66d5812 2515->2527 2516->2515 2517->2518 2518->2481 2526->2481 2527->2481
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $
                        • API String ID: 0-3993045852
                        • Opcode ID: 588253c0b33d8ece5e2110df5b074e7b711503cd3963413f2ad07edab45430e0
                        • Instruction ID: 805c2444418d86c27effd4fec9344248f1bbb655e81729338ff057759064410a
                        • Opcode Fuzzy Hash: 588253c0b33d8ece5e2110df5b074e7b711503cd3963413f2ad07edab45430e0
                        • Instruction Fuzzy Hash: 6E22CF75E002199FDF64CBA4C4806AEBBF2FF88325F24856AD44AAB744DB35DC41CB91
                        Function 015C70B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 015C7127
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2506519629.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_15c0000_InstallUtil.jbxd
                        Similarity
                        • API ID: CheckDebuggerPresentRemote
                        • String ID:
                        • API String ID: 3662101638-0
                        • Opcode ID: 7de739e2edb0e42c0081d9e79ad8357aeffddc10a1646c03bb3f762e44f5e67c
                        • Instruction ID: 49b1821b78707ddfcde7b8dadcc84cac47a16f509017d3c4e23b7563d7f05e99
                        • Opcode Fuzzy Hash: 7de739e2edb0e42c0081d9e79ad8357aeffddc10a1646c03bb3f762e44f5e67c
                        • Instruction Fuzzy Hash: A92114B1C002598FDB10CF9AD885BEEBBF4BF49310F14845AE459B7250D778A944CFA1
                        Function 066D66C0 Relevance: .8, Instructions: 813COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 957ccf56757946e59aa01f401ec5a6a03e76cd33083c79b521da4e4175312055
                        • Instruction ID: 569cd9e207c1102a7ab69752a79052caf3b5dcb64d6e56fdd827764ec5674ebb
                        • Opcode Fuzzy Hash: 957ccf56757946e59aa01f401ec5a6a03e76cd33083c79b521da4e4175312055
                        • Instruction Fuzzy Hash: 77629A30E002099FDB54DB68D994AADBBF2FF88314F148569E406EB394DB35EC46CB91
                        Function 066DC250 Relevance: .6, Instructions: 641COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9c06b09285e5ce1df5304938761ee4c51d13d9f640f6f969f1ad2b7c9f4422a3
                        • Instruction ID: 18c7909c7d28ef618ba6c0de211086870bdea80f01429c86958878b6f3db3769
                        • Opcode Fuzzy Hash: 9c06b09285e5ce1df5304938761ee4c51d13d9f640f6f969f1ad2b7c9f4422a3
                        • Instruction Fuzzy Hash: 43327E30F102099FDB54DF68D990AADBBB6FB88310F508529E505EB364DB39EC46CB91
                        Function 066DB2F0 Relevance: .6, Instructions: 579COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: beb3a741731269b6ca19db99fa247d2528cb45be5348cd66f1edcb0cd3744b3d
                        • Instruction ID: 7e70c6cc868be3d03d7b12d439b2269ee6331c9b8f09e91962284aa55cd65af2
                        • Opcode Fuzzy Hash: beb3a741731269b6ca19db99fa247d2528cb45be5348cd66f1edcb0cd3744b3d
                        • Instruction Fuzzy Hash: BC2293B0E102099BDF64CF69D5807AEB7F1FB45310F658829E409EB399DA38DC85CB91
                        Function 066DAD98 Relevance: 10.4, Strings: 8, Instructions: 390COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 526 66dad98-66dadb6 527 66dadb8-66dadbb 526->527 528 66dadbd-66dadd9 527->528 529 66dadde-66dade1 527->529 528->529 530 66dadeb-66dadee 529->530 531 66dade3-66dade8 529->531 533 66dafb5-66dafbe 530->533 534 66dadf4-66dadf7 530->534 531->530 537 66dafc4-66dafce 533->537 538 66dae41-66dae4a 533->538 535 66dadf9-66dae06 534->535 536 66dae0b-66dae0e 534->536 535->536 542 66dae28-66dae2b 536->542 543 66dae10-66dae23 536->543 540 66dafcf-66db006 538->540 541 66dae50-66dae54 538->541 555 66db008-66db00b 540->555 544 66dae59-66dae5c 541->544 546 66dae2d-66dae31 542->546 547 66dae3c-66dae3f 542->547 543->542 549 66dae6c-66dae6e 544->549 550 66dae5e-66dae67 544->550 546->537 548 66dae37 546->548 547->538 547->544 548->547 553 66dae75-66dae78 549->553 554 66dae70 549->554 550->549 553->527 558 66dae7e-66daea2 553->558 554->553 556 66db00d call 66db2f0 555->556 557 66db01a-66db01d 555->557 561 66db013-66db015 556->561 559 66db01f-66db023 557->559 560 66db02a-66db02d 557->560 577 66daea8-66daeb7 558->577 578 66dafb2 558->578 562 66db069-66db0a4 559->562 563 66db025 559->563 565 66db02f-66db04b 560->565 566 66db050-66db053 560->566 561->557 575 66db0aa-66db0b6 562->575 576 66db297-66db2aa 562->576 563->560 565->566 567 66db055-66db05f 566->567 568 66db060-66db063 566->568 568->562 569 66db2cc-66db2ce 568->569 573 66db2d5-66db2d8 569->573 574 66db2d0 569->574 573->555 580 66db2de-66db2e8 573->580 574->573 586 66db0b8-66db0d1 575->586 587 66db0d6-66db11a 575->587 581 66db2ac 576->581 584 66daecf-66daf0a call 66d6670 577->584 585 66daeb9-66daebf 577->585 578->533 581->569 603 66daf0c-66daf12 584->603 604 66daf22-66daf39 584->604 588 66daec1 585->588 589 66daec3-66daec5 585->589 586->581 601 66db11c-66db12e 587->601 602 66db136-66db175 587->602 588->584 589->584 601->602 610 66db25c-66db271 602->610 611 66db17b-66db256 call 66d6670 602->611 605 66daf14 603->605 606 66daf16-66daf18 603->606 616 66daf3b-66daf41 604->616 617 66daf51-66daf62 604->617 605->604 606->604 610->576 611->610 619 66daf45-66daf47 616->619 620 66daf43 616->620 623 66daf7a-66dafab 617->623 624 66daf64-66daf6a 617->624 619->617 620->617 623->578 626 66daf6c 624->626 627 66daf6e-66daf70 624->627 626->623 627->623
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-2216122830
                        • Opcode ID: 433e626283fdf63f71580aecb188146b7ab806d57c22ae778489b755e4efc0b6
                        • Instruction ID: 67360bdd57641bee83b58c87eb15f1992919eac3dfa1424ff3faf46394341c34
                        • Opcode Fuzzy Hash: 433e626283fdf63f71580aecb188146b7ab806d57c22ae778489b755e4efc0b6
                        • Instruction Fuzzy Hash: 60E16D70E1020A9FDB65DFA8D9906AEB7B2FF84304F508529E409EB358DB74DC46CB91
                        Function 066DB718 Relevance: 8.0, Strings: 6, Instructions: 468COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 778 66db718-66db73a 779 66db73c-66db73f 778->779 780 66db749-66db74c 779->780 781 66db741-66db746 779->781 782 66db74e-66db750 780->782 783 66db753-66db756 780->783 781->780 782->783 784 66db769-66db76c 783->784 785 66db758-66db764 783->785 786 66db77e-66db781 784->786 787 66db76e 784->787 785->784 788 66db78b-66db78e 786->788 789 66db783-66db786 786->789 793 66db776-66db779 787->793 791 66db794-66db797 788->791 792 66dba21-66dba22 788->792 789->788 794 66db799-66db7f6 call 66d6670 791->794 795 66db7fb-66db7fe 791->795 796 66dba27-66dba2a 792->796 793->786 794->795 797 66db815-66db818 795->797 798 66db800-66db804 795->798 799 66dba2c-66dba41 796->799 800 66dba64-66dba67 796->800 806 66db82f-66db832 797->806 807 66db81a-66db81d 797->807 803 66db80a-66db810 798->803 804 66dbab7-66dbaee 798->804 799->804 820 66dba43-66dba5f 799->820 801 66dba69-66dba6f 800->801 802 66dba74-66dba77 800->802 801->802 808 66dba79-66dba7d 802->808 809 66dba9a-66dba9c 802->809 803->797 822 66dbaf0-66dbaf3 804->822 806->792 812 66db838-66db83b 806->812 807->804 811 66db823-66db82a 807->811 808->804 814 66dba7f-66dba8f 808->814 816 66dba9e 809->816 817 66dbaa3-66dbaa6 809->817 811->806 818 66db83d-66db846 812->818 819 66db84b-66db84e 812->819 827 66db86a-66db86e 814->827 839 66dba95 814->839 816->817 817->779 823 66dbaac-66dbab6 817->823 818->819 824 66db865-66db868 819->824 825 66db850-66db854 819->825 820->800 829 66dbaf5-66dbb11 822->829 830 66dbb16-66dbb19 822->830 826 66db88f-66db892 824->826 824->827 825->804 833 66db85a-66db860 825->833 835 66db8dc-66db8df 826->835 836 66db894-66db897 826->836 827->804 834 66db874-66db884 827->834 829->830 837 66dbb1f-66dbb47 830->837 838 66dbd85-66dbd87 830->838 833->824 834->792 856 66db88a 834->856 835->807 846 66db8e5 835->846 843 66db899-66db8a2 836->843 844 66db8b4-66db8b7 836->844 877 66dbb49-66dbb4c 837->877 878 66dbb51-66dbb95 837->878 841 66dbd8e-66dbd91 838->841 842 66dbd89 838->842 839->809 841->822 849 66dbd97-66dbda0 841->849 842->841 843->804 850 66db8a8-66db8af 843->850 852 66db8ce-66db8d1 844->852 853 66db8b9-66db8bd 844->853 847 66db8ea-66db8ed 846->847 854 66db8ef-66db8f3 847->854 855 66db914-66db917 847->855 850->844 852->792 859 66db8d7-66db8da 852->859 853->804 858 66db8c3-66db8c9 853->858 854->804 861 66db8f9-66db909 854->861 862 66db919-66db91c 855->862 863 66db921-66db924 855->863 856->826 858->852 859->835 859->847 861->808 875 66db90f 861->875 862->863 866 66db946-66db949 863->866 867 66db926-66db941 863->867 870 66db959-66db95c 866->870 871 66db94b-66db954 866->871 867->866 872 66db97f-66db982 870->872 873 66db95e-66db97a 870->873 871->870 879 66db984-66db987 872->879 880 66db9c6-66db9cf 872->880 873->872 875->855 877->849 900 66dbb9b-66dbba4 878->900 901 66dbd7a-66dbd84 878->901 884 66db989-66db990 879->884 885 66db99b-66db99e 879->885 880->843 881 66db9d5 880->881 887 66db9da-66db9dd 881->887 884->818 888 66db996 884->888 889 66db9ae-66db9b1 885->889 890 66db9a0-66db9a9 885->890 891 66dba1c-66dba1f 887->891 892 66db9df-66db9f4 887->892 888->885 895 66db9c1-66db9c4 889->895 896 66db9b3-66db9bc 889->896 890->889 891->792 891->796 892->804 899 66db9fa-66dba17 892->899 895->880 895->887 896->895 899->891 902 66dbbaa-66dbc16 call 66d6670 900->902 903 66dbd70-66dbd75 900->903 912 66dbc1c-66dbc21 902->912 913 66dbd10-66dbd25 902->913 903->901 914 66dbc3d 912->914 915 66dbc23-66dbc29 912->915 913->903 919 66dbc3f-66dbc45 914->919 917 66dbc2f-66dbc31 915->917 918 66dbc2b-66dbc2d 915->918 920 66dbc3b 917->920 918->920 921 66dbc5a-66dbc67 919->921 922 66dbc47-66dbc4d 919->922 920->919 929 66dbc7f-66dbc8c 921->929 930 66dbc69-66dbc6f 921->930 923 66dbcfb-66dbd0a 922->923 924 66dbc53 922->924 923->912 923->913 924->921 925 66dbc8e-66dbc9b 924->925 926 66dbcc2-66dbccf 924->926 938 66dbc9d-66dbca3 925->938 939 66dbcb3-66dbcc0 925->939 935 66dbce7-66dbcf4 926->935 936 66dbcd1-66dbcd7 926->936 929->923 931 66dbc71 930->931 932 66dbc73-66dbc75 930->932 931->929 932->929 935->923 940 66dbcd9 936->940 941 66dbcdb-66dbcdd 936->941 942 66dbca5 938->942 943 66dbca7-66dbca9 938->943 939->923 940->935 941->935 942->939 943->939
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-155944776
                        • Opcode ID: 80054ffdd2415c00ff77526c41cb8e58f9e88b2f4f247b2bcb88bc3f1b90b67c
                        • Instruction ID: 6dbad00da91c01e3ddaad68a0738ebe9ae796bded70d3884ad7b3c41cdc32b64
                        • Opcode Fuzzy Hash: 80054ffdd2415c00ff77526c41cb8e58f9e88b2f4f247b2bcb88bc3f1b90b67c
                        • Instruction Fuzzy Hash: 47028DB0E0020A9FDFA4CF68D5806ADB7B1FB85300F25856AD419EB359DB74EC46CB91
                        Function 066D9218 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 946 66d9218-66d923d 947 66d923f-66d9242 946->947 948 66d9268-66d926b 947->948 949 66d9244-66d9263 947->949 950 66d926e-66d9286 948->950 951 66d9b2b-66d9b2d 948->951 949->948 958 66d929e-66d92b4 950->958 959 66d9288-66d928e 950->959 953 66d9b2f 951->953 954 66d9b34-66d9b37 951->954 953->954 954->947 956 66d9b3d-66d9b47 954->956 963 66d92bf-66d92c1 958->963 960 66d9290 959->960 961 66d9292-66d9294 959->961 960->958 961->958 964 66d92d9-66d934a 963->964 965 66d92c3-66d92c9 963->965 976 66d934c-66d936f 964->976 977 66d9376-66d9392 964->977 966 66d92cd-66d92cf 965->966 967 66d92cb 965->967 966->964 967->964 976->977 982 66d93be-66d93d9 977->982 983 66d9394-66d93b7 977->983 988 66d93db-66d93fd 982->988 989 66d9404-66d941f 982->989 983->982 988->989 994 66d944a-66d9454 989->994 995 66d9421-66d9443 989->995 996 66d9464-66d94de 994->996 997 66d9456-66d945f 994->997 995->994 1003 66d952b-66d9540 996->1003 1004 66d94e0-66d94fe 996->1004 997->956 1003->951 1008 66d951a-66d9529 1004->1008 1009 66d9500-66d950f 1004->1009 1008->1003 1008->1004 1009->1008
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q
                        • API String ID: 0-1171383116
                        • Opcode ID: f47ad8dec5d749dcf5a68279a14c9e56dbb915b9e19c9f2dd5aac23d597b089f
                        • Instruction ID: d4c4def83187697aa9a27168bf0c04c7e44e024009145a624983867cc9780423
                        • Opcode Fuzzy Hash: f47ad8dec5d749dcf5a68279a14c9e56dbb915b9e19c9f2dd5aac23d597b089f
                        • Instruction Fuzzy Hash: F3915930F1020A9FDB54DF64D9507AEB7F2FB89304F108669C909EB798EA749C46CB91
                        Function 066DD018 Relevance: 4.5, Strings: 3, Instructions: 796COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1012 66dd018-66dd033 1013 66dd035-66dd038 1012->1013 1014 66dd03a-66dd07c 1013->1014 1015 66dd081-66dd084 1013->1015 1014->1015 1016 66dd086-66dd088 1015->1016 1017 66dd093-66dd096 1015->1017 1018 66dd4fd 1016->1018 1019 66dd08e 1016->1019 1020 66dd0df-66dd0e2 1017->1020 1021 66dd098-66dd0da 1017->1021 1025 66dd500-66dd50c 1018->1025 1019->1017 1023 66dd105-66dd108 1020->1023 1024 66dd0e4-66dd100 1020->1024 1021->1020 1026 66dd10a-66dd14c 1023->1026 1027 66dd151-66dd154 1023->1027 1024->1023 1029 66dd29c-66dd2ab 1025->1029 1030 66dd512-66dd7ff 1025->1030 1026->1027 1033 66dd19d-66dd1a0 1027->1033 1034 66dd156-66dd198 1027->1034 1035 66dd2ad-66dd2b2 1029->1035 1036 66dd2ba-66dd2c6 1029->1036 1224 66dd805-66dd80b 1030->1224 1225 66dda26-66dda30 1030->1225 1037 66dd1aa-66dd1ad 1033->1037 1038 66dd1a2-66dd1a7 1033->1038 1034->1033 1035->1036 1039 66dd2cc-66dd2de 1036->1039 1040 66dda31-66dda66 1036->1040 1037->1025 1045 66dd1b3-66dd1b6 1037->1045 1038->1037 1060 66dd2e3-66dd2e6 1039->1060 1059 66dda68-66dda6b 1040->1059 1049 66dd1ff-66dd202 1045->1049 1050 66dd1b8-66dd1fa 1045->1050 1056 66dd24b-66dd24e 1049->1056 1057 66dd204-66dd246 1049->1057 1050->1049 1068 66dd297-66dd29a 1056->1068 1069 66dd250-66dd25f 1056->1069 1057->1056 1066 66dda6d-66dda89 1059->1066 1067 66dda8e-66dda91 1059->1067 1070 66dd32f-66dd332 1060->1070 1071 66dd2e8-66dd32a 1060->1071 1066->1067 1072 66ddaa0-66ddaa3 1067->1072 1073 66dda93 call 66ddb85 1067->1073 1068->1029 1068->1060 1078 66dd26e-66dd27a 1069->1078 1079 66dd261-66dd266 1069->1079 1075 66dd34f-66dd352 1070->1075 1076 66dd334-66dd34a 1070->1076 1071->1070 1081 66ddaa5-66ddad1 1072->1081 1082 66ddad6-66ddad8 1072->1082 1091 66dda99-66dda9b 1073->1091 1083 66dd39b-66dd39e 1075->1083 1084 66dd354-66dd396 1075->1084 1076->1075 1078->1040 1085 66dd280-66dd292 1078->1085 1079->1078 1081->1082 1093 66ddadf-66ddae2 1082->1093 1094 66ddada 1082->1094 1097 66dd3a9-66dd3ab 1083->1097 1098 66dd3a0-66dd3a2 1083->1098 1084->1083 1085->1068 1091->1072 1093->1059 1101 66ddae4-66ddaf3 1093->1101 1094->1093 1108 66dd3ad 1097->1108 1109 66dd3b2-66dd3b5 1097->1109 1106 66dd3bb-66dd3c4 1098->1106 1107 66dd3a4 1098->1107 1124 66ddb5a-66ddb6f 1101->1124 1125 66ddaf5-66ddb58 call 66d6670 1101->1125 1111 66dd3c6-66dd3cb 1106->1111 1112 66dd3d3-66dd3df 1106->1112 1107->1097 1108->1109 1109->1013 1109->1106 1111->1112 1117 66dd3e5-66dd3f9 1112->1117 1118 66dd4f0-66dd4f5 1112->1118 1117->1018 1133 66dd3ff-66dd411 1117->1133 1118->1018 1125->1124 1142 66dd435-66dd437 1133->1142 1143 66dd413-66dd419 1133->1143 1149 66dd441-66dd44d 1142->1149 1146 66dd41d-66dd429 1143->1146 1147 66dd41b 1143->1147 1150 66dd42b-66dd433 1146->1150 1147->1150 1157 66dd44f-66dd459 1149->1157 1158 66dd45b 1149->1158 1150->1149 1159 66dd460-66dd462 1157->1159 1158->1159 1159->1018 1162 66dd468-66dd484 call 66d6670 1159->1162 1170 66dd486-66dd48b 1162->1170 1171 66dd493-66dd49f 1162->1171 1170->1171 1171->1118 1174 66dd4a1-66dd4ee 1171->1174 1174->1018 1226 66dd80d-66dd812 1224->1226 1227 66dd81a-66dd823 1224->1227 1226->1227 1227->1040 1228 66dd829-66dd83c 1227->1228 1230 66dda16-66dda20 1228->1230 1231 66dd842-66dd848 1228->1231 1230->1224 1230->1225 1232 66dd84a-66dd84f 1231->1232 1233 66dd857-66dd860 1231->1233 1232->1233 1233->1040 1234 66dd866-66dd887 1233->1234 1237 66dd889-66dd88e 1234->1237 1238 66dd896-66dd89f 1234->1238 1237->1238 1238->1040 1239 66dd8a5-66dd8c2 1238->1239 1239->1230 1242 66dd8c8-66dd8ce 1239->1242 1242->1040 1243 66dd8d4-66dd8ed 1242->1243 1245 66dda09-66dda10 1243->1245 1246 66dd8f3-66dd91a 1243->1246 1245->1230 1245->1242 1246->1040 1249 66dd920-66dd92a 1246->1249 1249->1040 1250 66dd930-66dd947 1249->1250 1252 66dd949-66dd954 1250->1252 1253 66dd956-66dd971 1250->1253 1252->1253 1253->1245 1258 66dd977-66dd990 call 66d6670 1253->1258 1262 66dd99f-66dd9a8 1258->1262 1263 66dd992-66dd997 1258->1263 1262->1040 1264 66dd9ae-66dda02 1262->1264 1263->1262 1264->1245
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q
                        • API String ID: 0-2441406858
                        • Opcode ID: eeab22de4a17a19b72e3cbed4b0330d680ee4eb9f82235913206b6eddb17630a
                        • Instruction ID: 4b479a2e2c85694e5d1bf55368522d728562ee774f5ff88705d8d6042d7ea642
                        • Opcode Fuzzy Hash: eeab22de4a17a19b72e3cbed4b0330d680ee4eb9f82235913206b6eddb17630a
                        • Instruction Fuzzy Hash: 2B621D30A0020A9FCB55EF78D590A5DB7F2FF84304B648A68D005AF369DB75ED4ACB81
                        Function 066D4820 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1272 66d4820-66d4844 1273 66d4846-66d4849 1272->1273 1274 66d484f-66d4947 1273->1274 1275 66d4f28-66d4f2b 1273->1275 1295 66d494d-66d499a call 66d50c8 1274->1295 1296 66d49ca-66d49d1 1274->1296 1276 66d4f2d-66d4f47 1275->1276 1277 66d4f4c-66d4f4e 1275->1277 1276->1277 1278 66d4f55-66d4f58 1277->1278 1279 66d4f50 1277->1279 1278->1273 1281 66d4f5e-66d4f6b 1278->1281 1279->1278 1309 66d49a0-66d49bc 1295->1309 1297 66d4a55-66d4a5e 1296->1297 1298 66d49d7-66d4a47 1296->1298 1297->1281 1315 66d4a49 1298->1315 1316 66d4a52 1298->1316 1312 66d49be 1309->1312 1313 66d49c7 1309->1313 1312->1313 1313->1296 1315->1316 1316->1297
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: fdq$XPdq$\Odq
                        • API String ID: 0-727959394
                        • Opcode ID: 5c4a195e9c72054599dce468ca5afee7bfc6114f3836fd9f4cd812d9ab43c730
                        • Instruction ID: 700a1e6fb3d1de8cc1e9793fa68917e8ed8d4a06136aa1bc5a7a1743bde94368
                        • Opcode Fuzzy Hash: 5c4a195e9c72054599dce468ca5afee7bfc6114f3836fd9f4cd812d9ab43c730
                        • Instruction Fuzzy Hash: 2E615C71E002099FEB54DFA5C8547AEBAF6FF88340F208529D60AEB394DE754C05CB91
                        Function 066D9208 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2283 66d9208-66d920c 2284 66d926e-66d9286 2283->2284 2285 66d920e-66d923d 2283->2285 2291 66d929e-66d92b4 2284->2291 2292 66d9288-66d928e 2284->2292 2288 66d923f-66d9242 2285->2288 2289 66d9268-66d926b 2288->2289 2290 66d9244-66d9263 2288->2290 2289->2284 2293 66d9b2b-66d9b2d 2289->2293 2290->2289 2302 66d92bf-66d92c1 2291->2302 2294 66d9290 2292->2294 2295 66d9292-66d9294 2292->2295 2297 66d9b2f 2293->2297 2298 66d9b34-66d9b37 2293->2298 2294->2291 2295->2291 2297->2298 2298->2288 2300 66d9b3d-66d9b47 2298->2300 2303 66d92d9-66d934a 2302->2303 2304 66d92c3-66d92c9 2302->2304 2315 66d934c-66d936f 2303->2315 2316 66d9376-66d9392 2303->2316 2305 66d92cd-66d92cf 2304->2305 2306 66d92cb 2304->2306 2305->2303 2306->2303 2315->2316 2321 66d93be-66d93d9 2316->2321 2322 66d9394-66d93b7 2316->2322 2327 66d93db-66d93fd 2321->2327 2328 66d9404-66d941f 2321->2328 2322->2321 2327->2328 2333 66d944a-66d9454 2328->2333 2334 66d9421-66d9443 2328->2334 2335 66d9464-66d94de 2333->2335 2336 66d9456-66d945f 2333->2336 2334->2333 2342 66d952b-66d9540 2335->2342 2343 66d94e0-66d94fe 2335->2343 2336->2300 2342->2293 2347 66d951a-66d9529 2343->2347 2348 66d9500-66d950f 2343->2348 2347->2342 2347->2343 2348->2347
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q
                        • API String ID: 0-458585787
                        • Opcode ID: 27f432df43508be95918e570f0d1be243df20b7c26a0c33b1278c4f8d41e228c
                        • Instruction ID: 66c6ae76f3ff8509d5965432f99cbde72b3ac5600ffebadfbded7c96d7a8a13b
                        • Opcode Fuzzy Hash: 27f432df43508be95918e570f0d1be243df20b7c26a0c33b1278c4f8d41e228c
                        • Instruction Fuzzy Hash: 1A515D30F1020A9FDB54DF74D9507AE77F6EB89310F108669C909EB794EA349C46CB91
                        Function 05A9F228 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 2530 5a9f228-5a9f237 2531 5a9f239-5a9f246 call 5a9e15c 2530->2531 2532 5a9f263-5a9f267 2530->2532 2539 5a9f248-5a9f256 call 5a9f4b0 2531->2539 2540 5a9f25c 2531->2540 2534 5a9f269-5a9f273 2532->2534 2535 5a9f27b-5a9f2bc 2532->2535 2534->2535 2541 5a9f2c9-5a9f2d7 2535->2541 2542 5a9f2be-5a9f2c6 2535->2542 2539->2540 2548 5a9f398-5a9f410 2539->2548 2540->2532 2543 5a9f2d9-5a9f2de 2541->2543 2544 5a9f2fb-5a9f2fd 2541->2544 2542->2541 2546 5a9f2e9 2543->2546 2547 5a9f2e0-5a9f2e7 call 5a9e168 2543->2547 2549 5a9f300-5a9f307 2544->2549 2553 5a9f2eb-5a9f2f9 2546->2553 2547->2553 2580 5a9f412-5a9f451 2548->2580 2581 5a9f454-5a9f458 2548->2581 2550 5a9f309-5a9f311 2549->2550 2551 5a9f314-5a9f31b 2549->2551 2550->2551 2554 5a9f328-5a9f331 call 5a9799c 2551->2554 2555 5a9f31d-5a9f325 2551->2555 2553->2549 2561 5a9f33e-5a9f343 2554->2561 2562 5a9f333-5a9f33b 2554->2562 2555->2554 2563 5a9f361-5a9f36e 2561->2563 2564 5a9f345-5a9f34c 2561->2564 2562->2561 2570 5a9f391-5a9f397 2563->2570 2571 5a9f370-5a9f38e 2563->2571 2564->2563 2566 5a9f34e-5a9f35e call 5a9dfd8 call 5a9e178 2564->2566 2566->2563 2571->2570 2580->2581 2583 5a9f45a-5a9f45d 2581->2583 2584 5a9f460-5a9f48b GetModuleHandleW 2581->2584 2583->2584 2585 5a9f48d-5a9f493 2584->2585 2586 5a9f494-5a9f4a8 2584->2586 2585->2586
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 07eb0af9f230d2de775fd182339d9e892d9f2ab565bb9c21d5f814379360804e
                        • Instruction ID: 7ed38a4acb078b2707b40a3a9f6abe787a51127ead5a796044d10df54edcbc9a
                        • Opcode Fuzzy Hash: 07eb0af9f230d2de775fd182339d9e892d9f2ab565bb9c21d5f814379360804e
                        • Instruction Fuzzy Hash: 86814970A00B159FDB29DF29D444B6ABBF1FF88304F10892DD49AD7A54D734E849CB90
                        Function 015CF2A8 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2506519629.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_15c0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: eb8e1e33afc5b758e0ff1ba5959230c3424eb3dedf78be6e25a6f5b9843ff0c2
                        • Instruction ID: efca02ecb9bcffc6d5cccabe6611b68385529e4634f2864e3156447c3d5344b9
                        • Opcode Fuzzy Hash: eb8e1e33afc5b758e0ff1ba5959230c3424eb3dedf78be6e25a6f5b9843ff0c2
                        • Instruction Fuzzy Hash: B6412272E043998FCB04CFB9D8146AEBFF5AF89210F1485ABD504EB251EB749845CBE1
                        Function 015C70A8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                        Download Yara Rule
                        APIs
                        • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 015C7127
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2506519629.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_15c0000_InstallUtil.jbxd
                        Similarity
                        • API ID: CheckDebuggerPresentRemote
                        • String ID:
                        • API String ID: 3662101638-0
                        • Opcode ID: 9a957136d02932a24473aed5e63a39d3d2491b3b0c001de9fc1b973afe64e386
                        • Instruction ID: cf1ae81f4d3688fc27cd32372e86a6f3e1f83ceed786c58557f03c8439622ede
                        • Opcode Fuzzy Hash: 9a957136d02932a24473aed5e63a39d3d2491b3b0c001de9fc1b973afe64e386
                        • Instruction Fuzzy Hash: 9E2124B1D002598FDB14CF9AD484BEEBBF4BF88310F15846AE459B7250D3789945CF60
                        Function 05A97058 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05A970E7
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: f239b1e6dc57463e322f0e6842832e837c925ed06fe7a5ef38e0638771035a98
                        • Instruction ID: 44624932708b5a9bb80da4141bcd3fc580a66889d4d713ff2edc409d6115a453
                        • Opcode Fuzzy Hash: f239b1e6dc57463e322f0e6842832e837c925ed06fe7a5ef38e0638771035a98
                        • Instruction Fuzzy Hash: 8F21E3B5D10219EFDB10CFAAD984ADEBBF8FB48310F14841AE958A3210D374A944CFA1
                        Function 05A97060 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05A970E7
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 482adb5a5a8f749638a816abada402e4c0332a4c2135963c294b4fc6aa9ac0a0
                        • Instruction ID: 1c9b24f5f1ad679fd84153a72e0a8437829a2a3ef012c6d16d1fb544291f918d
                        • Opcode Fuzzy Hash: 482adb5a5a8f749638a816abada402e4c0332a4c2135963c294b4fc6aa9ac0a0
                        • Instruction Fuzzy Hash: EB21E2B5D10219AFDB10CFAAD984ADEBBF8FB48310F14801AE918A3310D374A944CFA1
                        Function 05A9F678 Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 05A9F6EA
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 9ba06d8546b61874f00bf8e6c3687140d0c8660bce047f7bd6923b35edc5238e
                        • Instruction ID: 38f3adb8a1a6b1941e1ca756a998623bb4bccbb206b923dacd9d4b87822782aa
                        • Opcode Fuzzy Hash: 9ba06d8546b61874f00bf8e6c3687140d0c8660bce047f7bd6923b35edc5238e
                        • Instruction Fuzzy Hash: F12103B6C042499FDB14DFAAD844ADEFBF8FB48310F10841AE529B7210C775A949CFA5
                        Function 015CF390 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • GlobalMemoryStatusEx.KERNELBASE ref: 015CF3F7
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2506519629.00000000015C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_15c0000_InstallUtil.jbxd
                        Similarity
                        • API ID: GlobalMemoryStatus
                        • String ID:
                        • API String ID: 1890195054-0
                        • Opcode ID: eeffb69b559a5dd35efe6b4905b7f0f3062fda573da6aa677d14bad8020f5932
                        • Instruction ID: 3dedc3c21d35f45c91ebb1d2272240ba40303cee6b836afd52e82e30df950a0b
                        • Opcode Fuzzy Hash: eeffb69b559a5dd35efe6b4905b7f0f3062fda573da6aa677d14bad8020f5932
                        • Instruction Fuzzy Hash: 5F110DB1C002599BDB10DFAAD444B9EFBF4BB48720F11816AD818B7240D378A944CFA1
                        Function 05A9F680 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 05A9F6EA
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 642b8867e0afacc5eafb4ae87d1a3e67fce8ea1487de3e235af86729a64fe6ca
                        • Instruction ID: 5a5a0300a2ffac80967e571928fa294cd92c2bb62b949449fb2d9d97dc158369
                        • Opcode Fuzzy Hash: 642b8867e0afacc5eafb4ae87d1a3e67fce8ea1487de3e235af86729a64fe6ca
                        • Instruction Fuzzy Hash: 1211F3B6C003499FDB14CFAAD444ADEFBF8BB48310F14842AD529B7210C375A545CFA5
                        Function 05A9E15C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,05A9F244), ref: 05A9F47E
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: beab45e7fa3c702dc2b639def831ccf74eed817c274addc9272d5321951e645b
                        • Instruction ID: 68dd950ba49e4d5df2ef0122af985f831e2025d7d88e44f235527e4701ae1aec
                        • Opcode Fuzzy Hash: beab45e7fa3c702dc2b639def831ccf74eed817c274addc9272d5321951e645b
                        • Instruction Fuzzy Hash: D8113FB1C003088FDB14DF9AD448A9EFBF4FB88214F10C42AD929B7214D378A945CFA1
                        Function 05A97120 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05A970E7
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513092198.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_5a90000_InstallUtil.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 9ed47063cc50a43ab1abbc693a839160dc31a46306d6f98c41257d54001ea623
                        • Instruction ID: a26ac6864ae3b23e980b5e095ad1e73078f71b79c64498b5f01ea39ba84ce749
                        • Opcode Fuzzy Hash: 9ed47063cc50a43ab1abbc693a839160dc31a46306d6f98c41257d54001ea623
                        • Instruction Fuzzy Hash: 6DF0E2328193848ECB21DBA9E4183CDBFF0AF46310F18C04BC059E7262C2784049CB72
                        Function 066D4810 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: XPdq
                        • API String ID: 0-1708276200
                        • Opcode ID: ad67f1abecc74d2f465a17a89ed2769fdadc13cab4b74df876cdd87fdcd28b60
                        • Instruction ID: d30b62cc4c69879a45a6793af8c00511161a2bcbaab606d3d642cfc97aad9230
                        • Opcode Fuzzy Hash: ad67f1abecc74d2f465a17a89ed2769fdadc13cab4b74df876cdd87fdcd28b60
                        • Instruction Fuzzy Hash: AA415D74F102099FDB54DFA5C854BAEBBF6FF88700F20852AD245AB395DA744C05CB91
                        Function 066DDB85 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q
                        • API String ID: 0-2397113591
                        • Opcode ID: aafc15bc38d5b39b85b1ab6640fe385a97cdf72ab579c073d4fc737e40bc000a
                        • Instruction ID: 953d32bc4a55bd3b6d51e283710be9a61b642465226c7f063ab1bb59b688484d
                        • Opcode Fuzzy Hash: aafc15bc38d5b39b85b1ab6640fe385a97cdf72ab579c073d4fc737e40bc000a
                        • Instruction Fuzzy Hash: A0417E70E0024A9FDB65EF64C5546AEBBB6BF85344F20492AE406E7344DB749846CB81
                        Function 066D2297 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q
                        • API String ID: 0-2397113591
                        • Opcode ID: 6da962a879867ffbe070c3bd218c7b5375debebbea6a8759033d4ee2675dee96
                        • Instruction ID: d6f743a72e0d914dfccfda2bb6b34ca58706914ae4b4a3c9e4ccc9d564301464
                        • Opcode Fuzzy Hash: 6da962a879867ffbe070c3bd218c7b5375debebbea6a8759033d4ee2675dee96
                        • Instruction Fuzzy Hash: F631CD30F002018FDB599B74C4646AF7BEAEB85240F154538E506EB394EE39DD06CB91
                        Function 066D22A8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: PH_q
                        • API String ID: 0-2397113591
                        • Opcode ID: 2f01268bcdc1fbcee69cfc9c97245c516082884df59d7f7b15e4a35109ec1f0c
                        • Instruction ID: 6d22e373da98769f4732e74c30e3b99e0dbf98243a4b46968c6627dac32b7827
                        • Opcode Fuzzy Hash: 2f01268bcdc1fbcee69cfc9c97245c516082884df59d7f7b15e4a35109ec1f0c
                        • Instruction Fuzzy Hash: 4631BE30F002019FDB599B74C56466F7BEAAB89204F144528E506EB394DE38DD06CBA1
                        Function 066D4709 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: \Odq
                        • API String ID: 0-4257893106
                        • Opcode ID: 3d70a1c0e8bb0df75f5f64294da86e9acdbbf332aef9001b58447a72d816c2ec
                        • Instruction ID: 22e95958c5f03eb82ea6f37d27f2cae92f755bdf9779974711643ffe2698ef82
                        • Opcode Fuzzy Hash: 3d70a1c0e8bb0df75f5f64294da86e9acdbbf332aef9001b58447a72d816c2ec
                        • Instruction Fuzzy Hash: 57F0FE34E20119EFDB54DF94E8597AEBBB6FF84701F204519E502A7294CB741C45CBC0
                        Function 066D2B93 Relevance: .4, Instructions: 443COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c33775afe951c879d4c50d2594be73c27813957bddea415c2ad21b746e143248
                        • Instruction ID: b04a024483089a426c85654bbebf9cf279f1e4dab1b9c8423413d3c91e064d40
                        • Opcode Fuzzy Hash: c33775afe951c879d4c50d2594be73c27813957bddea415c2ad21b746e143248
                        • Instruction Fuzzy Hash: 78027734E006048FCBA4CB64C994AADBBF2FF85354F54C8A9D519AB360DB35ED46CB81
                        Function 066D5EB8 Relevance: .2, Instructions: 229COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 90d7b6bb6437cad8ccb7d435c48c83e47f616ce4084d4c9d56f24ef198892d90
                        • Instruction ID: faf71d9e2083eb737becc2317c6682b9e4e134974c79bf7ab5bda3f682e20495
                        • Opcode Fuzzy Hash: 90d7b6bb6437cad8ccb7d435c48c83e47f616ce4084d4c9d56f24ef198892d90
                        • Instruction Fuzzy Hash: 216180B1F401214FDB549A7EC88466FBADBAFC4224B154439E80EDB364DE75DD0287D2
                        Function 066D3F59 Relevance: .2, Instructions: 224COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6235eada911cc4bfa25c888c789a4d6d873773278dc71ca4beb0318c08c341fd
                        • Instruction ID: e779a64b2bc64bbdc4ee324b97c3a126c8fe76529c1f37acf12b42ebc9488090
                        • Opcode Fuzzy Hash: 6235eada911cc4bfa25c888c789a4d6d873773278dc71ca4beb0318c08c341fd
                        • Instruction Fuzzy Hash: 82814930F1020A9BDB54DFA8D5907AEB7F2EF88304F108529D50AEB394EE35DC468B91
                        Function 066D4274 Relevance: .2, Instructions: 218COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 156e38e94af5072a38650e7164f4e1bd05d4e92c861785cdb382de4c1a08e811
                        • Instruction ID: c6f4b3c807a2299a8cf01577f1fd2ce0a4d7e95de304e4d7883d2d4f524c3106
                        • Opcode Fuzzy Hash: 156e38e94af5072a38650e7164f4e1bd05d4e92c861785cdb382de4c1a08e811
                        • Instruction Fuzzy Hash: 36914D34E1061A8BDF60DF68C880B9DB7B1FF89304F208699D549AB355DB70AE85CF91
                        Function 066D4288 Relevance: .2, Instructions: 210COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 80f4053deff625695de4b089e3e9aa809aabe71652a7d46d72db6b29074f4b5a
                        • Instruction ID: f68f75a8ab32b1dfae9046a217a3097a69568144bbffcad932821a8033a6d8d4
                        • Opcode Fuzzy Hash: 80f4053deff625695de4b089e3e9aa809aabe71652a7d46d72db6b29074f4b5a
                        • Instruction Fuzzy Hash: AE913C34E1061A8BDF60DF68C880B9DB7B1FF89304F208699D549AB355DB70AE85CF91
                        Function 066DEBF0 Relevance: .2, Instructions: 201COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0e70a85b41e7f585bfa3cc837e34241d161faa5734f948697daa2e2e5c6d3560
                        • Instruction ID: 71bd6b8b98a56e4b4bf22d7424d2f45b74acacd567513d3d9a877a2ed5caa5e8
                        • Opcode Fuzzy Hash: 0e70a85b41e7f585bfa3cc837e34241d161faa5734f948697daa2e2e5c6d3560
                        • Instruction Fuzzy Hash: F971F570E002099FDB54DFA9C994AADBBF6FF88300F148429E415EB368DB35AC46CB50
                        Function 066DEBE3 Relevance: .2, Instructions: 200COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cc92f72f16580704ddd79aa7bfe64298e25df619dde3be1182b0bc64c7c96f7c
                        • Instruction ID: f95a1706090b7436db570ec0b6f95050d2df9c74f31d9e23a823dbbb4a7b6c06
                        • Opcode Fuzzy Hash: cc92f72f16580704ddd79aa7bfe64298e25df619dde3be1182b0bc64c7c96f7c
                        • Instruction Fuzzy Hash: E8711630E002499FDB54DBA9C990AADBBF6FF88300F148429E019EB364DB31A846CB50
                        Function 066DFD58 Relevance: .2, Instructions: 177COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: aaac278c06a159a3db2f79c072809a6f7f3570cefdbc86d62b69b68985094141
                        • Instruction ID: 86d375b7c7e42bea17827dbaa0ac0f4aeec22b1b4087d7ef13980d3d7418f8f3
                        • Opcode Fuzzy Hash: aaac278c06a159a3db2f79c072809a6f7f3570cefdbc86d62b69b68985094141
                        • Instruction Fuzzy Hash: 6F51CD31E00109AFCF64EFB8E4546ADBBB2FF89315F10886AE10AE7351DB359955CB81
                        Function 066DF700 Relevance: .2, Instructions: 170COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d60935b3b7bf5f69b5b926ccbc5f1ad729851a9df57cdc5e1a4a0eb3988c35b3
                        • Instruction ID: 8d4432f0ec85701e100bd867de6f1fc6de4c9b85d14ce89491cf4f11c4db3361
                        • Opcode Fuzzy Hash: d60935b3b7bf5f69b5b926ccbc5f1ad729851a9df57cdc5e1a4a0eb3988c35b3
                        • Instruction Fuzzy Hash: D451C870F10205ABEF645A7CD99476F26AAE789710F20483DE40FD73A8C97DCC4583A2
                        Function 066DF710 Relevance: .2, Instructions: 163COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 916738630c60d9892b912bb82b2aec7a72d64e0270df39b322086e04549b4421
                        • Instruction ID: cf331c9c7cb6c0d9daf2f1696038cc8ba8d303fca27e790cb66a3ac647d842ae
                        • Opcode Fuzzy Hash: 916738630c60d9892b912bb82b2aec7a72d64e0270df39b322086e04549b4421
                        • Instruction Fuzzy Hash: 5C51B470F10216ABEF645A6CD99476F26AAD789710F20483EE40FD73A8C97DCC4583A2
                        Function 066D5249 Relevance: .2, Instructions: 151COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8205759dc75b3fc031ddeeed7723669c5afe8315bf529b900c7a7333aec89c13
                        • Instruction ID: ba4b62b3ad19ff173c4415ac2dde3675cefb608c2fc70c31c888fea8519c6c26
                        • Opcode Fuzzy Hash: 8205759dc75b3fc031ddeeed7723669c5afe8315bf529b900c7a7333aec89c13
                        • Instruction Fuzzy Hash: 5651B371E106198BDF64CB68C480BBEBBB2FB45310F248926E416DBB85D774DC91CB91
                        Function 066D50C8 Relevance: .1, Instructions: 132COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b96445a6c1941d5aa7fcb6748c961c5731f484377c312b5f1422d335977f2ba6
                        • Instruction ID: 2bb39e1e2b72a53408f85d11455a9eec4990ecb68ff4300b8a2c498b5354c63e
                        • Opcode Fuzzy Hash: b96445a6c1941d5aa7fcb6748c961c5731f484377c312b5f1422d335977f2ba6
                        • Instruction Fuzzy Hash: EA414D71E106099FDF70CEA9DCC1AAFF7B2FB94314F10492AE216D7A50D330A9598B91
                        Function 066D45A8 Relevance: .1, Instructions: 121COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a57b84bdd45866cc891fe07c7938150a8e7feb97253fa919a7bd6f4f9934155d
                        • Instruction ID: 1edc3a37c19561026bffb639b1428b27f18578bd8b252a14883b2cbbdf99d298
                        • Opcode Fuzzy Hash: a57b84bdd45866cc891fe07c7938150a8e7feb97253fa919a7bd6f4f9934155d
                        • Instruction Fuzzy Hash: 72416D30E102049FDB54DB69C494BAEBBF2FF89305F258569E40ADB3A0CA35DC45CB91
                        Function 066D4598 Relevance: .1, Instructions: 120COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e2d44203a2de6d8abb86f032fbb198c29cb657ae6ee490ae99d4e67e7f6df3a4
                        • Instruction ID: 22eef99e6ee0bcde6bbde4ba9758a2f3423babfd5c7ca945985c73bab9fc1e74
                        • Opcode Fuzzy Hash: e2d44203a2de6d8abb86f032fbb198c29cb657ae6ee490ae99d4e67e7f6df3a4
                        • Instruction Fuzzy Hash: E4416B30E101099FDB54DB69C494BAEBBF2FF89304F258569E40ADB3A0DA35DC45CB91
                        Function 066D2158 Relevance: .1, Instructions: 95COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5090ebce082e11d9c94026a0ad3182b57c28812e7742f21c2f5fa1f7d387aae
                        • Instruction ID: 78b37da6e044f3e556b6485d5553bdb10e9ecb2d668f2f3b37edcb4b2431e11a
                        • Opcode Fuzzy Hash: a5090ebce082e11d9c94026a0ad3182b57c28812e7742f21c2f5fa1f7d387aae
                        • Instruction Fuzzy Hash: 0F317030E1024A9BCB58CF64D8A46AEF7B6FF89304F10C529EA06E7754DB71AD46CB50
                        Function 066D2168 Relevance: .1, Instructions: 91COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fb74d888d0c23a333e1eedfca30426a06d4c3a039b39a0dc95c7db46f16a4105
                        • Instruction ID: 1eaabfd45b7a85077c9fbc53d419a3ad50bb1fc6a8ac6842e0bcb1ac8e9735f5
                        • Opcode Fuzzy Hash: fb74d888d0c23a333e1eedfca30426a06d4c3a039b39a0dc95c7db46f16a4105
                        • Instruction Fuzzy Hash: FC316130E1024A9BCB58CF64D8A469EF7BAFF89300F10C529EA06E7354DB71AD46CB50
                        Function 066D3B61 Relevance: .1, Instructions: 80COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 578f0e0c8794e238f16f388edadb19150c087d2cb36a1522b7f5e7668ab59e93
                        • Instruction ID: 014ec63da8c25d81ac3c43ee8b9c59feb0c8611252ddf5743be7e6f8bfda3d5e
                        • Opcode Fuzzy Hash: 578f0e0c8794e238f16f388edadb19150c087d2cb36a1522b7f5e7668ab59e93
                        • Instruction Fuzzy Hash: 8F215A75E002169FDB50DFA9D980AAEB7F5EB48610F108129E905F7390E735D9418B92
                        Function 066D3B70 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 153b1d92b91ef36f24d6d15a8afe89ec1d70967b76b9197f99a056e8072a6738
                        • Instruction ID: 91c06ea3802896903c74cb1a5c5d09bb8e47166bc236d2546732305e2ab2250d
                        • Opcode Fuzzy Hash: 153b1d92b91ef36f24d6d15a8afe89ec1d70967b76b9197f99a056e8072a6738
                        • Instruction Fuzzy Hash: 8B216975E002169FDB50DFA9D980AAEBBF1EB48710F108029E905F7390E739DC418B92
                        Function 012FD006 Relevance: .1, Instructions: 78COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2505038531.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_12fd000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c5740bd773a9022021e7db8d1d05be83290a3ee60798617d0fcb09f5bff0a02e
                        • Instruction ID: e0f99567bf5448b09888fd6f09d80722ad7340e33730cd7a724a6dd2d513c5a0
                        • Opcode Fuzzy Hash: c5740bd773a9022021e7db8d1d05be83290a3ee60798617d0fcb09f5bff0a02e
                        • Instruction Fuzzy Hash: 5F313C7110D3C49FD703CB64D994711BF71AF47214F2985EBD9898F2A3C23A980ACB62
                        Function 012FD044 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2505038531.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_12fd000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e13a7ac40d9f62f4aca3fb67709188ca484e17d89cda4eb75a57d1a516876670
                        • Instruction ID: 3df429bfcfe8a58f1e4f91977cf81cbccc0cac5a3862f7a353394d8597f2dd9c
                        • Opcode Fuzzy Hash: e13a7ac40d9f62f4aca3fb67709188ca484e17d89cda4eb75a57d1a516876670
                        • Instruction Fuzzy Hash: 1C2122715142089FDB11CF68C9C0B26FB65FB84314F20C5BDEA494B356C77AD446CA62
                        Function 066D3C80 Relevance: .1, Instructions: 59COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85254fd8dfe8ee359674eb322e062a2a07aa6890a47a57266807a79dd83e8cd9
                        • Instruction ID: 898c3da8af89ba57d7790d9c32b190a1d4ba6c84c6ca1126d7a69575fa1f5470
                        • Opcode Fuzzy Hash: 85254fd8dfe8ee359674eb322e062a2a07aa6890a47a57266807a79dd83e8cd9
                        • Instruction Fuzzy Hash: FE11A131F101299BDB549A78D8546EF73AAEBC9311F008839C50AF7340EE64DC028BE2
                        Function 066D3EB7 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 85777052d1c3e9a806596c955eb4a4010ff1e05b734c1966c59be7fe6122d76b
                        • Instruction ID: 4cbc21d8f5fc79b9344504cb3a0214e458ebc5fe618be63d524698815f2cd87b
                        • Opcode Fuzzy Hash: 85777052d1c3e9a806596c955eb4a4010ff1e05b734c1966c59be7fe6122d76b
                        • Instruction Fuzzy Hash: 0401D231F001450FDB61893CA4107AFBBE6DFCA620F24887AE10AD7356E965CC028391
                        Function 066D3939 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a96c7376574f9f29030f96c811844397d2047a8490dbdc32f5e4474319a835e
                        • Instruction ID: b62d955704133eb45bb13658f1854d8b5db19e407163003f88ad86aae41c58b5
                        • Opcode Fuzzy Hash: 2a96c7376574f9f29030f96c811844397d2047a8490dbdc32f5e4474319a835e
                        • Instruction Fuzzy Hash: 1D21EDB1D01259AFCB00CFAAD885ADEFFB4BB49310F10816AE918B7340D375A944CFA5
                        Function 066DA3D1 Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 34203a3d15e80aeca2e1b981b10cd135833e7a8b3e525b080e10fd5f7b1028ef
                        • Instruction ID: a3a5d3c1b50689e759c66dfd19c21abf6f03839cf00b5563c24a1b831d8f30d1
                        • Opcode Fuzzy Hash: 34203a3d15e80aeca2e1b981b10cd135833e7a8b3e525b080e10fd5f7b1028ef
                        • Instruction Fuzzy Hash: 56012631F041085BCB90DA6CE96476F77DAEB86B10F108938E60ED7358DE25EC064791
                        Function 066DEE61 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f7330535a20f55dabf5d0e8b413eb54814163b8b8a3a64bd7722758f74e27fc8
                        • Instruction ID: e2bd0347bfd6c8cd95276557b9ea751e0ac680f76222599290f2f9f3912e7821
                        • Opcode Fuzzy Hash: f7330535a20f55dabf5d0e8b413eb54814163b8b8a3a64bd7722758f74e27fc8
                        • Instruction Fuzzy Hash: 5101A231F005154BCBA4DA3CD890B2FB7DAEBC9614F10883DE60ACB359EE26DC064389
                        Function 066D3C71 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2b2db75bcf9fe323f497951c43c16487eeeb5977066a80d4cd5a9a9012b710b1
                        • Instruction ID: 310d84fb94c9549b3d126a0b4c53890026707db9a2d589da1f1ddc62132fa13e
                        • Opcode Fuzzy Hash: 2b2db75bcf9fe323f497951c43c16487eeeb5977066a80d4cd5a9a9012b710b1
                        • Instruction Fuzzy Hash: 7101A732F100295BDB949978DC546EF73AADBC9711F004535C50AF7380EF658C0647E2
                        Function 066D3940 Relevance: .1, Instructions: 52COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e334459a30372768d1c8864a2341d1b8ee14e84d365e1e101f310aee8d5be3ff
                        • Instruction ID: f3f2628a523827f20e14689b920f82b622a58022aa566a89d9978244be9604d3
                        • Opcode Fuzzy Hash: e334459a30372768d1c8864a2341d1b8ee14e84d365e1e101f310aee8d5be3ff
                        • Instruction Fuzzy Hash: 3F11CBB1D01259ABCB00DF9AD884ACEFBB8BB49310F50812AE918B7300D375A944CBA5
                        Function 066D3EC8 Relevance: .1, Instructions: 51COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7479b9aca7905b16b8b03cc822602714a113a79c3b5196bb954d5899148f4dd9
                        • Instruction ID: 4af0c19c3227e1a126be6df4346498da5ee290330a6d25c43526bb156cc40695
                        • Opcode Fuzzy Hash: 7479b9aca7905b16b8b03cc822602714a113a79c3b5196bb954d5899148f4dd9
                        • Instruction Fuzzy Hash: 3701D131F0001A4BDB60D96DE51072BB3DADBCAB60F20883AF20ED7395EE65DC024392
                        Function 066DEE70 Relevance: .0, Instructions: 49COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c68e6fae3e234b2761fc0e6639cee76517716fb1b840caea2837516f92c37c8c
                        • Instruction ID: e759af834207293c5a1f668cd4740d3f880d30f32a4392dd6ce38368db00b00e
                        • Opcode Fuzzy Hash: c68e6fae3e234b2761fc0e6639cee76517716fb1b840caea2837516f92c37c8c
                        • Instruction Fuzzy Hash: F201A431F104150BCBA4DA3CD450B2F77DAEBC9A20F10883DE20ACB354EE26DC064395
                        Function 066DA3E0 Relevance: .0, Instructions: 46COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 19b808f726e1e8582b862e2ec579064ddb793cf39aab0bd464e5700f50df1ae3
                        • Instruction ID: 1122858390b37d0fe0facc86c26dd408a8b04727aa5cf831faf117252b359520
                        • Opcode Fuzzy Hash: 19b808f726e1e8582b862e2ec579064ddb793cf39aab0bd464e5700f50df1ae3
                        • Instruction Fuzzy Hash: 72018131F041155BDB50DAACE85476FB3DAEB86B10F108839E60AD7758EE25DC068791
                        Function 066DAFE8 Relevance: .0, Instructions: 44COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0814f10cbab314fc1a1ab9ed3cccaffc3de7e9220f7d4e1a10b1d2c262bb2617
                        • Instruction ID: ca5b927021087a72809eda8260a8e0bf8f84854c5f621db115ac7d23230aa271
                        • Opcode Fuzzy Hash: 0814f10cbab314fc1a1ab9ed3cccaffc3de7e9220f7d4e1a10b1d2c262bb2617
                        • Instruction Fuzzy Hash: 1601F4B1E102098BDF608A68D5407AEBBB8EB453A0F01443AD51AD7344D6319C4587C1
                        Function 066D6540 Relevance: .0, Instructions: 28COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 04f071f009fd8f13b834cddc8114a417ce97935dbc7681002993181d968c921b
                        • Instruction ID: f236454ae6ea49e3fe9298b2d091336e08140841d0789a7d86eb7017d2c2a2bf
                        • Opcode Fuzzy Hash: 04f071f009fd8f13b834cddc8114a417ce97935dbc7681002993181d968c921b
                        • Instruction Fuzzy Hash: 2EE04871E2010DA7DB50DEB4CD8579AB7B9F701244F2085A5D409CB246E536DA428750

                        Non-executed Functions

                        Function 066D7770 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-698649689
                        • Opcode ID: fc57a20e62abdaffe1b3a2ab957b35d586630c34c4edbcc0b6158e12e6730505
                        • Instruction ID: 483b60ea29f680cc0fbef86f4ea60731b933534757b17d6defe17a65c17638c0
                        • Opcode Fuzzy Hash: fc57a20e62abdaffe1b3a2ab957b35d586630c34c4edbcc0b6158e12e6730505
                        • Instruction Fuzzy Hash: 7B123E30E0061ADFDB68DF65C954AADBBF2BF88304F208569D509AB364DB709D45CF81
                        Function 066DAA00 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-2216122830
                        • Opcode ID: 5082ec3afec723db351031cf015bd8f36c419a00d2ee639c39b1794cf0175321
                        • Instruction ID: ae5f319adb3d37f113160815b9c4883d2e538e50ad5b6699261389bc7ec38da7
                        • Opcode Fuzzy Hash: 5082ec3afec723db351031cf015bd8f36c419a00d2ee639c39b1794cf0175321
                        • Instruction Fuzzy Hash: 23916E30E1420ADFEB68DFA4D954BAE7BB6FF84700F108529E401AB394DB749C46CB91
                        Function 066D7170 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: .5wq$$_q$$_q$$_q$$_q$$_q$$_q
                        • API String ID: 0-3129995876
                        • Opcode ID: 4705923a4f4a6215a03842482f075bb58a5b529dc0cb1c1b539aca2e2b988857
                        • Instruction ID: 5e4b118b2849658994729020272ad6b6c66a3e4942913786fb21e35cdd493a71
                        • Opcode Fuzzy Hash: 4705923a4f4a6215a03842482f075bb58a5b529dc0cb1c1b539aca2e2b988857
                        • Instruction Fuzzy Hash: 22F13034E00209DFDB59DFA4D554A6EBBB2FFC4345F248568D405AB3A8DB39AC42CB42
                        Function 066D84A0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q
                        • API String ID: 0-1171383116
                        • Opcode ID: 461c4004a7ee9ba30f240494f2f480e30e2f6383d1722e4d210b711d1a5557b3
                        • Instruction ID: 9fd6ac4622acccdb85ab3f80ae56e3c0281d72c7e8f34227a8fecfad1e28ab9a
                        • Opcode Fuzzy Hash: 461c4004a7ee9ba30f240494f2f480e30e2f6383d1722e4d210b711d1a5557b3
                        • Instruction Fuzzy Hash: F2B13C30E1020A9FDB54DF65C9986AEB7B2FF84304F24896DD406AB398DB75DC46CB80
                        Function 066D88B8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: LR_q$LR_q$$_q$$_q
                        • API String ID: 0-2912794808
                        • Opcode ID: 0478061351aa0f610eac1c0ba93f30ad5c093b7e238315cde34522e26216abe2
                        • Instruction ID: 5ef5dc616e558563a558345f46b76c8a25a50b47fe6631f149816fd64465462d
                        • Opcode Fuzzy Hash: 0478061351aa0f610eac1c0ba93f30ad5c093b7e238315cde34522e26216abe2
                        • Instruction Fuzzy Hash: 0351BD30F102069FDB58DF28C844A6AB7E2FF88300F14856CE406AB3A5DA34EC05CB92
                        Function 066DAD88 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000C.00000002.2513859014.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_12_2_66d0000_InstallUtil.jbxd
                        Similarity
                        • API ID:
                        • String ID: $_q$$_q$$_q$$_q
                        • API String ID: 0-1171383116
                        • Opcode ID: 3de08672ca996f4af894b4d6f9c2d4d288bc5b91afa49bec5ae58b7963f64f20
                        • Instruction ID: 2f17c59da21cbc4edb11ecd9b4cb8c9b2cbd0ef7d6fa9ffd36b40bf59d2b925a
                        • Opcode Fuzzy Hash: 3de08672ca996f4af894b4d6f9c2d4d288bc5b91afa49bec5ae58b7963f64f20
                        • Instruction Fuzzy Hash: 84518D70E142069FDFA4DFA4D9806AEB7B6FB88700F548969E405EB354DB34EC42CB91